Replace yaml.load with yaml.safe_load;And replace yaml.dump with yaml.safe_load
Bug #1673294 reported by
WangBinbin
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tacker |
Fix Released
|
Medium
|
WangBinbin | ||
Bug Description
yaml.load is a security risk, should use yaml.safe_load.
yaml.safe_load is more safer than yaml.load.
The input data of yaml.load is not always to be trusted. Replace the yaml.load If we have a better one.
replace yaml.dump with yaml.safe_dump
| Changed in tacker: | |
| assignee: | nobody → WangBinbin (bbwang5827) |
| Changed in tacker: | |
| status: | New → In Progress |
Revision history for this message
| WangBinbin (bbwang5827) wrote | #1 |
| Changed in tacker: | |
| milestone: | none → pike-1 |
| importance: | Undecided → Medium |
| summary: |
- Replace yaml.load with yaml.safe_load + Replace yaml.load with yaml.safe_load;And replace yaml.dump with + yaml.safe_load |
| description: | updated |
| Changed in tacker: | |
| assignee: | WangBinbin (bbwang5827) → yong sheng gong (gongysh) |
| Changed in tacker: | |
| assignee: | yong sheng gong (gongysh) → WangBinbin (bbwang5827) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to tacker (master) | #2 |
| Changed in tacker: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/tacker 0.8.0 | #3 |
To post a comment you must log in.
https:/