Replaces yaml.load() with yaml.safe_load()

Code Issues Proposed changes

Yaml.load() return Python object may be dangerous if you receive
a YAML document from an untrusted source such as the Internet.
The function yaml.safe_load() limits this ability to simple Python
objects like integers or lists.
Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html
Change-Id: I78fde872948d6838957e35765c3f182bd4b9b512

This commit is contained in:

gengchc2

2017年02月04日 18:21:33 +08:00

parent 49ccdbeb2c

commit 64a549e6db

1 changed files with 2 additions and 2 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

4
generate_requirements/generate_requirements.py

View File

@@ -37,7 +37,7 @@ DEVNULL = open(os.devnull, 'w')

# load the yaml file

with io.open(filename, 'rb') as f:

roles = yaml.load(f)

roles = yaml.safe_load(f)

role_names = []

role_dict = {}

@@ -87,7 +87,7 @@ for role in role_names:

# Try to read the dependencies from the role's meta/main.yml

try:

with io.open(os.path.join(role, "meta", "main.yml")) as f:

y = yaml.load(f)

y = yaml.safe_load(f)

for dep in y['dependencies']:

try:

dep = dep['role']

Replaces yaml.load() with yaml.safe_load()

4 generate_requirements/generate_requirements.py Unescape Escape View File

4
generate_requirements/generate_requirements.py

View File