From 429b3fe9b2f218e7152c59598f369eeb3f79bf29 Mon Sep 17 00:00:00 2001 From: Corentin LABBE Date: Tue, 11 Jun 2019 09:03:57 +0200 Subject: utils/job-prereq.py: Use yaml safe_load On my gentoo, using yaml.load now give: Traceback (most recent call last): File "./utils/job-prereq.py", line 81, in main() File "./utils/job-prereq.py", line 66, in main job_yaml = yaml.load(job) File "/usr/lib64/python2.7/site-packages/yaml/__init__.py", line 109, in load raise RuntimeError("Unsafe load() call disabled by Gentoo. See bug #659348") RuntimeError: Unsafe load() call disabled by Gentoo. See bug #659348 Note that on recent ubuntu, a warning appears also. (like on AGL jenkins) /w/workspace/ci-platform-meta-agl-demo-verify-CIBT-qemuarm64/repoclone/releng-scripts/utils/job-prereq.py:66: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details. job_yaml = yaml.load(job) This is due to a security risk of using yaml.load() Since releng-script does not rely on any behavour provided by load(), let's convert the call to safe_load(). This will also clean/reduce the output of jenkins logs Change-Id: I6158dcc21c0f7ec4645fb7b16acfaf1a6963cb26 Signed-off-by: Corentin LABBE --- utils/job-prereq.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'utils') diff --git a/utils/job-prereq.py b/utils/job-prereq.py index 7f3b7e1..c4c0780 100755 --- a/utils/job-prereq.py +++ b/utils/job-prereq.py @@ -63,7 +63,7 @@ def main(): version=args.build_type[2], machine=args.machine) - job_yaml = yaml.load(job) + job_yaml = yaml.safe_load(job) if args.machine == "qemux86-64" or args.machine == "qemuarm" or args.machine == "qemuarm64": for key in FILE_MAP_QEMU: if getattr(args, key): -- cgit 1.2.3-korg