summaryrefslogtreecommitdiffstats
path: root/utils
diff options
context:
space:
mode:
authorCorentin LABBE <clabbe@baylibre.com>2019-06-11 09:03:57 +0200
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2019-06-19 16:42:49 +0000
commit429b3fe9b2f218e7152c59598f369eeb3f79bf29 (patch)
tree4459aa6a07e131e9ed0b884143be09fd4217d04c /utils
parente1e33be3287ae953b960c5963a7ece870a006328 (diff)
On my gentoo, using yaml.load now give: Traceback (most recent call last): File "./utils/job-prereq.py", line 81, in <module> main() File "./utils/job-prereq.py", line 66, in main job_yaml = yaml.load(job) File "/usr/lib64/python2.7/site-packages/yaml/__init__.py", line 109, in load raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348") RuntimeError: Unsafe load() call disabled by Gentoo. See bug #659348 Note that on recent ubuntu, a warning appears also. (like on AGL jenkins) /w/workspace/ci-platform-meta-agl-demo-verify-CIBT-qemuarm64/repoclone/releng-scripts/utils/job-prereq.py:66: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details. job_yaml = yaml.load(job) This is due to a security risk of using yaml.load() Since releng-script does not rely on any behavour provided by load(), let's convert the call to safe_load(). This will also clean/reduce the output of jenkins logs Change-Id: I6158dcc21c0f7ec4645fb7b16acfaf1a6963cb26 Signed-off-by: Corentin LABBE <clabbe@baylibre.com>
Diffstat (limited to 'utils')
-rwxr-xr-xutils/job-prereq.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/utils/job-prereq.py b/utils/job-prereq.py
index 7f3b7e1..c4c0780 100755
--- a/utils/job-prereq.py
+++ b/utils/job-prereq.py
@@ -63,7 +63,7 @@ def main():
version=args.build_type[2],
machine=args.machine)
- job_yaml = yaml.load(job)
+ job_yaml = yaml.safe_load(job)
if args.machine == "qemux86-64" or args.machine == "qemuarm" or args.machine == "qemuarm64":
for key in FILE_MAP_QEMU:
if getattr(args, key):