diff options
author | chenaidong1 <chen.aidong@zte.com.cn> | 2017-03-10 16:18:30 +0800 |
---|---|---|
committer | chenaidong1 <chen.aidong@zte.com.cn> | 2017-03-10 16:18:30 +0800 |
commit | bb79184e6982c2c452a19144f3b37afce6360ddb (patch) | |
tree | 6f7221669fc2b65d13796b73cfef2a3f4991ad7a | |
parent | 570574906087be436d86efc5af25e61b41189a89 (diff) | |
download | heat-templates-bb79184e6982c2c452a19144f3b37afce6360ddb.tar.gz |
Replace yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if
you receive a YAML document from an untrusted source
such as the Internet. The function yaml.safe_load()
limits this ability to simple Python objects like
integers or lists.
Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html
Change-Id: Ib2bfd11354c6b35c90938c1075729dc7028236a3
-rwxr-xr-x | hot/software-config/elements/heat-config-docker-compose/install.d/hook-docker-compose.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hot/software-config/elements/heat-config-docker-compose/install.d/hook-docker-compose.py b/hot/software-config/elements/heat-config-docker-compose/install.d/hook-docker-compose.py index 2e2b4d7..41219ef 100755 --- a/hot/software-config/elements/heat-config-docker-compose/install.d/hook-docker-compose.py +++ b/hot/software-config/elements/heat-config-docker-compose/install.d/hook-docker-compose.py @@ -79,7 +79,7 @@ def main(argv=sys.argv): # convert config to dict if not isinstance(config, dict): - config = ast.literal_eval(json.dumps(yaml.load(config))) + config = ast.literal_eval(json.dumps(yaml.safe_load(config))) os.chdir(proj) |