Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I1793ee3484f51dd663052e367d86f96f2f7598ea
This commit is contained in:
parent
45e8402f31
commit
c6813a95fa
|
@ -141,7 +141,7 @@ class Config(object):
|
||||||
self.printSample()
|
self.printSample()
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
self.config = yaml.load(open(self.path))
|
self.config = yaml.safe_load(open(self.path))
|
||||||
schema = ConfigSchema().getSchema(self.config)
|
schema = ConfigSchema().getSchema(self.config)
|
||||||
schema(self.config)
|
schema(self.config)
|
||||||
server = self.getServer(server)
|
server = self.getServer(server)
|
||||||
|
|
Loading…
Reference in New Issue