1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

vdo: Use yaml.safe_load() instead of yaml.load() (#5632)

* vdo: Use yaml.safe_load() instead of yaml.load()

yaml.load() without specifying a Loader= is deprecated and unsafe.

For details, see
https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation

* Update changelogs/fragments/5632-vdo-Use-yaml-safe-load-instead-of-yaml-load.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Lee Garrett 2022-11-30 22:48:32 +01:00 committed by GitHub
parent b8545d10e6
commit 428e181440
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 2 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- vdo - now uses ``yaml.safe_load()`` to parse command output instead of the deprecated ``yaml.load()`` which is potentially unsafe. Using ``yaml.load()`` without explicitely setting a ``Loader=`` is also an error in pyYAML 6.0 (https://github.com/ansible-collections/community.general/pull/5632).

View file

@ -332,7 +332,7 @@ def inventory_vdos(module, vdocmd):
if rc != 0:
module.fail_json(msg="Inventorying VDOs failed: %s" % vdostatusout, rc=rc, err=err)
vdostatusyaml = yaml.load(vdostatusout)
vdostatusyaml = yaml.safe_load(vdostatusout)
if vdostatusyaml is None:
return vdolist
@ -548,7 +548,7 @@ def run_module():
# Modify the current parameters of a VDO that exists.
if desiredvdo in vdolist and state == 'present':
rc, vdostatusoutput, err = module.run_command([vdocmd, "status"])
vdostatusyaml = yaml.load(vdostatusoutput)
vdostatusyaml = yaml.safe_load(vdostatusoutput)
# An empty dictionary to contain dictionaries of VDO statistics
processedvdos = {}