Move from yaml.load to yaml.safe_load
yaml.load is equally powerful as python pickles, and we don't need that level of power for the ostree yaml files. Better safe than sorry. Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
parent
dc692bc604
commit
8e88373a82
|
@ -81,7 +81,7 @@ def tweak_treeconf(treeconf, source_repos=None, keep_original_sources=False, upd
|
||||||
# rpm-ostree now supports YAML, but we'll end up converting it to JSON.
|
# rpm-ostree now supports YAML, but we'll end up converting it to JSON.
|
||||||
# https://github.com/projectatomic/rpm-ostree/pull/1377
|
# https://github.com/projectatomic/rpm-ostree/pull/1377
|
||||||
if treeconf.endswith('.yaml'):
|
if treeconf.endswith('.yaml'):
|
||||||
treeconf_content = yaml.load(f)
|
treeconf_content = yaml.safe_load(f)
|
||||||
treeconf = treeconf.replace('.yaml', '.json')
|
treeconf = treeconf.replace('.yaml', '.json')
|
||||||
else:
|
else:
|
||||||
treeconf_content = json.load(f)
|
treeconf_content = json.load(f)
|
||||||
|
|
|
@ -165,7 +165,7 @@ class OstreeTreeScriptTest(helpers.PungiTestCase):
|
||||||
|
|
||||||
with open(treefile, 'r') as f:
|
with open(treefile, 'r') as f:
|
||||||
# Read initial content from YAML file
|
# Read initial content from YAML file
|
||||||
treefile_content = yaml.load(f)
|
treefile_content = yaml.safe_load(f)
|
||||||
original_repos = treefile_content['repos']
|
original_repos = treefile_content['repos']
|
||||||
original_ref = treefile_content['ref']
|
original_ref = treefile_content['ref']
|
||||||
replacing_ref = original_ref + '-changed'
|
replacing_ref = original_ref + '-changed'
|
||||||
|
|
Loading…
Reference in New Issue