Replaces yaml.load() with yaml.safe_load() in neutron

Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I026355f3e71b7fd3aeee2fe5c7920a1c6306ab02
2017-02-04 12:24:35 +08:00 · 2017-02-04 12:24:35 +08:00 · edb6766294
commit edb6766294
parent 10420f68be
1 changed files with 1 additions and 1 deletions
--- a/tools/abandon_old_reviews.sh
+++ b/tools/abandon_old_reviews.sh
@ -57,7 +57,7 @@ import yaml

 data = urllib2.urlopen("https://raw.githubusercontent.com/openstack/"
                       "governance/master/reference/projects.yaml")
-governance = yaml.load(data)
+governance = yaml.safe_load(data)
 stadium = governance["neutron"]["deliverables"].keys()
 query = ["project:openstack/%s" % p for p in stadium]
 print ' OR '.join(query)