From ce7a31d5f87e0a77a4448937defb4e0a98a69163 Mon Sep 17 00:00:00 2001 From: Luong Anh Tuan Date: Mon, 16 Jan 2017 14:40:52 +0700 Subject: [PATCH] Replace yaml.load() with yaml.safe_load() Avoid dangerous file parsing and object serialization libraries. yaml.load is the obvious function to use but it is dangerous[1] Bandit flags yaml.load() as security risk so replace all occurrences with yaml.safe_load(). [1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Iba7924715c9ef66fec9f875f11a2261789e6aa0d Closes-Bug: #1634265 --- cinder/tests/unit/volume/drivers/dell_emc/vnx/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cinder/tests/unit/volume/drivers/dell_emc/vnx/utils.py b/cinder/tests/unit/volume/drivers/dell_emc/vnx/utils.py index f771f99d644..bec99cdb107 100644 --- a/cinder/tests/unit/volume/drivers/dell_emc/vnx/utils.py +++ b/cinder/tests/unit/volume/drivers/dell_emc/vnx/utils.py @@ -34,7 +34,7 @@ def load_yaml(file_name): yaml_file = '{}/{}'.format(path.dirname( path.abspath(__file__)), file_name) with open(yaml_file) as f: - res = yaml.load(f) + res = yaml.safe_load(f) return res