Replace yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I11d34b8235781b7faaeddee0bd658ee9f7ed4297
2017-03-10 16:50:22 +08:00 · 2017-03-10 16:50:22 +08:00 · e95ea618cc
commit e95ea618cc
parent 83b137657a
1 changed files with 1 additions and 1 deletions
--- a/cinder/tests/unit/volume/drivers/dell_emc/vnx/utils.py
+++ b/cinder/tests/unit/volume/drivers/dell_emc/vnx/utils.py
@ -34,7 +34,7 @@ def load_yaml(file_name):
    yaml_file = '{}/{}'.format(path.dirname(
        path.abspath(__file__)), file_name)
    with open(yaml_file) as f:
-        res = yaml.load(f)
+        res = yaml.safe_load(f)
    return res