sig_cloud/diskimage-builder
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ff8ae43265
diskimage-builder/bin
History
Luong Anh Tuan ff8ae43265 Replace yaml.load() with yaml.safe_load() 
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.

In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I84640973fd9f45a69d2b21f6d594cd5bf10660a6
Closes-Bug: #1634265
2017-01-16 15:07:05 +07:00
..
dib-lint Replace yaml.load() with yaml.safe_load() 2017-01-16 15:07:05 +07:00
disk-image-create Add squashfs output image format 2016-12-19 07:21:39 +00:00
diskimage_builder Add a simple implementation of element dependency 2013-01-23 16:04:20 -08:00
element-info Use env python 2014-12-08 13:42:16 -08:00
ramdisk-image-create Build ramdisks in an image chroot. 2013-07-12 11:09:35 +01:00