Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Ib825121510cc83384f738fb9eabd9821db57d28a
This commit is contained in:
parent
80859a9349
commit
e58f0dd180
@ -48,7 +48,7 @@ class BaseImageManager(object):
|
||||
for config_file in self.config_files:
|
||||
if os.path.isfile(config_file):
|
||||
with open(config_file) as cf:
|
||||
data = yaml.load(cf.read()).get(section)
|
||||
data = yaml.safe_load(cf.read()).get(section)
|
||||
if not data:
|
||||
return None
|
||||
self.logger.debug('%s JSON: %s' % (section, str(data)))
|
||||
|
@ -26,7 +26,7 @@ class TestBaseImageManager(testbase.TestCase):
|
||||
def setUp(self):
|
||||
super(TestBaseImageManager, self).setUp()
|
||||
|
||||
@mock.patch('yaml.load', autospec=True)
|
||||
@mock.patch('yaml.safe_load', autospec=True)
|
||||
@mock.patch('os.path.isfile', autospec=True)
|
||||
def test_load_config_files(self, mock_os_path_isfile, mock_yaml_load):
|
||||
mock_yaml_load.return_value = fakes.create_disk_images()
|
||||
@ -56,7 +56,7 @@ class TestBaseImageManager(testbase.TestCase):
|
||||
|
||||
@mock.patch('tripleo_common.image.base.BaseImageManager.APPEND_ATTRIBUTES',
|
||||
['elements', 'options', 'packages', 'environment'])
|
||||
@mock.patch('yaml.load', autospec=True)
|
||||
@mock.patch('yaml.safe_load', autospec=True)
|
||||
@mock.patch('os.path.isfile', autospec=True)
|
||||
def test_load_config_files_multiple_files(self, mock_os_path_isfile,
|
||||
mock_yaml_load):
|
||||
@ -99,7 +99,7 @@ class TestBaseImageManager(testbase.TestCase):
|
||||
'environment': {'test_env': '1', 'test_env2': '0'},
|
||||
}], disk_images)
|
||||
|
||||
@mock.patch('yaml.load', autospec=True)
|
||||
@mock.patch('yaml.safe_load', autospec=True)
|
||||
@mock.patch('os.path.isfile', autospec=True)
|
||||
def test_load_config_files_missing_image_name(self, mock_os_path_isfile,
|
||||
mock_yaml_load):
|
||||
@ -125,7 +125,7 @@ class TestBaseImageManager(testbase.TestCase):
|
||||
self.assertRaises(ImageSpecificationException,
|
||||
base_manager.load_config_files, 'disk_images')
|
||||
|
||||
@mock.patch('yaml.load', autospec=True)
|
||||
@mock.patch('yaml.safe_load', autospec=True)
|
||||
@mock.patch('os.path.isfile', autospec=True)
|
||||
def test_load_config_files_single_image(self, mock_os_path_isfile,
|
||||
mock_yaml_load):
|
||||
|
Loading…
Reference in New Issue
Block a user