Monasca

  1. Bug #1634265
  2. Comment #22

Comment 22 for bug 1634265

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to app-catalog (master)

Reviewed: https://review.openstack.org/421664
Committed: https://git.openstack.org/cgit/openstack/app-catalog/commit/?id=cf81bd39a6ebe28d31db48c09d982f9f9d310b6e
Submitter: Jenkins
Branch: master

commit cf81bd39a6ebe28d31db48c09d982f9f9d310b6e
Author: Luong Anh Tuan <email address hidden>
Date: Wed Jan 18 11:46:33 2017 +0700

    Replace yaml.load() with yaml.safe_load()

    Avoid dangerous file parsing and object serialization libraries.
    yaml.load is the obvious function to use but it is dangerous[1]
    Because yaml.load return Python object may be dangerous if you
    receive a YAML document from an untrusted source such as the
    Internet. The function yaml.safe_load limits this ability to
    simple Python objects like integers or lists.

    In addition, Bandit flags yaml.load() as security risk so replace
    all occurrences with yaml.safe_load(). Thus I replace yaml.load()
    with yaml.safe_load()

    [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

    Change-Id: Ife71148013d5f94ec5ae62633ff9a41f419bd3b7
    Closes-Bug: #1634265