Karbor

  1. Bug #1634265
  2. Comment #36

Comment 36 for bug 1634265

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/420541
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=ce7a31d5f87e0a77a4448937defb4e0a98a69163
Submitter: Jenkins
Branch: master

commit ce7a31d5f87e0a77a4448937defb4e0a98a69163
Author: Luong Anh Tuan <email address hidden>
Date: Mon Jan 16 14:40:52 2017 +0700

    Replace yaml.load() with yaml.safe_load()

    Avoid dangerous file parsing and object serialization libraries.
    yaml.load is the obvious function to use but it is dangerous[1]
    Bandit flags yaml.load() as security risk so replace all occurrences
    with yaml.safe_load().

    [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

    Change-Id: Iba7924715c9ef66fec9f875f11a2261789e6aa0d
    Closes-Bug: #1634265