summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorchenaidong1 <chen.aidong@zte.com.cn>2017-03-10 16:18:30 +0800
committerchenaidong1 <chen.aidong@zte.com.cn>2017-03-10 16:18:30 +0800
commitbb79184e6982c2c452a19144f3b37afce6360ddb (patch)
tree6f7221669fc2b65d13796b73cfef2a3f4991ad7a
parent570574906087be436d86efc5af25e61b41189a89 (diff)
downloadheat-templates-bb79184e6982c2c452a19144f3b37afce6360ddb.tar.gz
Replace yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Ib2bfd11354c6b35c90938c1075729dc7028236a3
Diffstat
-rwxr-xr-xhot/software-config/elements/heat-config-docker-compose/install.d/hook-docker-compose.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/hot/software-config/elements/heat-config-docker-compose/install.d/hook-docker-compose.py b/hot/software-config/elements/heat-config-docker-compose/install.d/hook-docker-compose.py
index 2e2b4d7..41219ef 100755
--- a/hot/software-config/elements/heat-config-docker-compose/install.d/hook-docker-compose.py
+++ b/hot/software-config/elements/heat-config-docker-compose/install.d/hook-docker-compose.py
@@ -79,7 +79,7 @@ def main(argv=sys.argv):
# convert config to dict
if not isinstance(config, dict):
- config = ast.literal_eval(json.dumps(yaml.load(config)))
+ config = ast.literal_eval(json.dumps(yaml.safe_load(config)))
os.chdir(proj)
View Lorry Controller Status