From: Luke Hinds <lukehinds@gmail.com>
Date: Mon, 12 Sep 2016 14:00:27 +0000 (+0100)
Subject: Implements use of yaml.safe_load as per sec audit
X-Git-Tag: colorado.1.0~42^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?p=releng.git;a=commitdiff_plain;h=149d3c385e7a58113ebbcae8d3a2c261aa840b3f

Implements use of yaml.safe_load as per sec audit

Change-Id: I9b8d9746e8a3beebc1aff9f883dcec39928831d7
Signed-off-by: Luke Hinds <lukehinds@gmail.com>
---

diff --git a/utils/lab-reconfiguration/reconfigUcsNet.py b/utils/lab-reconfiguration/reconfigUcsNet.py
index 45a72a398..4c08f3dc9 100755
--- a/utils/lab-reconfiguration/reconfigUcsNet.py
+++ b/utils/lab-reconfiguration/reconfigUcsNet.py
@@ -157,7 +157,7 @@ def read_yaml_file(yamlFile):
     """
     # TODO: add check if vnic templates specified in file exist on UCS
     with open(yamlFile, 'r') as stream:
-        return yaml.load(stream)
+        return yaml.safe_load(stream)
 
 
 def set_network(handle=None, yamlFile=None):
diff --git a/utils/test/reporting/functest/reporting-status.py b/utils/test/reporting/functest/reporting-status.py
index e9e167d16..0b80fe49a 100755
--- a/utils/test/reporting/functest/reporting-status.py
+++ b/utils/test/reporting/functest/reporting-status.py
@@ -34,7 +34,7 @@ tempest = tc.TestCase("tempest_smoke_serial", "functest", -1)
 cf = conf.TEST_CONF
 response = requests.get(cf)
 
-functest_yaml_config = yaml.load(response.text)
+functest_yaml_config = yaml.safe_load(response.text)
 
 logger.info("*******************************************")
 logger.info("*   Generating reporting scenario status  *")