a2c1d16fe6
Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Because yaml.load return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load limits this ability to simple Python objects like integers or lists. In addition, Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). Thus I replace yaml.load() with yaml.safe_load() [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Id83e2a28355ba09cf22ea4e422de9b39e4f03c5e Closes-Bug: #1634265 |
||
---|---|---|
doc/source | ||
releasenotes | ||
tools | ||
tripleoclient | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.testr.conf | ||
CONTRIBUTING.rst | ||
LICENSE | ||
README.rst | ||
babel.cfg | ||
bindep.txt | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Team and repository tags
tripleoclient
tripleoclient is an OpenStackClient (OSC) plugin implementation that implements commands useful for TripleO and the install and management of both an undercloud and an overcloud.
See the TripleO Documentation for details on using tripleoclient.