From c5f2a0eac3fc430346bc725d88ef3ac51abf2e7b Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Sun, 21 May 2023 21:23:30 -0400
Subject: [PATCH] [sonic-bgpcfgd] replace yaml.load() and exit() (#14989)

#### Why I did it
It is not safe to call yaml.load with any data received from an untrusted source.
sys.exit is better than exit, considered good to use in production code.
Ref:
https://stackoverflow.com/questions/6501121/difference-between-exit-and-sys-exit-in-python
https://stackoverflow.com/questions/19747371/python-exit-commands-why-so-many-and-when-should-each-be-used
##### Work item tracking
- Microsoft ADO **(number only)**: 15022050

#### How I did it
Replace yaml.load() with yaml.safe_load()
Replace exit() by sys.exit()
#### How to verify it
pass UT
test in DUT
---
 src/sonic-bgpcfgd/bgpcfgd/utils.py | 4 ++--
 src/sonic-bgpcfgd/bgpmon/bgpmon.py | 3 ++-
 src/sonic-bgpcfgd/tests/util.py    | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/sonic-bgpcfgd/bgpcfgd/utils.py b/src/sonic-bgpcfgd/bgpcfgd/utils.py
index 01c21b0f48..b49a2ca2ec 100644
--- a/src/sonic-bgpcfgd/bgpcfgd/utils.py
+++ b/src/sonic-bgpcfgd/bgpcfgd/utils.py
@@ -26,8 +26,8 @@ def run_command(command, shell=False, hide_errors=False):
 def read_constants():
     """ Read file with constants values from /etc/sonic/constants.yml """
     with open('/etc/sonic/constants.yml') as fp:
-        content = yaml.load(fp) # FIXME: , Loader=yaml.FullLoader)
+        content = yaml.safe_load(fp)
         if "constants" not in content:
             log_crit("/etc/sonic/constants.yml doesn't have 'constants' key")
             raise Exception("/etc/sonic/constants.yml doesn't have 'constants' key")
-        return content["constants"]
\ No newline at end of file
+        return content["constants"]
diff --git a/src/sonic-bgpcfgd/bgpmon/bgpmon.py b/src/sonic-bgpcfgd/bgpmon/bgpmon.py
index b4b97a8d64..c63c63b547 100755
--- a/src/sonic-bgpcfgd/bgpmon/bgpmon.py
+++ b/src/sonic-bgpcfgd/bgpmon/bgpmon.py
@@ -25,6 +25,7 @@ Description: bgpmon.py -- populating bgp related information in stateDB.
 """
 import json
 import os
+import sys
 import syslog
 from swsscommon import swsscommon
 import time
@@ -160,7 +161,7 @@ def main():
         bgp_state_get = BgpStateGet()
     except Exception as e:
         syslog.syslog(syslog.LOG_ERR, "{}: error exit 1, reason {}".format("THIS_MODULE", str(e)))
-        exit(1)
+        sys.exit(1)
 
     # periodically obtain the new neighbor information and update if necessary
     while True:
diff --git a/src/sonic-bgpcfgd/tests/util.py b/src/sonic-bgpcfgd/tests/util.py
index d9b3273865..197315e019 100644
--- a/src/sonic-bgpcfgd/tests/util.py
+++ b/src/sonic-bgpcfgd/tests/util.py
@@ -15,6 +15,6 @@ def load_constants_dir_mappings():
 
 def load_constants(constants = CONSTANTS_PATH):
     with open(constants) as f:
-        data = yaml.load(f) # FIXME" , Loader=yaml.FullLoader)
+        data = yaml.safe_load(f)
     assert "constants" in data, "'constants' key not found in constants.yml"
     return data