[sonic-bgpcfgd] replace yaml.load() and exit() (#14989)

#### Why I did it It is not safe to call yaml.load with any data received from an untrusted source. sys.exit is better than exit, considered good to use in production code. Ref: https://stackoverflow.com/questions/6501121/difference-between-exit-and-sys-exit-in-python https://stackoverflow.com/questions/19747371/python-exit-commands-why-so-many-and-when-should-each-be-used ##### Work item tracking - Microsoft ADO **(number only)**: 15022050 #### How I did it Replace yaml.load() with yaml.safe_load() Replace exit() by sys.exit() #### How to verify it pass UT test in DUT
2023-05-21 21:23:30 -04:00 · 2023-05-21 21:23:30 -04:00 · c5f2a0eac3
commit c5f2a0eac3
parent bef9550b1d
3 changed files with 5 additions and 4 deletions
--- a/src/sonic-bgpcfgd/bgpcfgd/utils.py
+++ b/src/sonic-bgpcfgd/bgpcfgd/utils.py
@ -26,7 +26,7 @@ def run_command(command, shell=False, hide_errors=False):
 def read_constants():
    """ Read file with constants values from /etc/sonic/constants.yml """
    with open('/etc/sonic/constants.yml') as fp:
-        content = yaml.load(fp) # FIXME: , Loader=yaml.FullLoader)
+        content = yaml.safe_load(fp)
        if "constants" not in content:
            log_crit("/etc/sonic/constants.yml doesn't have 'constants' key")
            raise Exception("/etc/sonic/constants.yml doesn't have 'constants' key")
--- a/src/sonic-bgpcfgd/bgpmon/bgpmon.py
+++ b/src/sonic-bgpcfgd/bgpmon/bgpmon.py
@ -25,6 +25,7 @@ Description: bgpmon.py -- populating bgp related information in stateDB.
 """
 import json
 import os
+import sys
 import syslog
 from swsscommon import swsscommon
 import time
@ -160,7 +161,7 @@ def main():
        bgp_state_get = BgpStateGet()
    except Exception as e:
        syslog.syslog(syslog.LOG_ERR, "{}: error exit 1, reason {}".format("THIS_MODULE", str(e)))
-        exit(1)
+        sys.exit(1)

    # periodically obtain the new neighbor information and update if necessary
    while True:
--- a/src/sonic-bgpcfgd/tests/util.py
+++ b/src/sonic-bgpcfgd/tests/util.py
@ -15,6 +15,6 @@ def load_constants_dir_mappings():

 def load_constants(constants = CONSTANTS_PATH):
    with open(constants) as f:
-        data = yaml.load(f) # FIXME" , Loader=yaml.FullLoader)
+        data = yaml.safe_load(f)
    assert "constants" in data, "'constants' key not found in constants.yml"
    return data