diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-11-09 08:18:42 -0300 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-11-09 08:19:05 -0300 |
| commit | 98d3de9f08886950dec4006fdce1b1d467a724d2 (patch) | |
| tree | 78affc33ccbc633667bb6c5add7ba265f3d9a7ff | |
| parent | fc0b80ed3b80012ffef493ea287e88e5909a160c (diff) | |
| download | os-client-config-98d3de9f08886950dec4006fdce1b1d467a724d2.tar.gz | |
Use yaml.safe_load instead of load.
yaml.load will execute arbitrary code.
Also use context managers to ensure files are closed
Change-Id: I704baa7916ee834c12821009d8e3029b1b8fa340
| -rw-r--r-- | os_client_config/config.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/os_client_config/config.py b/os_client_config/config.py index 925c23f..c711919 100644 --- a/os_client_config/config.py +++ b/os_client_config/config.py @@ -87,12 +87,14 @@ class OpenStackConfig(object): def _load_config_file(self): for path in self._config_files: if os.path.exists(path): - return yaml.load(open(path, 'r')) + with open(path, 'r') as f: + return yaml.safe_load(f) def _load_vendor_file(self): for path in self._vendor_files: if os.path.exists(path): - return yaml.load(open(path, 'r')) + with open(path, 'r') as f: + return yaml.safe_load(f) def get_cache_max_age(self): return self._cache_max_age |