Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: Ifa91f90658a70dcedd00a3e036e3f241746e5bd1
2018-02-13 11:17:08 +07:00 · 2018-02-13 11:17:08 +07:00 · 630ae1e92a
commit 630ae1e92a
parent 0316f4d795
1 changed files with 1 additions and 1 deletions
--- a/zaqar_ui/api/rest/zaqar.py
+++ b/zaqar_ui/api/rest/zaqar.py
@ -36,7 +36,7 @@ def _load_yaml(data):
        loaded_data = {}
    else:
        try:
-            loaded_data = yaml.load(data)
+            loaded_data = yaml.safe_load(data)
        except Exception as ex:
            raise Exception(_('The specified input is not a valid '
                              'YAML format: %s') % six.text_type(ex))