From fd0052218c0932ba6511bc6aa99f538ab03dd1c6 Mon Sep 17 00:00:00 2001
From: Tomáš Levora <t.levora@partner.samsung.com>
Date: Wed, 5 Jun 2019 12:53:05 +0200
Subject: Fix issue with yaml.load in docker collector
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

docker-images-collector.sh script uses yaml.load python function in
deprecated way and it is a potential security risk

https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation

Issue-ID: OOM-1897

Change-Id: Ie30e60b4ede2c87a02b7bbe76e0695f91dc207c6
Signed-off-by: Tomáš Levora <t.levora@partner.samsung.com>
---
 build/creating_data/docker-images-collector.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'build')

diff --git a/build/creating_data/docker-images-collector.sh b/build/creating_data/docker-images-collector.sh
index 9206b0bb..6761c328 100755
--- a/build/creating_data/docker-images-collector.sh
+++ b/build/creating_data/docker-images-collector.sh
@@ -47,7 +47,7 @@ import yaml
 import sys
 
 with open("${1}", 'r') as f:
-    values = yaml.load(f)
+    values = yaml.load(f, Loader=yaml.SafeLoader)
 
     enabled = filter(lambda x: values[x].get('enabled', False) == True, values)
     print(' '.join(enabled))
-- 
cgit 1.2.3-korg