|
 |
bb0ded |
From 419d7fd6e5a9ed2d356ad05eef1043309f5646ef Mon Sep 17 00:00:00 2001
|
|
|
bb0ded |
From: Michal Polovka <mpolovka@redhat.com>
|
|
|
bb0ded |
Date: Fri, 7 Jan 2022 12:12:26 +0100
|
|
|
bb0ded |
Subject: [PATCH] ipatests: webui: Use safe-loader for loading YAML
|
|
|
bb0ded |
configuration file
|
|
|
bb0ded |
|
|
|
bb0ded |
FullLoader class for YAML loader was introduced in version 5.1 which
|
|
|
bb0ded |
also deprecated default loader. SafeLoader, however, stays consistent
|
|
|
bb0ded |
across the versions and brings added security.
|
|
|
bb0ded |
|
|
|
bb0ded |
This fix is necessary as PyYAML > 5.1 is not available in downstream.
|
|
|
bb0ded |
|
|
|
bb0ded |
Related: https://pagure.io/freeipa/issue/9009
|
|
|
bb0ded |
|
|
|
bb0ded |
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
|
|
|
bb0ded |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
bb0ded |
---
|
|
|
bb0ded |
ipatests/test_webui/ui_driver.py | 2 +-
|
|
|
bb0ded |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
bb0ded |
|
|
|
bb0ded |
diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py
|
|
|
bb0ded |
index 77fd74e49593183a37fe735bedf2e0d6b9257ac7..519efee9bba3de2114d22865a08df87f9b5f348a 100644
|
|
|
bb0ded |
--- a/ipatests/test_webui/ui_driver.py
|
|
|
bb0ded |
+++ b/ipatests/test_webui/ui_driver.py
|
|
|
bb0ded |
@@ -192,7 +192,7 @@ class UI_driver:
|
|
|
bb0ded |
if not NO_YAML and os.path.isfile(path):
|
|
|
bb0ded |
try:
|
|
|
bb0ded |
with open(path, 'r') as conf:
|
|
|
bb0ded |
- cls.config = yaml.load(stream=conf, Loader=yaml.FullLoader)
|
|
|
bb0ded |
+ cls.config = yaml.safe_load(stream=conf)
|
|
|
bb0ded |
except yaml.YAMLError as e:
|
|
|
bb0ded |
pytest.skip("Invalid Web UI config.\n%s" % e)
|
|
|
bb0ded |
except IOError as e:
|
|
|
bb0ded |
--
|
|
|
bb0ded |
2.34.1
|
|
|
bb0ded |
|