summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlhinds <lhinds@redhat.com>2017-07-08 16:51:27 +0100
committerJustin chi <chigang@huawei.com>2017-07-11 01:10:08 +0000
commit1833897d18fe0930984215372e1343cff1531b61 (patch)
tree4a90c727423647490da1c09bc357009871254dce
parent264ec7332c84617e95f2b7336dcee1a413bc7e6b (diff)
Utilize yaml.safe_load
The patch changes instances of yaml.load with yaml.safe_load which is more secure at blocking arbitrary code execution. The following blog has a decent explaination: https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html Change-Id: I8201baab6cb31ab31228eca83134f87a57c2f5d2 Signed-off-by: lhinds <lhinds@redhat.com>
-rw-r--r--build/parser.py2
-rw-r--r--deploy/bonding.py2
-rw-r--r--deploy/client.py4
-rw-r--r--deploy/config_parse.py2
-rw-r--r--deploy/opera_adapter.py2
-rw-r--r--deploy/rename_nics.py2
-rw-r--r--deploy/reset_compute.py4
-rw-r--r--deploy/setup_vnic.py2
-rw-r--r--repo/gen_ins_pkg_script.py2
-rw-r--r--util/check_valid.py2
10 files changed, 12 insertions, 12 deletions
diff --git a/build/parser.py b/build/parser.py
index 602d7c21..63eb494f 100644
--- a/build/parser.py
+++ b/build/parser.py
@@ -80,7 +80,7 @@ def usage():
def build_parser(build_file_name):
cache = load_env()
- cfg = yaml.load(file(build_file_name, 'r'))
+ cfg = yaml.safe_load(file(build_file_name, 'r'))
print "Starting building...."
for pkg in cfg.get("packages"):
diff --git a/deploy/bonding.py b/deploy/bonding.py
index 27e76daa..17b5b205 100644
--- a/deploy/bonding.py
+++ b/deploy/bonding.py
@@ -34,7 +34,7 @@ def create_bonding(network_info, rsa_file, compass_ip):
if __name__ == "__main__":
assert(len(sys.argv) == 4)
create_bonding(
- yaml.load(
+ yaml.safe_load(
open(
sys.argv[1])),
sys.argv[2],
diff --git a/deploy/client.py b/deploy/client.py
index 810ac118..6d5daa38 100644
--- a/deploy/client.py
+++ b/deploy/client.py
@@ -740,11 +740,11 @@ class CompassClient(object):
package_config['network_mapping'] = network_mapping
assert(os.path.exists(CONF.network_cfg))
- network_cfg = yaml.load(open(CONF.network_cfg))
+ network_cfg = yaml.safe_load(open(CONF.network_cfg))
package_config["network_cfg"] = network_cfg
assert(os.path.exists(CONF.neutron_cfg))
- neutron_cfg = yaml.load(open(CONF.neutron_cfg))
+ neutron_cfg = yaml.safe_load(open(CONF.neutron_cfg))
package_config["neutron_config"] = neutron_cfg
"""
diff --git a/deploy/config_parse.py b/deploy/config_parse.py
index 363516b4..8a1ac54b 100644
--- a/deploy/config_parse.py
+++ b/deploy/config_parse.py
@@ -15,7 +15,7 @@ from Cheetah.Template import Template
def init(file):
with open(file) as fd:
- return yaml.load(fd)
+ return yaml.safe_load(fd)
def decorator(func):
diff --git a/deploy/opera_adapter.py b/deploy/opera_adapter.py
index 137aba54..fbf1b662 100644
--- a/deploy/opera_adapter.py
+++ b/deploy/opera_adapter.py
@@ -18,7 +18,7 @@ import traceback
def load_file(file):
with open(file) as fd:
try:
- return yaml.load(fd)
+ return yaml.safe_load(fd)
except:
traceback.print_exc()
return None
diff --git a/deploy/rename_nics.py b/deploy/rename_nics.py
index 2672c990..f78b3979 100644
--- a/deploy/rename_nics.py
+++ b/deploy/rename_nics.py
@@ -36,7 +36,7 @@ def rename_nics(dha_info, rsa_file, compass_ip, os_version):
if __name__ == "__main__":
assert(len(sys.argv) == 5)
rename_nics(
- yaml.load(
+ yaml.safe_load(
open(
sys.argv[1])),
sys.argv[2],
diff --git a/deploy/reset_compute.py b/deploy/reset_compute.py
index 86afc4f1..2e5103ba 100644
--- a/deploy/reset_compute.py
+++ b/deploy/reset_compute.py
@@ -20,7 +20,7 @@ def exec_cmd(cmd):
def reset_baremetal(dha_info):
print "reset_baremetal"
- hosts_info = yaml.load(open(dha_info))
+ hosts_info = yaml.safe_load(open(dha_info))
# print hosts_info
ipmiUserDf = hosts_info.get('ipmiUser', 'root')
@@ -48,7 +48,7 @@ def reset_baremetal(dha_info):
def reset_virtual(dha_info):
print "reset_virtual"
- hosts_info = yaml.load(open(dha_info))
+ hosts_info = yaml.safe_load(open(dha_info))
print hosts_info
hosts_list = hosts_info.get('hosts', [])
diff --git a/deploy/setup_vnic.py b/deploy/setup_vnic.py
index 7dcd8d94..de3b5ed6 100644
--- a/deploy/setup_vnic.py
+++ b/deploy/setup_vnic.py
@@ -13,7 +13,7 @@ import yaml
if __name__ == "__main__":
network_config_file = os.environ["NETWORK"]
- network_config = yaml.load(open(network_config_file, "r"))
+ network_config = yaml.safe_load(open(network_config_file, "r"))
os.system(
"sudo ovs-vsctl --may-exist add-port br-external mgmt_vnic -- set Interface mgmt_vnic type=internal") # noqa
os.system("sudo ip addr flush mgmt_vnic")
diff --git a/repo/gen_ins_pkg_script.py b/repo/gen_ins_pkg_script.py
index 38d08c23..9af34143 100644
--- a/repo/gen_ins_pkg_script.py
+++ b/repo/gen_ins_pkg_script.py
@@ -32,7 +32,7 @@ def get_packages_name_list(file_list, special_packages):
package_name_list = []
for file in file_list:
- datas = yaml.load(open(file))
+ datas = yaml.safe_load(open(file))
if not datas:
continue
diff --git a/util/check_valid.py b/util/check_valid.py
index e3ad6bcd..e6a72e71 100644
--- a/util/check_valid.py
+++ b/util/check_valid.py
@@ -17,7 +17,7 @@ import traceback
def load_file(file):
with open(file) as fd:
try:
- return yaml.load(fd)
+ return yaml.safe_load(fd)
except:
traceback.print_exc()
return None