Skip to content
Snippets Groups Projects
Commit 95f28429 authored by Rémi Duraffort's avatar Rémi Duraffort Committed by Neil Williams
Browse files

Use yaml.safe_load when parsing user data

Calling yaml.load() on untrusted data is unsafe and can lead to remote code
execution.

This commit fixes remote code execution in:
* the submit page
* the xmlrpc api
* the scheduler
* lava-master and lava-slave

This bug was found by running bandit (https://github.com/PyCQA/bandit).

Change-Id: I80882f9baeb0e7e1c2127f602cc4b206213cb59f
parent 0a8db2d0
No related branches found
Tags v5.5-rc5
Loading
Showing
with 44 additions and 44 deletions
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment