commit d8df4ddfb10a9213e524ee25d14f271b7a4af727
author Bo Wang <bo.wang@easystack.cn> Tue Feb 16 21:23:53 2016 +0800
committer Bo Wang <bo.wang@easystack.cn> Tue Feb 16 21:37:27 2016 +0800
tree ce8d02eb6211cfcf52126ac01d7ce5b5493067c4
parent b95d7b5f22a7ac691da0da7652dcb29e8c9be3b7

Use yaml.safe_load() instead of yaml.load()

yaml.load() provides the ability to construct an arbitrary python object
that may be dangerous. yaml.safe_load() limits this ability to simple
python objects like integers or lists.

ref: https://en.wikipedia.org/wiki/YAML#Security

Change-Id: I9c28c25f4265fb691d39e72e20ef9c99f5538bf5

functional/test_template_resource.py

diff --git a/functional/test_template_resource.py b/functional/test_template_resource.py
index 9249a6e..fa34e2e 100644
--- a/functional/test_template_resource.py
+++ b/functional/test_template_resource.py
@@ -602,7 +602,7 @@
         super(TemplateResourceAdoptTest, self).setUp()
 
     def _yaml_to_json(self, yaml_templ):
-        return yaml.load(yaml_templ)
+        return yaml.safe_load(yaml_templ)
 
     def test_abandon(self):
         stack_identifier = self.stack_create(
@@ -635,7 +635,7 @@
                 }
             },
             "environment": {"parameters": {}},
-            "template": yaml.load(self.main_template)
+            "template": yaml.safe_load(self.main_template)
         }
 
         stack_identifier = self.stack_adopt(