sig_cloud/diskimage-builder
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7b8b673d15
diskimage-builder/elements/package-installs/bin
History
Luong Anh Tuan ff8ae43265 Replace yaml.load() with yaml.safe_load() 
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.

In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I84640973fd9f45a69d2b21f6d594cd5bf10660a6
Closes-Bug: #1634265
2017-01-16 15:07:05 +07:00
..
package-installs Merge "Standarise tracing for scripts" 2015-03-04 00:38:44 +00:00
package-installs-squash Replace yaml.load() with yaml.safe_load() 2017-01-16 15:07:05 +07:00
package-installs-v2 Trace package install in package-installs-v2 2016-11-23 19:58:45 +11:00
package-uninstalls Standarise tracing for scripts 2015-02-12 10:41:32 +11:00