Utilize yaml.safe_load

The patch changes instances of yaml.load with yaml.safe_load which is more secure at blocking arbitrary code execution. The following blog has a decent explaination: https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html Change-Id: I8201baab6cb31ab31228eca83134f87a57c2f5d2 Signed-off-by: lhinds <lhinds@redhat.com>
author: lhinds <lhinds@redhat.com> 2017-07-08 16:51:27 +0100
committer: Justin chi <chigang@huawei.com> 2017-07-11 01:10:08 +0000
commit: 1833897d18fe0930984215372e1343cff1531b61 (patch)
tree: 4a90c727423647490da1c09bc357009871254dce /deploy/config_parse.py
parent: 264ec7332c84617e95f2b7336dcee1a413bc7e6b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/deploy/config_parse.py b/deploy/config_parse.py
index 363516b4..8a1ac54b 100644
--- a/deploy/config_parse.py
+++ b/deploy/config_parse.py
@@ -15,7 +15,7 @@ from Cheetah.Template import Template
 
 def init(file):
     with open(file) as fd:
-        return yaml.load(fd)
+        return yaml.safe_load(fd)
 
 
 def decorator(func):
author	lhinds <lhinds@redhat.com>	2017-07-08 16:51:27 +0100
committer	Justin chi <chigang@huawei.com>	2017-07-11 01:10:08 +0000
commit	1833897d18fe0930984215372e1343cff1531b61 (patch)
tree	4a90c727423647490da1c09bc357009871254dce /deploy/config_parse.py
parent	264ec7332c84617e95f2b7336dcee1a413bc7e6b (diff)