Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 40d02088e41df58526508c079e46b19cd14fe3ee
commit40d02088e41df58526508c079e46b19cd14fe3ee[log] [tgz]
authorDao Cong Tien <tiendc@vn.fujitsu.com>Mon Jan 16 16:59:18 2017 +0700
committerDao Cong Tien <tiendc@vn.fujitsu.com>Mon Jan 16 17:03:17 2017 +0700
treee3a9084c709663014731931ec379c052ab5d252a
parent72195791db97616e336e8ddebcdddcddbcdad2ea [diff]
Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load() limits this ability to
simple Python objects like integers or lists.

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I85c5a4e17bc79c62d946a1dd0c9e85b527961926
Partial-Bug: #1634265
2 files changed
tree: e3a9084c709663014731931ec379c052ab5d252a
  1. data/
  2. doc/
  3. etc/
  4. releasenotes/
  5. tempest/
  6. tools/
  7. .coveragerc
  8. .gitignore
  9. .gitreview
  10. .mailmap
  11. .testr.conf
  12. bindep.txt
  13. HACKING.rst
  14. LICENSE
  15. README.rst
  16. requirements.txt
  17. REVIEWING.rst
  18. run_tempest.sh
  19. run_tests.sh
  20. setup.cfg
  21. setup.py
  22. test-requirements.txt
  23. tox.ini