Convert yaml.load to yaml.safe_load

yaml.load is considered unsafe. yaml.safe_load is the
recommended method to use.

The yaml.load is only being called from scenario tests,
and from a forensic tool that is unused. Therefore this
code change has no runtime impact.

This allow unsuppressing the following pylint error
 E1120 no-value-for-parameter

This allow unsuppressing the following bandit error
 B506: Test for use of yaml load

Adding a new bandit zuul job, and removing the pinning
of the version of bandit for this repo.

Test Plan:
  PASS: tox -e pylint
  PASS: tox -e bandit
  PASS: build-pkgs -p nfv

Story: 2010531
Task: 47174

Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: Ie60dcf98425c95e103d22e7be4212de1954550bf
This commit is contained in:
Al Bailey 2023-01-19 19:45:19 +00:00
parent e6114addac
commit d87462c851
7 changed files with 24 additions and 11 deletions

View File

@ -43,6 +43,18 @@
vars:
tox_extra_args: -c nfv/tox.ini
- job:
name: nfv-tox-bandit
parent: tox
description: Run bandit for nfv
nodeset: debian-bullseye
required-projects:
- starlingx/root
vars:
tox_envlist: bandit
tox_extra_args: -c nfv/tox.ini
tox_constraints_file: '{{ ansible_user_dir }}/src/opendev.org/starlingx/root/build-tools/requirements/debian/upper-constraints.txt'
- job:
name: nfv-tox-pylint
parent: tox

View File

@ -108,7 +108,7 @@ def parser_initialize():
path = os.path.abspath(__file__)
config_file = os.path.dirname(path) + "/config/nfv-vim.yaml"
if os.path.isfile(config_file):
config_data = yaml.load(open(config_file))
config_data = yaml.safe_load(open(config_file))
return NfvVimParser(config_data)
return None

View File

@ -622,7 +622,7 @@ def process_main():
sys.exit(1)
if args.data:
data_fill = yaml.load(open(data_dir + '/data/' + args.data + '.yaml'))
data_fill = yaml.safe_load(open(data_dir + '/data/' + args.data + '.yaml'))
else:
print("No data file given.")
sys.exit(1)
@ -630,7 +630,7 @@ def process_main():
if args.setup:
setup_template = j2_env.get_template(args.setup + '.template')
setup_yaml = setup_template.render(data_fill)
setup_data = yaml.load(setup_yaml)
setup_data = yaml.safe_load(setup_yaml)
else:
print("No setup file given.")
sys.exit(1)
@ -638,7 +638,7 @@ def process_main():
if args.tests:
tests_template = j2_env.get_template(args.tests + '.template')
tests_yaml = tests_template.render(data_fill)
test_data = yaml.load(tests_yaml)
test_data = yaml.safe_load(tests_yaml)
else:
print("No tests given.")
sys.exit(1)

View File

@ -135,15 +135,15 @@ enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652,
# W0237 arguments-renamed
# W4904 deprecated-class
# W4905 deprecated-decorator
# E0012 pylint for python3 does not support inline deprecation
# E1101 no-member
# E1111 assignment-from-no-return
# E1120 no-value-for-parameter
# E1121 too-many-function-args
disable=C, R, W0120, W0125, W0212, W0221, W0223, W0231, W0235,
W0401, W0404, W0511, W0602, W0603, W0612, W0613, W0621, W0622, W0703, W1401,
W0107, W0706, W0707, W1310, W1406, W1505, W1514, W1618, W0237, W4904, W4905,
E0012, E1101, E1111, E1120, E1121
E0012, E1101, E1111, E1121
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs

View File

@ -2,7 +2,7 @@
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
hacking>=1.1.0,<=2.0.0 # Apache-2.0
bandit<1.6.0
bandit
coverage>=3.6
fixtures>=3.0.0 # Apache-2.0/BSD
mock>=2.0.0 # BSD

View File

@ -116,14 +116,12 @@ commands = pylint {[nfv]nfv_client_src_dir} \
# B108: Probable insecure usage of temp file/directory
# B110: Try, Except, Pass detected.
# B310: Audit url open for permitted schemes
# B506: Test for use of yaml load
skips = B104,B108,B110,B310,B506
skips = B104,B108,B110,B310
exclude = ./nfv-docs,./nfv-tests,./nfv-debug-tools,unit_test
[testenv:bandit]
deps = {[nfv]deps}
-r{toxinidir}/test-requirements.txt
deps = -r{toxinidir}/test-requirements.txt
commands = bandit --ini tox.ini -f txt -r {[nfv]nfv_base_dir}
[testenv:py39]

View File

@ -20,6 +20,9 @@ setenv = VIRTUAL_ENV={envdir}
[testenv:venv]
commands = {posargs}
[testenv:bandit]
description = Dummy environment to allow bandit to be run in subdir tox
[testenv:flake8]
description = Dummy environment to allow flake8 to be run in subdir tox