Code Review / yardstick.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 90e5786)
replace yaml.load with yaml.safe_load 17/38017/4
authorRoss Brattain <ross.b.brattain@intel.com>
Sat, 22 Jul 2017 22:15:13 +0000 (15:15 -0700)
committerRoss Brattain <ross.b.brattain@intel.com>
Tue, 1 Aug 2017 15:02:08 +0000 (15:02 +0000)
yaml.safe_load is safer, obviously.

anteater will check for this

template_format use specialized constructor based on yaml.SafeLoader

JIRA: YARDSTICK-760

Change-Id: Ia3b0b3aa0765385a0ee472a4d83f49d424b5a77f
Signed-off-by: Ross Brattain <ross.b.brattain@intel.com>
api/resources/v1/env.py patch | blob | history
yardstick/benchmark/core/plugin.py patch | blob | history
yardstick/benchmark/core/task.py patch | blob | history
yardstick/benchmark/core/testcase.py patch | blob | history
yardstick/benchmark/scenarios/availability/attacker/baseattacker.py patch | blob | history
yardstick/benchmark/scenarios/availability/monitor/basemonitor.py patch | blob | history
yardstick/benchmark/scenarios/availability/operation/baseoperation.py patch | blob | history
yardstick/benchmark/scenarios/availability/result_checker/baseresultchecker.py patch | blob | history
yardstick/common/template_format.py patch | blob | history

diff --git a/api/resources/v1/env.py b/api/resources/v1/env.py
index 8943db3..8367fa9 100644 (file)
--- a/api/resources/v1/env.py
+++ b/api/resources/v1/env.py
@@ -393,7 +393,7 @@ class V1Env(ApiResource):
             return result_handler(consts.API_ERROR, 'file must be provided')
 
         LOG.info('Checking file')
-        data = yaml.load(pod_file.read())
+        data = yaml.safe_load(pod_file.read())
         if not isinstance(data, collections.Mapping):
             return result_handler(consts.API_ERROR, 'invalid yaml file')
 
diff --git a/yardstick/benchmark/core/plugin.py b/yardstick/benchmark/core/plugin.py
index c8d0865..a741d5e 100644 (file)
--- a/yardstick/benchmark/core/plugin.py
+++ b/yardstick/benchmark/core/plugin.py
@@ -153,7 +153,7 @@ class PluginParser(object):
                     raise e
                 print("Input plugin is:\n%s\n" % rendered_plugin)
 
-                cfg = yaml.load(rendered_plugin)
+                cfg = yaml.safe_load(rendered_plugin)
         except IOError as ioerror:
             sys.exit(ioerror)
 
diff --git a/yardstick/benchmark/core/task.py b/yardstick/benchmark/core/task.py
index b2da7a2..af50849 100644 (file)
--- a/yardstick/benchmark/core/task.py
+++ b/yardstick/benchmark/core/task.py
@@ -411,7 +411,7 @@ class TaskParser(object):       # pragma: no cover
 
         try:
             with open(self.path) as stream:
-                cfg = yaml.load(stream)
+                cfg = yaml.safe_load(stream)
         except IOError as ioerror:
             sys.exit(ioerror)
 
@@ -475,7 +475,7 @@ class TaskParser(object):       # pragma: no cover
                     raise e
                 print("Input task is:\n%s\n" % rendered_task)
 
-                cfg = yaml.load(rendered_task)
+                cfg = yaml.safe_load(rendered_task)
         except IOError as ioerror:
             sys.exit(ioerror)
 
diff --git a/yardstick/benchmark/core/testcase.py b/yardstick/benchmark/core/testcase.py
index 7b23b73..7ab1b08 100644 (file)
--- a/yardstick/benchmark/core/testcase.py
+++ b/yardstick/benchmark/core/testcase.py
@@ -69,7 +69,7 @@ class Testcase(object):
     def _parse_testcase(self, testcase_info):
 
         rendered_testcase = TaskTemplate.render(testcase_info)
-        testcase_cfg = yaml.load(rendered_testcase)
+        testcase_cfg = yaml.safe_load(rendered_testcase)
 
