Replaces yaml.load() with yaml.safe_load() Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I85c5a4e17bc79c62d946a1dd0c9e85b527961926 Partial-Bug: #1634265

commit: 40d02088e41df58526508c079e46b19cd14fe3ee [log] [tgz]
author: Dao Cong Tien <tiendc@vn.fujitsu.com> Mon Jan 16 16:59:18 2017 +0700
committer: Dao Cong Tien <tiendc@vn.fujitsu.com> Mon Jan 16 17:03:17 2017 +0700
tree: e3a9084c709663014731931ec379c052ab5d252a
parent: 72195791db97616e336e8ddebcdddcddbcdad2ea [diff] [blame]
diff --git a/tempest/cmd/workspace.py b/tempest/cmd/workspace.py
index 3c58648..d2dc00d 100644
--- a/tempest/cmd/workspace.py
+++ b/tempest/cmd/workspace.py

@@ -151,7 +151,7 @@
         if not os.path.isfile(self.path):
             return
         with open(self.path, 'r') as f:
-            self.workspaces = yaml.load(f) or {}
+            self.workspaces = yaml.safe_load(f) or {}
 
 
 class TempestWorkspace(command.Command):
commit	40d02088e41df58526508c079e46b19cd14fe3ee	[log] [tgz]
author	Dao Cong Tien <tiendc@vn.fujitsu.com>	Mon Jan 16 16:59:18 2017 +0700
committer	Dao Cong Tien <tiendc@vn.fujitsu.com>	Mon Jan 16 17:03:17 2017 +0700
tree	e3a9084c709663014731931ec379c052ab5d252a
parent	72195791db97616e336e8ddebcdddcddbcdad2ea [diff] [blame]