Actions
Issue #2290
closedUse yaml.load instead of yaml.safe_load
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Easy Fix
Sprint:
Quarter:
Description
In the new 3.0 config loading mechanism, we load the yaml file using yaml.load. This is unsafe, as this can end up runing functions while loading the yaml file.
Using yaml.safe_load will prevent this
Added by pcreech about 8 years ago
Added by pcreech about 8 years ago
Revision 310ef94f | View on GitHub
Use yaml.safe_load instead of yaml.load
Use yaml.safe_load instead of yaml.load, as yaml.load is dangerous
Look at http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML for more info
closes #2290
Updated by pcreech about 8 years ago
- Status changed from NEW to POST
Updated by pcreech about 8 years ago
- Status changed from POST to MODIFIED
Applied in changeset pulp|310ef94f45ba02beecbee343eb4dc4c5cfa9e136.
Updated by bmbouter about 5 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions
Use yaml.safe_load instead of yaml.load
Use yaml.safe_load instead of yaml.load, as yaml.load is dangerous
Look at http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML for more info
closes #2290