From 57bfd7462de249be794db3d015e7aa8177891863 Mon Sep 17 00:00:00 2001
From: Corentin LABBE <clabbe@baylibre.com>
Date: Tue, 3 Sep 2019 14:57:37 +0200
Subject: Use yaml safe_load insteald of load

On my gentoo, using yaml.load now give:
  Traceback (most recent call last):
  raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348")
  RuntimeError: Unsafe load() call disabled by Gentoo. See bug #659348

Note that on recent ubuntu, a warning appears also.
  YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.

This is due to a security risk of using yaml.load()

Since we didnt rely on any behavour provided by load(), let's convert the call to safe_load().
---
 lavalab-gen.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'lavalab-gen.py')

diff --git a/lavalab-gen.py b/lavalab-gen.py
index 2346689..c2c5347 100755
--- a/lavalab-gen.py
+++ b/lavalab-gen.py
@@ -94,7 +94,7 @@ def usage():
 def main():
     need_zmq_auth_gen = False
     fp = open(boards_yaml, "r")
-    workers = yaml.load(fp)
+    workers = yaml.safe_load(fp)
     fp.close()
 
     os.mkdir("output")
@@ -329,7 +329,7 @@ def main():
         else:
             #master exists
             fp = open(dockcomposeymlpath, "r")
-            dockcomp = yaml.load(fp)
+            dockcomp = yaml.safe_load(fp)
             fp.close()
         dockcomp["services"][name] = {}
         dockcomp["services"][name]["hostname"] = name
@@ -524,7 +524,7 @@ def main():
         workerdir = "output/%s/%s" % (host, worker_name)
         dockcomposeymlpath = "output/%s/docker-compose.yml" % host
         fp = open(dockcomposeymlpath, "r")
-        dockcomp = yaml.load(fp)
+        dockcomp = yaml.safe_load(fp)
         fp.close()
         device_path = "%s/devices/" % workerdir
         devices_path = "%s/devices/%s" % (workerdir, worker_name)
@@ -680,7 +680,7 @@ def main():
         print("Add ser2net ports for %s (%s) %s-%s" % (slave_name, host, ser2net_port_start, ser2net_ports[slave_name]))
         dockcomposeymlpath = "output/%s/docker-compose.yml" % host
         fp = open(dockcomposeymlpath, "r")
-        dockcomp = yaml.load(fp)
+        dockcomp = yaml.safe_load(fp)
         fp.close()
         ser2net_port_max = ser2net_ports[slave_name] - 1
         dockcomp["services"][slave_name]["ports"].append("%s-%s:%s-%s" % (ser2net_port_start, ser2net_port_max, ser2net_port_start, ser2net_port_max))
-- 
cgit 1.2.3-korg