openstack/diskimage-builder
Code Issues Proposed changes
ff8ae43265
diskimage-builder/elements
History
Luong Anh Tuan ff8ae43265 Replace yaml.load() with yaml.safe_load() 
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.

In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I84640973fd9f45a69d2b21f6d594cd5bf10660a6
Closes-Bug: #1634265
2017-01-16 15:07:05 +07:00
..
apt-conf
Update apt-conf elements README from free text to table formatting
2015-10-08 17:12:46 -07:00
apt-preferences
Update apt-preferences element README from free text to table formatting
2015-10-08 17:14:16 -07:00
apt-sources
Catch errors in DIB_INIT_SYSTEM export
2016-11-23 23:03:50 +00:00
architecture-emulation-binaries
Fedora AArch64 (64-bit ARM) support in diskimage-builder
2016-11-16 21:47:26 -05:00
baremetal
Add a best-effort sudo safety check
2016-05-09 15:41:38 +10:00
base
Remove unnecessary dkms install from base
2016-09-12 11:42:51 -05:00
bootloader
Set grub timeout default
2016-12-20 11:46:22 +11:00
cache-url
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
centos
elements: Drop executable bits from environment files
2016-12-01 23:06:56 +00:00
centos7
simplify ARCH param for rhel/centos param can be x86_64 and amd64
2016-11-15 10:18:14 +11:00
centos-minimal
Remove EPEL as hardcoded dependency of centos elements
2016-09-12 11:42:55 -05:00
cleanup-kernel-initrd
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
cloud-init
FIx the DIB_CLOUD_INIT_ALLOW_SSH_PWAUTH variable name in README file
2016-12-17 11:51:32 +08:00
cloud-init-datasources
Simple-init should disable cloud-init
2015-05-11 16:55:02 +00:00
cloud-init-disable-resizefs
Fix cloud-init-disable-resizefs README title
2016-03-01 21:49:10 -08:00
cloud-init-nocloud
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
debian
elements: Drop executable bits from environment files
2016-12-01 23:06:56 +00:00
debian-minimal
Make dib-python use the default python for distro
2016-12-09 09:25:37 -08:00
debian-systemd
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
debian-upstart
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
debootstrap
Perform package install outside of debootstrap
2016-11-30 15:16:46 +11:00
deploy
Create docs site containing element READMEs
2015-02-10 11:45:35 -08:00
deploy-baremetal
Create docs site containing element READMEs
2015-02-10 11:45:35 -08:00
deploy-ironic
deploy-ironic: Fix syntax error when checking for root device hints
2016-01-07 12:06:19 +00:00
deploy-kexec
Create docs site containing element READMEs
2015-02-10 11:45:35 -08:00
deploy-targetcli
Optimize Python install in deploy-targetcli
2015-06-22 13:19:14 -05:00
deploy-tgtadm
No markdown docs for elements
2015-04-02 23:55:19 +00:00
devuser
elements: Drop executable bits from environment files
2016-12-01 23:06:56 +00:00
dhcp-all-interfaces
Merge "Handle failure of carrier check in dhcp-all-interfaces.sh"
2017-01-13 20:11:20 +00:00
dib-init-system
Catch errors in DIB_INIT_SYSTEM export
2016-11-23 23:03:50 +00:00
dib-python
Revert "Revert Xenial to Python 2"
2016-12-22 14:26:35 +11:00
dib-run-parts/root.d
dib-run-parts: make cp to target root more robust
2016-04-05 16:29:57 +02:00
disable-selinux/post-install.d
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
dkms
Make dkms element depend on dkms package
2015-12-26 22:07:19 +00:00
docker
Add base element for using docker as image base
2015-07-19 10:23:34 +00:00
dpkg
Perform package install outside of debootstrap
2016-11-30 15:16:46 +11:00
dracut-network
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
dracut-ramdisk
Make troubleshoot work with dracut ramdisks
2015-04-08 12:54:32 -05:00
dynamic-login
elements: Drop executable bits from environment files
2016-12-01 23:06:56 +00:00
element-manifest
Fix a typo
2016-11-18 10:48:05 +08:00
enable-serial-console
elements: Drop unneeded DIB_INIT_SYSTEM usage
2016-11-22 10:47:43 +00:00
epel
Fix up EPEL element
2016-04-15 12:37:22 +10:00
fedora
Make Fedora 24 the default
2016-07-08 09:15:08 -07:00
fedora-minimal
Add tests for building *-minimal images
2016-08-22 16:53:32 +00:00
gentoo
Fix Gentoo builds on Ubuntu 16.04 Xenial hosts
2017-01-10 10:34:12 -06:00
growroot
elements: growroot: Add SUSE package mappings
2016-10-19 16:16:35 +01:00
grub2
Merge "Allow grub2 to build with opensuse"
2015-12-16 01:25:10 +00:00
hpdsa
Add a new element hpdsa
2015-12-10 20:12:14 +00:00
hwburnin
