Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Iea14d26e6937472d1ac4b8f441bd59c959d2deb0
This commit is contained in:
parent
50f29bc828
commit
7a1190b99d
|
@ -60,7 +60,7 @@ class LocalResolver(jsonschema.RefResolver):
|
|||
|
||||
|
||||
def main():
|
||||
mapping = yaml.load(open('service-types.yaml', 'r'))
|
||||
mapping = yaml.safe_load(open('service-types.yaml', 'r'))
|
||||
|
||||
mapping['version'] = datetime.datetime.utcnow().isoformat()
|
||||
mapping['sha'] = subprocess.check_output(
|
||||
|
|
Loading…
Reference in New Issue