Browse Source

Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML
document from an untrusted source such as the Internet. The function
yaml.safe_load() limits this ability to simple Python objects like integers or
lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I1793ee3484f51dd663052e367d86f96f2f7598ea
tags/1.6.0
Nguyen Hung Phuong 1 year ago
parent
commit
c6813a95fa
1 changed files with 1 additions and 1 deletions
  1. 1
    1
      gertty/config.py

+ 1
- 1
gertty/config.py View File

@@ -141,7 +141,7 @@ class Config(object):
141 141
             self.printSample()
142 142
             sys.exit(1)
143 143
 
144
-        self.config = yaml.load(open(self.path))
144
+        self.config = yaml.safe_load(open(self.path))
145 145
         schema = ConfigSchema().getSchema(self.config)
146 146
         schema(self.config)
147 147
         server = self.getServer(server)

Loading…
Cancel
Save