Fix issues found in security review

JIRA: QTIP-105

Change-Id: I08108a982f9059fd19b92df0d219fa8f13f288ad
Signed-off-by: SerenaFeng <feng.xiaowei@zte.com.cn>

diff --git a/func/env_setup.py b/func/env_setup.py
index 96f984c..3697f23 100644 (file)
--- a/func/env_setup.py
+++ b/func/env_setup.py
@@ -174,7 +174,7 @@ class Env_setup:
     def parse(self, config_file_path):
         try:
             f_name = open(config_file_path, 'r+')
-            doc = yaml.load(f_name)
+            doc = yaml.safe_load(f_name)
             f_name.close()
             if doc['Scenario']['benchmark']:
                 self.benchmark = doc['Scenario']['benchmark']

diff --git a/func/spawn_vm.py b/func/spawn_vm.py
index 15c2686..5710308 100644 (file)
--- a/func/spawn_vm.py
+++ b/func/spawn_vm.py
@@ -65,7 +65,7 @@ class SpawnVM(Env_setup):
         Heat_Dic = {}\r
         try:\r
             with open('./heat/SampleHeat.yaml', 'r+') as H_temp:\r
-                Heat_Dic = yaml.load(H_temp)\r
+                Heat_Dic = yaml.safe_load(H_temp)\r
         except yaml.YAMLError as exc:\r
             if hasattr(exc, 'problem_mark'):\r
                 mark = exc.problem_mark\r

diff --git a/restful_server/qtip_server.py b/restful_server/qtip_server.py
index 00d598a..67aadcd 100644 (file)
--- a/restful_server/qtip_server.py
+++ b/restful_server/qtip_server.py
@@ -135,4 +135,4 @@ api.add_resource(JobList, '/api/v1.0/jobs')
 api.add_resource(Job, '/api/v1.0/jobs/<string:id>')
 
 if __name__ == "__main__":
-    app.run(debug=True)
+    app.run()