Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I8cff003dad2d0b4ca19b12d45cb5538f683192cd
2018-02-13 14:21:14 +07:00 · 2018-02-13 14:21:14 +07:00 · 668dd098a4
commit 668dd098a4
parent f984115a53
1 changed files with 1 additions and 1 deletions
--- a/kb_dib/elements/kloudbuster/post-install.d/99-cloudcfg-edit
+++ b/kb_dib/elements/kloudbuster/post-install.d/99-cloudcfg-edit
@ -5,7 +5,7 @@ cloudcfg = "/etc/cloud/cloud.cfg"
 user = "cloud-user"

 with open(cloudcfg) as f:
-  cfg = yaml.load(f)
+  cfg = safe_yaml.load(f)

 try:
  if cfg['system_info']['default_user']['name']: