File security_fix_yaml.diff of Package cobbler.openSUSE_12.1_Update
--- cobbler/api.py
+++ cobbler/api.py 2012/04/16 15:22:59
@@ -222,7 +222,7 @@
fd = open("/etc/cobbler/version")
ydata = fd.read()
fd.close()
- data = yaml.load(ydata)
+ data = yaml.safe_load(ydata)
if not extended:
# for backwards compatibility and use with koan's comparisons
elems = data["version_tuple"]
--- cobbler/item.py
+++ cobbler/item.py 2012/04/16 15:22:59
@@ -245,7 +245,7 @@
self.mgmt_parameters = mgmt_parameters
else:
import yaml
- data = yaml.load(mgmt_parameters)
+ data = yaml.safe_load(mgmt_parameters)
if type(data) is not dict:
raise CX(_("Input YAML in Puppet Parameter field must evaluate to a dictionary."))
self.mgmt_parameters = data
--- cobbler/modules/serializer_catalog.py
+++ cobbler/modules/serializer_catalog.py 2012/04/16 15:22:59
@@ -134,7 +134,7 @@
if os.path.exists(filename):
fd = open(filename)
data = fd.read()
- return yaml.load(data)
+ return yaml.safe_load(data)
elif os.path.exists(filename2):
fd = open(filename2)
data = fd.read()
@@ -166,13 +166,13 @@
if collection_type == "settings":
fd = open("/etc/cobbler/settings")
- datastruct = yaml.load(fd.read())
+ datastruct = yaml.safe_load(fd.read())
fd.close()
return datastruct
elif os.path.exists(old_filename):
# for use in migration from serializer_yaml to serializer_catalog (yaml/json)
fd = open(old_filename)
- datastruct = yaml.load(fd.read())
+ datastruct = yaml.safe_load(fd.read())
fd.close()
return datastruct
else:
@@ -192,7 +192,7 @@
if f.endswith(".json"):
datastruct = simplejson.loads(ydata, encoding='utf-8')
else:
- datastruct = yaml.load(ydata)
+ datastruct = yaml.safe_load(ydata)
results.append(datastruct)
fd.close()
return results
--- cobbler/modules/serializer_couch.py
+++ cobbler/modules/serializer_couch.py 2012/04/16 15:22:59
@@ -109,7 +109,7 @@
if collection_type == "settings":
fd = open("/etc/cobbler/settings")
- datastruct = yaml.load(fd.read())
+ datastruct = yaml.safe_load(fd.read())
fd.close()
return datastruct
else:
--- cobbler/remote.py
+++ cobbler/remote.py 2012/04/16 15:22:59
@@ -1964,7 +1964,7 @@
MODULES_TEMPLATE = "installer_templates/modules.conf.template"
DEFAULTS = "installer_templates/defaults"
fh = open(DEFAULTS)
- data = yaml.load(fh.read())
+ data = yaml.safe_load(fh.read())
fh.close()
data["authn_module"] = authn
data["authz_module"] = authz
@@ -1985,7 +1985,7 @@
MODULES_TEMPLATE = "installer_templates/settings.template"
DEFAULTS = "installer_templates/defaults"
fh = open(DEFAULTS)
- data = yaml.load(fh.read())
+ data = yaml.safe_load(fh.read())
fh.close()
data["pxe_once"] = pxe_once
--- cobbler/services.py
+++ cobbler/services.py 2012/04/16 15:22:59
@@ -441,7 +441,7 @@
assert data.find("gamma") != -1
assert data.find("3") != -1
- data = yaml.load(data)
+ data = yaml.safe_load(data)
assert data.has_key("classes")
assert data.has_key("parameters")
--- cobbler/utils.py
+++ cobbler/utils.py 2012/04/16 15:22:59
@@ -1981,7 +1981,7 @@
# Load server and http port
try:
fh = open("/etc/cobbler/settings")
- data = yaml.load(fh.read())
+ data = yaml.safe_load(fh.read())
fh.close()
except:
traceback.print_exc()
@@ -2002,7 +2002,7 @@
# Load xmlrpc port
try:
fh = open("/etc/cobbler/settings")
- data = yaml.load(fh.read())
+ data = yaml.safe_load(fh.read())
fh.close()
except:
traceback.print_exc()
--- scripts/cobbler-ext-nodes
+++ scripts/cobbler-ext-nodes 2012/04/16 15:22:59
@@ -13,7 +13,7 @@
if hostname is not None:
conf = open("/etc/cobbler/settings")
- config = yaml.load(conf.read());
+ config = yaml.safe_load(conf.read());
conf.close()
url = "http://%s:%s/cblr/svc/op/puppet/hostname/%s" % (config["server"], config["http_port"], hostname)
print urlgrabber.urlread(url)
--- scripts/index.py
+++ scripts/index.py 2012/04/16 15:22:59
@@ -109,7 +109,7 @@
fd = open("/etc/cobbler/settings")
data = fd.read()
fd.close()
- ydata = yaml.load(data)
+ ydata = yaml.safe_load(data)
remote_port = ydata.get("xmlrpc_port", 25151)
mode = form.get('mode','index')
--- scripts/services.py
+++ scripts/services.py 2012/04/16 15:22:59
@@ -61,7 +61,7 @@
fd = open("/etc/cobbler/settings")
data = fd.read()
fd.close()
- ydata = yaml.load(data)
+ ydata = yaml.safe_load(data)
remote_port = ydata.get("xmlrpc_port",25151)
# instantiate a CobblerWeb object
