Issue #2290
Use yaml.load instead of yaml.safe_load
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Easy Fix
Sprint:
Quarter:
Description
In the new 3.0 config loading mechanism, we load the yaml file using yaml.load. This is unsafe, as this can end up runing functions while loading the yaml file.
Using yaml.safe_load will prevent this
Associated revisions
Revision 310ef94f
View on GitHub
Use yaml.safe_load instead of yaml.load
Use yaml.safe_load instead of yaml.load, as yaml.load is dangerous
Look at http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML for more info
closes #2290
History
#1
Updated by pcreech over 4 years ago
- Status changed from NEW to POST
#2
Updated by pcreech over 4 years ago
- Status changed from POST to MODIFIED
Applied in changeset pulp|310ef94f45ba02beecbee343eb4dc4c5cfa9e136.
#3
Updated by daviddavis almost 2 years ago
- Sprint/Milestone set to 3.0.0
#4
Updated by bmbouter over 1 year ago
- Tags deleted (
Pulp 3)
#5
Updated by bmbouter about 1 year ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Please register to edit this issue
Use yaml.safe_load instead of yaml.load
Use yaml.safe_load instead of yaml.load, as yaml.load is dangerous
Look at http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML for more info
closes #2290