Fixing LCM vulnerabilities Change-Id: I0b0c5975ce6f3088df19e8facb28f946658378a5 Signed-off-by: Luis <lvega@whitestack.com>

commit: ccdc2163b2f1a328a91aed91c8df223166dba54c [log] [tgz]
author: Luis <lvega@whitestack.com> Fri Jul 01 14:35:49 2022 +0000
committer: Luis <lvega@whitestack.com> Tue Aug 09 22:21:54 2022 +0000
tree: 446367db504d9d6c2346aea1dd7003782f17c500
parent: 56b86c280d4c67ea0844b2049b4e505abba8429e [diff] [blame]
diff --git a/osm_lcm/ROclient.py b/osm_lcm/ROclient.py
index 32dd1bf..e3cb7f7 100644
--- a/osm_lcm/ROclient.py
+++ b/osm_lcm/ROclient.py

@@ -190,7 +190,7 @@
             )
         if descriptor_format != "json":
             try:
-                return yaml.load(descriptor)
+                return yaml.safe_load(descriptor)
             except yaml.YAMLError as exc:
                 error_pos = ""
                 if hasattr(exc, "problem_mark"):
@@ -214,7 +214,7 @@
     def _parse_error_yaml(descriptor):
         json_error = None
         try:
-            json_error = yaml.load(descriptor, Loader=yaml.Loader)
+            json_error = yaml.safe_load(descriptor)
             return json_error["error"]["description"]
         except Exception:
             return str(json_error or descriptor)
@@ -222,7 +222,7 @@
     @staticmethod
     def _parse_yaml(descriptor, response=False):
         try:
-            return yaml.load(descriptor, Loader=yaml.Loader)
+            return yaml.safe_load(descriptor)
         except yaml.YAMLError as exc:
             error_pos = ""
             if hasattr(exc, "problem_mark"):
commit	ccdc2163b2f1a328a91aed91c8df223166dba54c	[log] [tgz]
author	Luis <lvega@whitestack.com>	Fri Jul 01 14:35:49 2022 +0000
committer	Luis <lvega@whitestack.com>	Tue Aug 09 22:21:54 2022 +0000
tree	446367db504d9d6c2346aea1dd7003782f17c500
parent	56b86c280d4c67ea0844b2049b4e505abba8429e [diff] [blame]