Create docs site containing element READMEs
2015-02-10 11:45:35 -08:00
hwdiscovery
Create docs site containing element READMEs
2015-02-10 11:45:35 -08:00
ilo
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
install-bin
Add install-bin element
2016-05-13 11:52:23 +10:00
install-static
Install-static depends on rsync
2015-08-17 16:21:09 +00:00
install-types
Break install-types out of base
2015-04-14 13:39:18 -04:00
ironic-agent
Change "Openstack" to "OpenStack"
2016-12-30 01:15:27 +00:00
ironic-discoverd-ramdisk
dmidecode does not exist for ppc64/ppc64el
2016-06-29 16:51:46 -05:00
iso
Add a best-effort sudo safety check
2016-05-09 15:41:38 +10:00
local-config
elements: Add new openssh-server element
2016-11-22 10:07:14 +00:00
manifests
elements: Drop executable bits from environment files
2016-12-01 23:06:56 +00:00
mellanox
Fix mellanox element required kernel modules and user space packages
2016-09-11 11:40:20 +00:00
modprobe-blacklist
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
no-final-image
Generalize logic for skipping final image generation
2016-07-28 13:14:36 -05:00
oat-client
Add oat-client element
2015-06-26 09:57:12 +08:00
openssh-server
Support sysv init system used by Debian Wheezy
2016-12-14 15:53:04 +01:00
opensuse
Switch to openSUSE Leap 42.2 release by default
2016-12-17 10:46:17 +01:00
opensuse-minimal
Switch to openSUSE Leap 42.2 release by default
2016-12-17 10:46:17 +01:00
package-installs
Replace yaml.load() with yaml.safe_load()
2017-01-16 15:07:05 +07:00
partitioning-sfdisk
Merge "Export die() function"
2016-06-07 01:00:50 +00:00
pip-and-virtualenv
Pip install as 10- incompatible with 05-heat-cfntools
2016-12-14 20:50:00 +00:00
pip-cache
elements: Drop executable bits from environment files
2016-12-01 23:06:56 +00:00
pkg-map
Move pkg-map to dib-python
2016-06-08 21:16:50 +00:00
posix
Add new posix element.
2016-03-20 10:42:34 -07:00
proliant-tools
Fix proliant-tools dependencies
2016-07-20 14:50:21 -07:00
pypi
Add a best-effort sudo safety check
2016-05-09 15:41:38 +10:00
python-brickclient
DIB element to support cinder local attach/detach functionality
2016-11-30 08:46:13 +00:00
ramdisk
Merge "Add element ubuntu-signed to provide signed kernel"
2015-04-28 11:02:44 +00:00
ramdisk-base
elements: Drop executable bits from environment files
2016-12-01 23:06:56 +00:00
rax-nova-agent
rax-nova-agent: switch to $DISTRO_NAME
2015-05-12 17:48:49 +02:00
redhat-common
elements: Drop executable bits from environment files
2016-12-01 23:06:56 +00:00
rhel
Add a best-effort sudo safety check
2016-05-09 15:41:38 +10:00
rhel7
simplify ARCH param for rhel/centos param can be x86_64 and amd64
2016-11-15 10:18:14 +11:00
rhel-common
Disable all repos in os-refresh-config too
2016-11-16 16:27:24 -06:00
rpm-distro
Merge "Fedora AArch64 (64-bit ARM) support in diskimage-builder"
2016-11-25 12:09:21 +00:00
runtime-ssh-host-keys
Support sysv init system used by Debian Wheezy
2016-12-14 15:53:04 +01:00
select-boot-kernel-initrd
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
selinux-permissive
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
serial-console
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
simple-init
elements: simple-init: Remove SUSE interfaces
2016-10-18 19:02:41 +01:00
source-repositories
elements: source-repositories: Add git package mapping for SUSE
2016-10-19 17:53:01 +01:00
stable-interface-names
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
svc-map
Replace yaml.load() with yaml.safe_load()
2017-01-16 15:07:05 +07:00
sysctl
Update sysctl-write-value to do conflict checking
2016-12-06 22:58:20 +00:00
uboot
Standarise tracing for scripts
2015-02-12 10:41:32 +11:00
ubuntu
Revert "Revert Xenial to Python 2"
2016-12-22 14:26:35 +11:00
ubuntu-core
Merge "Make ubuntu-core support releases"
2016-07-06 23:49:31 +00:00
ubuntu-minimal
Update documented default Ubuntu version
2016-12-21 11:49:27 +00:00
ubuntu-signed
Add element ubuntu-signed to provide signed kernel
2015-04-12 11:36:17 -07:00
vm
Merge "Export die() function"
2016-06-07 01:00:50 +00:00
yum
Turn down yum install-packages
2016-10-20 15:19:31 +11:00
yum-minimal
Install dracut-generic-config package
2016-12-17 16:37:55 +00:00
zypper
elements: zypper: Do not pull recommended packages
2016-10-20 19:24:22 +01:00
zypper-minimal
Switch to openSUSE Leap 42.2 release by default
2016-12-17 10:46:17 +01:00