From: Tomáš Levora <t.levora@partner.samsung.com>
Date: Wed, 5 Jun 2019 10:53:05 +0000 (+0200)
Subject: Fix issue with yaml.load in docker collector
X-Git-Tag: 6.0.0-ONAP~144^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=fd0052218c0932ba6511bc6aa99f538ab03dd1c6;p=oom%2Foffline-installer.git

Fix issue with yaml.load in docker collector

docker-images-collector.sh script uses yaml.load python function in
deprecated way and it is a potential security risk

https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation

Issue-ID: OOM-1897

Change-Id: Ie30e60b4ede2c87a02b7bbe76e0695f91dc207c6
Signed-off-by: Tomáš Levora <t.levora@partner.samsung.com>
---

diff --git a/build/creating_data/docker-images-collector.sh b/build/creating_data/docker-images-collector.sh
index 9206b0bb..6761c328 100755
--- a/build/creating_data/docker-images-collector.sh
+++ b/build/creating_data/docker-images-collector.sh
@@ -47,7 +47,7 @@ import yaml
 import sys
 
 with open("${1}", 'r') as f:
-    values = yaml.load(f)
+    values = yaml.load(f, Loader=yaml.SafeLoader)
 
     enabled = filter(lambda x: values[x].get('enabled', False) == True, values)
     print(' '.join(enabled))