Project

Profile

Help

Issue #2290

closed

Use yaml.load instead of yaml.safe_load

Added by pcreech over 6 years ago. Updated about 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Easy Fix
Sprint:
Quarter:

Description

In the new 3.0 config loading mechanism, we load the yaml file using yaml.load. This is unsafe, as this can end up runing functions while loading the yaml file.

Using yaml.safe_load will prevent this

Added by pcreech over 6 years ago

Revision 310ef94f

Use yaml.safe_load instead of yaml.load

Use yaml.safe_load instead of yaml.load, as yaml.load is dangerous

Look at http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML for more info

closes #2290

Added by pcreech over 6 years ago

Revision 310ef94f

Use yaml.safe_load instead of yaml.load

Use yaml.safe_load instead of yaml.load, as yaml.load is dangerous

Look at http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML for more info

closes #2290

Actions #1

Updated by pcreech over 6 years ago

  • Status changed from NEW to POST
Actions #2

Updated by pcreech over 6 years ago

  • Status changed from POST to MODIFIED
Actions #3

Updated by daviddavis almost 4 years ago

  • Sprint/Milestone set to 3.0.0
Actions #4

Updated by bmbouter almost 4 years ago

  • Tags deleted (Pulp 3)
Actions #5

Updated by bmbouter about 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF