Faidon Liambotis has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/367671 )
Change subject: Use Python yaml.safe_load everywhere ...................................................................... Use Python yaml.safe_load everywhere We don't really have a use case for loading arbitrary Python objects from YAML files, and in many cases we pass these YAML files from other subprocesses that may or may not be trusted. Use yaml.safe_load everywhere (or yaml.SafeLoader, in the case of new_wmf_service.py). Change-Id: I23f9dcb502aea99c7515291f26a931703932a535 --- M modules/cassandra/files/cassandra-ca-manager M modules/diamond/files/collector/minimalpuppetagent.py M modules/prometheus/files/usr/local/bin/prometheus-snmp-exporter-config M modules/xenon/files/xenon-log M utils/new_wmf_service.py 5 files changed, 5 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/71/367671/1 diff --git a/modules/cassandra/files/cassandra-ca-manager b/modules/cassandra/files/cassandra-ca-manager index 4f55a5d..a326457 100755 --- a/modules/cassandra/files/cassandra-ca-manager +++ b/modules/cassandra/files/cassandra-ca-manager @@ -336,7 +336,7 @@ def read_manifest(manifest): with open(manifest, 'r') as f: - return yaml.load(f.read()) + return yaml.safe_load(f.read()) def run_command(command): diff --git a/modules/diamond/files/collector/minimalpuppetagent.py b/modules/diamond/files/collector/minimalpuppetagent.py index ac15338..1b4f7f6 100644 --- a/modules/diamond/files/collector/minimalpuppetagent.py +++ b/modules/diamond/files/collector/minimalpuppetagent.py @@ -69,7 +69,7 @@ proc = subprocess.Popen(process_path, stdout=subprocess.PIPE) out, _ = proc.communicate() - summary = yaml.load(out) + summary = yaml.safe_load(out) return summary diff --git a/modules/prometheus/files/usr/local/bin/prometheus-snmp-exporter-config b/modules/prometheus/files/usr/local/bin/prometheus-snmp-exporter-config index 26c55e3..c0a32df 100755 --- a/modules/prometheus/files/usr/local/bin/prometheus-snmp-exporter-config +++ b/modules/prometheus/files/usr/local/bin/prometheus-snmp-exporter-config @@ -31,7 +31,7 @@ shutil.copyfileobj(f.buffer, tmpconfig) tmpconfig.seek(0) - if yaml.load(tmpconfig) is None: + if yaml.safe_load(tmpconfig) is None: log.error('Empty YAML assembled') return 1 diff --git a/modules/xenon/files/xenon-log b/modules/xenon/files/xenon-log index ef05a38..b939415 100755 --- a/modules/xenon/files/xenon-log +++ b/modules/xenon/files/xenon-log @@ -33,7 +33,7 @@ args = parser.parse_args() with open(args.config) as f: - config = yaml.load(f) + config = yaml.safe_load(f) class TimeLog(object): diff --git a/utils/new_wmf_service.py b/utils/new_wmf_service.py index 429021a..e0ca099 100755 --- a/utils/new_wmf_service.py +++ b/utils/new_wmf_service.py @@ -91,7 +91,7 @@ # Yaml formatting primitives. # From: http://stackoverflow.com/questions/5121931 -def ordered_load(stream, Loader=yaml.Loader, object_pairs_hook=OrderedDict): +def ordered_load(stream, Loader=yaml.SafeLoader, object_pairs_hook=OrderedDict): class OrderedLoader(Loader): pass -- To view, visit https://gerrit.wikimedia.org/r/367671 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I23f9dcb502aea99c7515291f26a931703932a535 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits