From 428e181440dc92378c7326d9d2bfadda052ce372 Mon Sep 17 00:00:00 2001
From: Lee Garrett <leegarrett@users.noreply.github.com>
Date: Wed, 30 Nov 2022 22:48:32 +0100
Subject: [PATCH] vdo: Use yaml.safe_load() instead of yaml.load() (#5632)

* vdo: Use yaml.safe_load() instead of yaml.load()

yaml.load() without specifying a Loader= is deprecated and unsafe.

For details, see
https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation

* Update changelogs/fragments/5632-vdo-Use-yaml-safe-load-instead-of-yaml-load.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
Co-authored-by: Felix Fontein <felix@fontein.de>
---
 .../5632-vdo-Use-yaml-safe-load-instead-of-yaml-load.yml      | 2 ++
 plugins/modules/vdo.py                                        | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/fragments/5632-vdo-Use-yaml-safe-load-instead-of-yaml-load.yml

diff --git a/changelogs/fragments/5632-vdo-Use-yaml-safe-load-instead-of-yaml-load.yml b/changelogs/fragments/5632-vdo-Use-yaml-safe-load-instead-of-yaml-load.yml
new file mode 100644
index 0000000000..c2b0756eca
--- /dev/null
+++ b/changelogs/fragments/5632-vdo-Use-yaml-safe-load-instead-of-yaml-load.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - vdo - now uses ``yaml.safe_load()`` to parse command output instead of the deprecated ``yaml.load()`` which is potentially unsafe. Using ``yaml.load()`` without explicitely setting a ``Loader=`` is also an error in pyYAML 6.0 (https://github.com/ansible-collections/community.general/pull/5632).
diff --git a/plugins/modules/vdo.py b/plugins/modules/vdo.py
index 21e8a96100..d2d4afe944 100644
--- a/plugins/modules/vdo.py
+++ b/plugins/modules/vdo.py
@@ -332,7 +332,7 @@ def inventory_vdos(module, vdocmd):
     if rc != 0:
         module.fail_json(msg="Inventorying VDOs failed: %s" % vdostatusout, rc=rc, err=err)
 
-    vdostatusyaml = yaml.load(vdostatusout)
+    vdostatusyaml = yaml.safe_load(vdostatusout)
     if vdostatusyaml is None:
         return vdolist
 
@@ -548,7 +548,7 @@ def run_module():
     # Modify the current parameters of a VDO that exists.
     if desiredvdo in vdolist and state == 'present':
         rc, vdostatusoutput, err = module.run_command([vdocmd, "status"])
-        vdostatusyaml = yaml.load(vdostatusoutput)
+        vdostatusyaml = yaml.safe_load(vdostatusoutput)
 
         # An empty dictionary to contain dictionaries of VDO statistics
         processedvdos = {}