Switch to PyYaml safe_load

The load() call from PyYaml is considered a higher security risk in that it uses the FullLoader. safe_loade() is considered more safe by using the SafeLoader instead. Since the 5.1 release of PyYaml added warning output when using load(), this switches over to safe_load() to avoid the unnecessary noise. Change-Id: I1949deed094822d2c2c56659eadb1fc5ea6a59e5 Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
2020-07-27 16:18:19 -05:00 · 2020-07-27 16:18:19 -05:00 · 08cd1fb33c
commit 08cd1fb33c
parent b272ef96ba
3 changed files with 4 additions and 4 deletions
--- a/tools/aclissues.py
+++ b/tools/aclissues.py
@ -85,7 +85,7 @@ def main(args=sys.argv[1:]):
    projectsyaml = os.path.join(args.project_config_repo,
                                'gerrit', 'projects.yaml')
    acl = {}
-    config = yaml.load(open(projectsyaml))
+    config = yaml.safe_load(open(projectsyaml))
    for project in config:
        aclfilename = project.get('acl-config')
        if aclfilename:
@ -98,7 +98,7 @@ def main(args=sys.argv[1:]):
    aclbase = os.path.join(args.project_config_repo, 'gerrit', 'acls')
    governanceyaml = os.path.join(args.governance_repo,
                                  'reference', 'projects.yaml')
-    teams = yaml.load(open(governanceyaml))
+    teams = yaml.safe_load(open(governanceyaml))
    for tname, team in teams.items():
        if is_a_team_exception(tname):
            continue
--- a/tools/aclmanager.py
+++ b/tools/aclmanager.py
@ -72,7 +72,7 @@ label-Workflow = -1..+1 group {group}
    # Load repo/aclfile mapping from Gerrit config
    projectsyaml = os.path.join(args.repository, 'gerrit', 'projects.yaml')
    acl = {}
-    config = yaml.load(open(projectsyaml))
+    config = yaml.safe_load(open(projectsyaml))
    for project in config:
        aclfilename = project.get('acl-config')
        if aclfilename:
--- a/tools/membership_freeze_test.py
+++ b/tools/membership_freeze_test.py
@ -37,7 +37,7 @@ def in_governance_but_not_released(args):
    dirs = [args.series, '_independent']

    with open(args.projects_yaml, 'r') as projects:
-        teams = yaml.load(projects)
+        teams = yaml.safe_load(projects)
        for tname, team in teams.items():
            if tname in TEAM_EXCEPTIONS:
                continue