Use more secure yaml.safe_load() instead of yaml.load()

The function yaml.load() provides the ability to construct an arbitrary Python object. For security, we use yaml.safe_load() instead which limits this ability to simple Python objects(like integers or lists). ref: https://en.wikipedia.org/wiki/YAML#Security Change-Id: Iea2a2d79c764d635b02c5d6d36c9a5652010d716
author: Javeme <zhangmei.li@easystack.cn> 2016-02-11 14:22:23 +0800
committer: Javeme <zhangmei.li@easystack.cn> 2016-02-11 14:35:24 +0800
commit: 668062ed07eaba096ec17363bd3f5721707b960b (patch)
tree: 142fe5e98c8d080ae6ed7a2907a8f58acc339bbb
parent: 1cc3b9c80e948b5f7052ac76f03d31a143269cf6 (diff)
download: oslo-messaging-668062ed07eaba096ec17363bd3f5721707b960b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/simulator.py b/tools/simulator.py
index 872ac0e..8c5c85e 100755
--- a/tools/simulator.py
+++ b/tools/simulator.py
@@ -54,7 +54,7 @@ Usage example:
 def init_random_generator():
     data = []
     with open('./messages_length.yaml') as m_file:
-        content = yaml.load(m_file)
+        content = yaml.safe_load(m_file)
         data += [int(n) for n in content[
             'test_data']['string_lengths'].split(', ')]
author	Javeme <zhangmei.li@easystack.cn>	2016-02-11 14:22:23 +0800
committer	Javeme <zhangmei.li@easystack.cn>	2016-02-11 14:35:24 +0800
commit	668062ed07eaba096ec17363bd3f5721707b960b (patch)
tree	142fe5e98c8d080ae6ed7a2907a8f58acc339bbb
parent	1cc3b9c80e948b5f7052ac76f03d31a143269cf6 (diff)
download	oslo-messaging-668062ed07eaba096ec17363bd3f5721707b960b.tar.gz