d27cd0ea4e
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I021bd09d3bbc6d4b9c8965c59c7f4ec4895f8b8b
34 lines
1.3 KiB
Python
34 lines
1.3 KiB
Python
# Copyright 2016 - Nokia Corporation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
import yaml
|
|
|
|
|
|
def load(stream):
|
|
try:
|
|
yaml_dict = yaml.safe_load(stream, Loader=yaml.BaseLoader)
|
|
except yaml.YAMLError as exc:
|
|
msg = 'An error occurred during YAML parsing.'
|
|
if hasattr(exc, 'problem_mark'):
|
|
msg += ' Error position: (%s:%s)' % (exc.problem_mark.line + 1,
|
|
exc.problem_mark.column + 1)
|
|
raise ValueError(msg)
|
|
|
|
if not isinstance(yaml_dict, dict) and not isinstance(yaml_dict, list):
|
|
raise ValueError('The source is not a YAML mapping or list.')
|
|
|
|
if isinstance(yaml_dict, dict) and len(yaml_dict) < 1:
|
|
raise ValueError('Could not find any element in your YAML mapping.')
|
|
|
|
return yaml_dict
|