aboutsummaryrefslogtreecommitdiffstats
path: root/deploy
diff options
context:
space:
mode:
authorlhinds <lhinds@redhat.com>2017-07-08 16:51:27 +0100
committerJustin chi <chigang@huawei.com>2017-07-11 01:10:08 +0000
commit1833897d18fe0930984215372e1343cff1531b61 (patch)
tree4a90c727423647490da1c09bc357009871254dce /deploy
parent264ec7332c84617e95f2b7336dcee1a413bc7e6b (diff)
Utilize yaml.safe_load
The patch changes instances of yaml.load with yaml.safe_load which is more secure at blocking arbitrary code execution. The following blog has a decent explaination: https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html Change-Id: I8201baab6cb31ab31228eca83134f87a57c2f5d2 Signed-off-by: lhinds <lhinds@redhat.com>
Diffstat (limited to 'deploy')
-rw-r--r--deploy/bonding.py2
-rw-r--r--deploy/client.py4
-rw-r--r--deploy/config_parse.py2
-rw-r--r--deploy/opera_adapter.py2
-rw-r--r--deploy/rename_nics.py2
-rw-r--r--deploy/reset_compute.py4
-rw-r--r--deploy/setup_vnic.py2
7 files changed, 9 insertions, 9 deletions
diff --git a/deploy/bonding.py b/deploy/bonding.py
index 27e76daa..17b5b205 100644
--- a/deploy/bonding.py
+++ b/deploy/bonding.py
@@ -34,7 +34,7 @@ def create_bonding(network_info, rsa_file, compass_ip):
if __name__ == "__main__":
assert(len(sys.argv) == 4)
create_bonding(
- yaml.load(
+ yaml.safe_load(
open(
sys.argv[1])),
sys.argv[2],
diff --git a/deploy/client.py b/deploy/client.py
index 810ac118..6d5daa38 100644
--- a/deploy/client.py
+++ b/deploy/client.py
@@ -740,11 +740,11 @@ class CompassClient(object):
package_config['network_mapping'] = network_mapping
assert(os.path.exists(CONF.network_cfg))
- network_cfg = yaml.load(open(CONF.network_cfg))
+ network_cfg = yaml.safe_load(open(CONF.network_cfg))
package_config["network_cfg"] = network_cfg
assert(os.path.exists(CONF.neutron_cfg))
- neutron_cfg = yaml.load(open(CONF.neutron_cfg))
+ neutron_cfg = yaml.safe_load(open(CONF.neutron_cfg))
package_config["neutron_config"] = neutron_cfg
"""
diff --git a/deploy/config_parse.py b/deploy/config_parse.py
index 363516b4..8a1ac54b 100644
--- a/deploy/config_parse.py
+++ b/deploy/config_parse.py
@@ -15,7 +15,7 @@ from Cheetah.Template import Template
def init(file):
with open(file) as fd:
- return yaml.load(fd)
+ return yaml.safe_load(fd)
def decorator(func):
diff --git a/deploy/opera_adapter.py b/deploy/opera_adapter.py
index 137aba54..fbf1b662 100644
--- a/deploy/opera_adapter.py
+++ b/deploy/opera_adapter.py
@@ -18,7 +18,7 @@ import traceback
def load_file(file):
with open(file) as fd:
try:
- return yaml.load(fd)
+ return yaml.safe_load(fd)
except:
traceback.print_exc()
return None
diff --git a/deploy/rename_nics.py b/deploy/rename_nics.py
index 2672c990..f78b3979 100644
--- a/deploy/rename_nics.py
+++ b/deploy/rename_nics.py
@@ -36,7 +36,7 @@ def rename_nics(dha_info, rsa_file, compass_ip, os_version):
if __name__ == "__main__":
assert(len(sys.argv) == 5)
rename_nics(
- yaml.load(
+ yaml.safe_load(
open(
sys.argv[1])),
sys.argv[2],
diff --git a/deploy/reset_compute.py b/deploy/reset_compute.py
index 86afc4f1..2e5103ba 100644
--- a/deploy/reset_compute.py
+++ b/deploy/reset_compute.py
@@ -20,7 +20,7 @@ def exec_cmd(cmd):
def reset_baremetal(dha_info):
print "reset_baremetal"
- hosts_info = yaml.load(open(dha_info))
+ hosts_info = yaml.safe_load(open(dha_info))
# print hosts_info
ipmiUserDf = hosts_info.get('ipmiUser', 'root')
@@ -48,7 +48,7 @@ def reset_baremetal(dha_info):
def reset_virtual(dha_info):
print "reset_virtual"
- hosts_info = yaml.load(open(dha_info))
+ hosts_info = yaml.safe_load(open(dha_info))
print hosts_info
hosts_list = hosts_info.get('hosts', [])
diff --git a/deploy/setup_vnic.py b/deploy/setup_vnic.py
index 7dcd8d94..de3b5ed6 100644
--- a/deploy/setup_vnic.py
+++ b/deploy/setup_vnic.py
@@ -13,7 +13,7 @@ import yaml
if __name__ == "__main__":
network_config_file = os.environ["NETWORK"]
- network_config = yaml.load(open(network_config_file, "r"))
+ network_config = yaml.safe_load(open(network_config_file, "r"))
os.system(
"sudo ovs-vsctl --may-exist add-port br-external mgmt_vnic -- set Interface mgmt_vnic type=internal") # noqa
os.system("sudo ip addr flush mgmt_vnic")