diff options
author | lhinds <lhinds@redhat.com> | 2017-07-08 16:51:27 +0100 |
---|---|---|
committer | Justin chi <chigang@huawei.com> | 2017-07-11 01:10:08 +0000 |
commit | 1833897d18fe0930984215372e1343cff1531b61 (patch) | |
tree | 4a90c727423647490da1c09bc357009871254dce | |
parent | 264ec7332c84617e95f2b7336dcee1a413bc7e6b (diff) |
Utilize yaml.safe_load
The patch changes instances of yaml.load with yaml.safe_load
which is more secure at blocking arbitrary code execution.
The following blog has a decent explaination:
https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
Change-Id: I8201baab6cb31ab31228eca83134f87a57c2f5d2
Signed-off-by: lhinds <lhinds@redhat.com>
-rw-r--r-- | build/parser.py | 2 | ||||
-rw-r--r-- | deploy/bonding.py | 2 | ||||
-rw-r--r-- | deploy/client.py | 4 | ||||
-rw-r--r-- | deploy/config_parse.py | 2 | ||||
-rw-r--r-- | deploy/opera_adapter.py | 2 | ||||
-rw-r--r-- | deploy/rename_nics.py | 2 | ||||
-rw-r--r-- | deploy/reset_compute.py | 4 | ||||
-rw-r--r-- | deploy/setup_vnic.py | 2 | ||||
-rw-r--r-- | repo/gen_ins_pkg_script.py | 2 | ||||
-rw-r--r-- | util/check_valid.py | 2 |
10 files changed, 12 insertions, 12 deletions
diff --git a/build/parser.py b/build/parser.py index 602d7c21..63eb494f 100644 --- a/build/parser.py +++ b/build/parser.py @@ -80,7 +80,7 @@ def usage(): def build_parser(build_file_name): cache = load_env() - cfg = yaml.load(file(build_file_name, 'r')) + cfg = yaml.safe_load(file(build_file_name, 'r')) print "Starting building...." for pkg in cfg.get("packages"): diff --git a/deploy/bonding.py b/deploy/bonding.py index 27e76daa..17b5b205 100644 --- a/deploy/bonding.py +++ b/deploy/bonding.py @@ -34,7 +34,7 @@ def create_bonding(network_info, rsa_file, compass_ip): if __name__ == "__main__": assert(len(sys.argv) == 4) create_bonding( - yaml.load( + yaml.safe_load( open( sys.argv[1])), sys.argv[2], diff --git a/deploy/client.py b/deploy/client.py index 810ac118..6d5daa38 100644 --- a/deploy/client.py +++ b/deploy/client.py @@ -740,11 +740,11 @@ class CompassClient(object): package_config['network_mapping'] = network_mapping assert(os.path.exists(CONF.network_cfg)) - network_cfg = yaml.load(open(CONF.network_cfg)) + network_cfg = yaml.safe_load(open(CONF.network_cfg)) package_config["network_cfg"] = network_cfg assert(os.path.exists(CONF.neutron_cfg)) - neutron_cfg = yaml.load(open(CONF.neutron_cfg)) + neutron_cfg = yaml.safe_load(open(CONF.neutron_cfg)) package_config["neutron_config"] = neutron_cfg """ diff --git a/deploy/config_parse.py b/deploy/config_parse.py index 363516b4..8a1ac54b 100644 --- a/deploy/config_parse.py +++ b/deploy/config_parse.py @@ -15,7 +15,7 @@ from Cheetah.Template import Template def init(file): with open(file) as fd: - return yaml.load(fd) + return yaml.safe_load(fd) def decorator(func): diff --git a/deploy/opera_adapter.py b/deploy/opera_adapter.py index 137aba54..fbf1b662 100644 --- a/deploy/opera_adapter.py +++ b/deploy/opera_adapter.py @@ -18,7 +18,7 @@ import traceback def load_file(file): with open(file) as fd: try: - return yaml.load(fd) + return yaml.safe_load(fd) except: traceback.print_exc() return None diff --git a/deploy/rename_nics.py b/deploy/rename_nics.py index 2672c990..f78b3979 100644 --- a/deploy/rename_nics.py +++ b/deploy/rename_nics.py @@ -36,7 +36,7 @@ def rename_nics(dha_info, rsa_file, compass_ip, os_version): if __name__ == "__main__": assert(len(sys.argv) == 5) rename_nics( - yaml.load( + yaml.safe_load( open( sys.argv[1])), sys.argv[2], diff --git a/deploy/reset_compute.py b/deploy/reset_compute.py index 86afc4f1..2e5103ba 100644 --- a/deploy/reset_compute.py +++ b/deploy/reset_compute.py @@ -20,7 +20,7 @@ def exec_cmd(cmd): def reset_baremetal(dha_info): print "reset_baremetal" - hosts_info = yaml.load(open(dha_info)) + hosts_info = yaml.safe_load(open(dha_info)) # print hosts_info ipmiUserDf = hosts_info.get('ipmiUser', 'root') @@ -48,7 +48,7 @@ def reset_baremetal(dha_info): def reset_virtual(dha_info): print "reset_virtual" - hosts_info = yaml.load(open(dha_info)) + hosts_info = yaml.safe_load(open(dha_info)) print hosts_info hosts_list = hosts_info.get('hosts', []) diff --git a/deploy/setup_vnic.py b/deploy/setup_vnic.py index 7dcd8d94..de3b5ed6 100644 --- a/deploy/setup_vnic.py +++ b/deploy/setup_vnic.py @@ -13,7 +13,7 @@ import yaml if __name__ == "__main__": network_config_file = os.environ["NETWORK"] - network_config = yaml.load(open(network_config_file, "r")) + network_config = yaml.safe_load(open(network_config_file, "r")) os.system( "sudo ovs-vsctl --may-exist add-port br-external mgmt_vnic -- set Interface mgmt_vnic type=internal") # noqa os.system("sudo ip addr flush mgmt_vnic") diff --git a/repo/gen_ins_pkg_script.py b/repo/gen_ins_pkg_script.py index 38d08c23..9af34143 100644 --- a/repo/gen_ins_pkg_script.py +++ b/repo/gen_ins_pkg_script.py @@ -32,7 +32,7 @@ def get_packages_name_list(file_list, special_packages): package_name_list = [] for file in file_list: - datas = yaml.load(open(file)) + datas = yaml.safe_load(open(file)) if not datas: continue diff --git a/util/check_valid.py b/util/check_valid.py index e3ad6bcd..e6a72e71 100644 --- a/util/check_valid.py +++ b/util/check_valid.py @@ -17,7 +17,7 @@ import traceback def load_file(file): with open(file) as fd: try: - return yaml.load(fd) + return yaml.safe_load(fd) except: traceback.print_exc() return None |