Replace yaml.load() with yaml.safe_load()
Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Because yaml.load return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load limits this ability to simple Python objects like integers or lists. In addition, Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). Thus I replace yaml.load() with yaml.safe_load() [1] https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I9136d7bc684400e52ebf2cba3bd212a27c4954a2 Closes-Bug: #1634265
This commit is contained in:
parent
0bf504066f
commit
8c6ff61556
|
@ -25,11 +25,11 @@ class BaseWorkbookForm(forms.SelfHandlingForm):
|
|||
|
||||
class CreateWorkbookForm(BaseWorkbookForm):
|
||||
def handle(self, request, data):
|
||||
json = yaml.load(data['workbook'])
|
||||
json = yaml.safe_load(data['workbook'])
|
||||
return api.create_workbook(request, json)
|
||||
|
||||
|
||||
class EditWorkbookForm(BaseWorkbookForm):
|
||||
def handle(self, request, data):
|
||||
json = yaml.load(data['workbook'])
|
||||
json = yaml.safe_load(data['workbook'])
|
||||
return api.modify_workbook(request, json)
|
||||
|
|
Loading…
Reference in New Issue