         test_precondition = testcase_cfg.get('precondition', {})
         installer_type = test_precondition.get('installer_type', 'all')
diff --git a/yardstick/benchmark/scenarios/availability/attacker/baseattacker.py b/yardstick/benchmark/scenarios/availability/attacker/baseattacker.py
index 7b3d8b0..a20b263 100644 (file)
--- a/yardstick/benchmark/scenarios/availability/attacker/baseattacker.py
+++ b/yardstick/benchmark/scenarios/availability/attacker/baseattacker.py
@@ -56,7 +56,7 @@ class BaseAttacker(object):
     def __init__(self, config, context):
         if not BaseAttacker.attacker_cfgs:
             with open(attacker_conf_path) as stream:
-                BaseAttacker.attacker_cfgs = yaml.load(stream)
+                BaseAttacker.attacker_cfgs = yaml.safe_load(stream)
 
         self._config = config
         self._context = context
diff --git a/yardstick/benchmark/scenarios/availability/monitor/basemonitor.py b/yardstick/benchmark/scenarios/availability/monitor/basemonitor.py
index ba33700..6165aba 100644 (file)
--- a/yardstick/benchmark/scenarios/availability/monitor/basemonitor.py
+++ b/yardstick/benchmark/scenarios/availability/monitor/basemonitor.py
@@ -74,7 +74,7 @@ class BaseMonitor(multiprocessing.Process):
     def __init__(self, config, context, data):
         if not BaseMonitor.monitor_cfgs:
             with open(monitor_conf_path) as stream:
-                BaseMonitor.monitor_cfgs = yaml.load(stream)
+                BaseMonitor.monitor_cfgs = yaml.safe_load(stream)
         multiprocessing.Process.__init__(self)
         self._config = config
         self._context = context
diff --git a/yardstick/benchmark/scenarios/availability/operation/baseoperation.py b/yardstick/benchmark/scenarios/availability/operation/baseoperation.py
index 88ca9e2..4c2ce82 100644 (file)
--- a/yardstick/benchmark/scenarios/availability/operation/baseoperation.py
+++ b/yardstick/benchmark/scenarios/availability/operation/baseoperation.py
@@ -54,7 +54,7 @@ class BaseOperation(object):
     def __init__(self, config, context):
         if not BaseOperation.operation_cfgs:
             with open(operation_conf_path) as stream:
-                BaseOperation.operation_cfgs = yaml.load(stream)
+                BaseOperation.operation_cfgs = yaml.safe_load(stream)
         self.key = ''
         self._config = config
         self._context = context
diff --git a/yardstick/benchmark/scenarios/availability/result_checker/baseresultchecker.py b/yardstick/benchmark/scenarios/availability/result_checker/baseresultchecker.py
index 1ccd058..ce34d8b 100644 (file)
--- a/yardstick/benchmark/scenarios/availability/result_checker/baseresultchecker.py
+++ b/yardstick/benchmark/scenarios/availability/result_checker/baseresultchecker.py
@@ -58,7 +58,7 @@ class BaseResultChecker(object):
     def __init__(self, config, context):
         if not BaseResultChecker.resultchecker_cfgs:
             with open(resultchecker_conf_path) as stream:
-                BaseResultChecker.resultchecker_cfgs = yaml.load(stream)
+                BaseResultChecker.resultchecker_cfgs = yaml.safe_load(stream)
         self.actualResult = object()
         self.expectedResult = object()
         self.success = False
diff --git a/yardstick/common/template_format.py b/yardstick/common/template_format.py
index e1662ce..98c0a0b 100644 (file)
--- a/yardstick/common/template_format.py
+++ b/yardstick/common/template_format.py
@@ -51,6 +51,7 @@ def parse(tmpl_str):
         tpl = jsonutils.loads(tmpl_str)
     else:
         try:
+            # we already use SafeLoader when constructing special Heat YAML loader class
             tpl = yaml.load(tmpl_str, Loader=yaml_loader)
         except yaml.YAMLError as yea:
             raise ValueError(yea)