Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I021bd09d3bbc6d4b9c8965c59c7f4ec4895f8b8b
This commit is contained in:
parent
4c7b6071b7
commit
d27cd0ea4e
@ -16,7 +16,7 @@ import yaml
|
|||||||
|
|
||||||
def load(stream):
|
def load(stream):
|
||||||
try:
|
try:
|
||||||
yaml_dict = yaml.load(stream, Loader=yaml.BaseLoader)
|
yaml_dict = yaml.safe_load(stream, Loader=yaml.BaseLoader)
|
||||||
except yaml.YAMLError as exc:
|
except yaml.YAMLError as exc:
|
||||||
msg = 'An error occurred during YAML parsing.'
|
msg = 'An error occurred during YAML parsing.'
|
||||||
if hasattr(exc, 'problem_mark'):
|
if hasattr(exc, 'problem_mark'):
|
||||||
|
Loading…
Reference in New Issue
Block a user