15fd41725a
Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Because yaml.load return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load limits this ability to simple Python objects like integers or lists. In addition, Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). Thus I replace yaml.load() with yaml.safe_load() [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Iaa2b7d9c880f3e20243bb2a9cbd8f9db29ecc267
28 lines
1.1 KiB
Python
28 lines
1.1 KiB
Python
#!/usr/bin/env python
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import yaml
|
|
import sys
|
|
from pykwalify import core as pykwalify_core
|
|
from pykwalify import errors as pykwalify_errors
|
|
stream = open(sys.argv[1], 'r')
|
|
schema = yaml.safe_load(stream)
|
|
check = pykwalify_core.Core(sys.argv[2], schema_data=schema)
|
|
try:
|
|
check.validate(raise_exception=True)
|
|
print ("Validation successful")
|
|
exit(0)
|
|
except pykwalify_errors.SchemaError as e:
|
|
print ("Config " + sys.argv[2] + " is not valid!")
|
|
raise Exception('File does not conform to schema: {}'.format(e))
|