Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive
a YAML document from an untrusted source such as the Internet.
The function yaml.safe_load() limits this ability to simple
Python objects like integers or lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I021bd09d3bbc6d4b9c8965c59c7f4ec4895f8b8b
This commit is contained in:
rajat29 2017-07-26 12:11:48 +05:30
parent 4c7b6071b7
commit d27cd0ea4e

View File

@ -16,7 +16,7 @@ import yaml
def load(stream): def load(stream):
try: try:
yaml_dict = yaml.load(stream, Loader=yaml.BaseLoader) yaml_dict = yaml.safe_load(stream, Loader=yaml.BaseLoader)
except yaml.YAMLError as exc: except yaml.YAMLError as exc:
msg = 'An error occurred during YAML parsing.' msg = 'An error occurred during YAML parsing.'
if hasattr(exc, 'problem_mark'): if hasattr(exc, 'problem_mark'):