matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[sonic_py_common] replace yaml.load to yaml.safe_load (#14991)

Browse Source 
Why I did it
replace yaml.load to yaml.safe_load because yaml.safe_load is more secure

Work item tracking
Microsoft ADO (number only): 15022050
How I did it
How to verify it
Verified in DUT 201911 which yaml version < 5.1
This commit is contained in:
Mai Bui 2023-05-10 17:46:16 -04:00 committed by GitHub
parent efeae03ea3
commit 73914e79f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/sonic-py-common/sonic_py_common/device_info.py
View File

@ -345,7 +345,7 @@ def get_sonic_version_info():
if yaml.__version__ >= "5.1": if yaml.__version__ >= "5.1":
sonic_ver_info = yaml.full_load(stream) sonic_ver_info = yaml.full_load(stream)
else: else:
sonic_ver_info = yaml.load(stream) sonic_ver_info = yaml.safe_load(stream)
return sonic_ver_info return sonic_ver_info