Project

Profile

Help

Send by e-mail

Issue #2290

Use yaml.load instead of yaml.safe_load

Added by pcreech about 3 years ago. Updated 2 months ago.

Status:
MODIFIED
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
3.0
Start date:
Due date:
Severity:
1. Low
Version:
Platform Release:
Blocks Release:
OS:
Backwards Incompatible:
No
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Easy Fix
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No
Sprint:

Description

In the new 3.0 config loading mechanism, we load the yaml file using yaml.load. This is unsafe, as this can end up runing functions while loading the yaml file.

Using yaml.safe_load will prevent this

Associated revisions

Revision 310ef94f View on GitHub
Added by pcreech about 3 years ago

Use yaml.safe_load instead of yaml.load

Use yaml.safe_load instead of yaml.load, as yaml.load is dangerous

Look at http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML for more
info

closes #2290

Revision 310ef94f View on GitHub
Added by pcreech about 3 years ago

Use yaml.safe_load instead of yaml.load

Use yaml.safe_load instead of yaml.load, as yaml.load is dangerous

Look at http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML for more
info

closes #2290

Revision 310ef94f View on GitHub
Added by pcreech about 3 years ago

Use yaml.safe_load instead of yaml.load

Use yaml.safe_load instead of yaml.load, as yaml.load is dangerous

Look at http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML for more
info

closes #2290

History

#1 Updated by pcreech about 3 years ago

  • Status changed from NEW to POST

#2 Updated by pcreech about 3 years ago

  • Status changed from POST to MODIFIED

#3 Updated by daviddavis 6 months ago

  • Sprint/Milestone set to 3.0

#4 Updated by bmbouter 6 months ago

  • Tags deleted (Pulp 3)

Please register to edit this issue

Send by e-mail

Also available in: Atom PDF