Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Iea14d26e6937472d1ac4b8f441bd59c959d2deb0
2018-02-13 11:54:29 +07:00 · 2018-02-13 11:54:29 +07:00 · 7a1190b99d
parent 50f29bc828
commit 7a1190b99d
1 changed files with 1 additions and 1 deletions
--- a/transform.py
+++ b/transform.py
@ -60,7 +60,7 @@ class LocalResolver(jsonschema.RefResolver):


 def main():
-    mapping = yaml.load(open('service-types.yaml', 'r'))
+    mapping = yaml.safe_load(open('service-types.yaml', 'r'))

    mapping['version'] = datetime.datetime.utcnow().isoformat()
    mapping['sha'] = subprocess.check_output(