Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use yaml.safe_load instead of yaml.load to prevent avoid code execution #1105

Closed
wants to merge 2 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions test/unit/test_class_index_list.py
Original file line number Diff line number Diff line change
Expand Up @@ -770,7 +770,7 @@ def test_pattern_filtertype(self):
client.cluster.state.return_value = testvars.clu_state_four
client.indices.stats.return_value = testvars.stats_four
ilo = curator.IndexList(client)
config = yaml.load(testvars.pattern_ft)['actions'][1]
config = yaml.safe_load(testvars.pattern_ft)['actions'][1]
ilo.iterate_filters(config)
self.assertEqual(['a-2016.03.03'], ilo.indices)
def test_age_filtertype(self):
Expand All @@ -780,7 +780,7 @@ def test_age_filtertype(self):
client.cluster.state.return_value = testvars.clu_state_two
client.indices.stats.return_value = testvars.stats_two
ilo = curator.IndexList(client)
config = yaml.load(testvars.age_ft)['actions'][1]
config = yaml.safe_load(testvars.age_ft)['actions'][1]
ilo.iterate_filters(config)
self.assertEqual(['index-2016.03.03'], ilo.indices)
def test_space_filtertype(self):
Expand All @@ -791,7 +791,7 @@ def test_space_filtertype(self):
client.indices.stats.return_value = testvars.stats_four
client.field_stats.return_value = testvars.fieldstats_four
ilo = curator.IndexList(client)
config = yaml.load(testvars.space_ft)['actions'][1]
config = yaml.safe_load(testvars.space_ft)['actions'][1]
ilo.iterate_filters(config)
self.assertEqual(['a-2016.03.03'], ilo.indices)
def test_forcemerge_filtertype(self):
Expand All @@ -802,7 +802,7 @@ def test_forcemerge_filtertype(self):
client.indices.stats.return_value = testvars.stats_one
client.indices.segments.return_value = testvars.shards
ilo = curator.IndexList(client)
config = yaml.load(testvars.forcemerge_ft)['actions'][1]
config = yaml.safe_load(testvars.forcemerge_ft)['actions'][1]
ilo.iterate_filters(config)
self.assertEqual([testvars.named_index], ilo.indices)
def test_allocated_filtertype(self):
Expand All @@ -812,7 +812,7 @@ def test_allocated_filtertype(self):
client.cluster.state.return_value = testvars.clu_state_two
client.indices.stats.return_value = testvars.stats_two
ilo = curator.IndexList(client)
config = yaml.load(testvars.allocated_ft)['actions'][1]
config = yaml.safe_load(testvars.allocated_ft)['actions'][1]
ilo.iterate_filters(config)
self.assertEqual(['index-2016.03.04'], ilo.indices)
def test_kibana_filtertype(self):
Expand All @@ -828,7 +828,7 @@ def test_kibana_filtertype(self):
'.kibana', '.marvel-kibana', 'kibana-int', '.marvel-es-data',
'dummy'
]
config = yaml.load(testvars.kibana_ft)['actions'][1]
config = yaml.safe_load(testvars.kibana_ft)['actions'][1]
ilo.iterate_filters(config)
self.assertEqual(['dummy'], ilo.indices)
def test_opened_filtertype(self):
Expand All @@ -839,7 +839,7 @@ def test_opened_filtertype(self):
client.indices.stats.return_value = testvars.stats_four
client.field_stats.return_value = testvars.fieldstats_four
ilo = curator.IndexList(client)
config = yaml.load(testvars.opened_ft)['actions'][1]
config = yaml.safe_load(testvars.opened_ft)['actions'][1]
ilo.iterate_filters(config)
self.assertEqual(['c-2016.03.05'], ilo.indices)
def test_closed_filtertype(self):
Expand All @@ -850,7 +850,7 @@ def test_closed_filtertype(self):
client.indices.stats.return_value = testvars.stats_four
client.field_stats.return_value = testvars.fieldstats_four
ilo = curator.IndexList(client)
config = yaml.load(testvars.closed_ft)['actions'][1]
config = yaml.safe_load(testvars.closed_ft)['actions'][1]
ilo.iterate_filters(config)
self.assertEqual(
['a-2016.03.03','b-2016.03.04','d-2016.03.06'], sorted(ilo.indices))
Expand All @@ -861,7 +861,7 @@ def test_none_filtertype(self):
client.cluster.state.return_value = testvars.clu_state_two
client.indices.stats.return_value = testvars.stats_two
ilo = curator.IndexList(client)
config = yaml.load(testvars.none_ft)['actions'][1]
config = yaml.safe_load(testvars.none_ft)['actions'][1]
ilo.iterate_filters(config)
self.assertEqual(
['index-2016.03.03', 'index-2016.03.04'], sorted(ilo.indices))
Expand All @@ -872,7 +872,7 @@ def test_unknown_filtertype_raises(self):
client.cluster.state.return_value = testvars.clu_state_two
client.indices.stats.return_value = testvars.stats_two
ilo = curator.IndexList(client)
config = yaml.load(testvars.invalid_ft)['actions'][1]
config = yaml.safe_load(testvars.invalid_ft)['actions'][1]
self.assertRaises(
curator.ConfigurationError,
ilo.iterate_filters, config
Expand Down
8 changes: 4 additions & 4 deletions test/unit/test_class_snapshot_list.py
Original file line number Diff line number Diff line change
Expand Up @@ -304,7 +304,7 @@ def test_invalid_filtertype(self):
client.snapshot.get.return_value = testvars.snapshots
client.snapshot.get_repository.return_value = testvars.test_repo
slo = curator.SnapshotList(client, repository=testvars.repo_name)
config = yaml.load(testvars.invalid_ft)['actions'][1]
config = yaml.safe_load(testvars.invalid_ft)['actions'][1]
self.assertRaises(
curator.ConfigurationError,
slo.iterate_filters, config
Expand All @@ -314,7 +314,7 @@ def test_age_filtertype(self):
client.snapshot.get.return_value = testvars.snapshots
client.snapshot.get_repository.return_value = testvars.test_repo
slo = curator.SnapshotList(client, repository=testvars.repo_name)
config = yaml.load(testvars.snap_age_ft)['actions'][1]
config = yaml.safe_load(testvars.snap_age_ft)['actions'][1]
slo.iterate_filters(config)
self.assertEqual(
['snap_name', 'snapshot-2015.03.01'], sorted(slo.snapshots))
Expand All @@ -323,7 +323,7 @@ def test_pattern_filtertype(self):
client.snapshot.get.return_value = testvars.snapshots
client.snapshot.get_repository.return_value = testvars.test_repo
slo = curator.SnapshotList(client, repository=testvars.repo_name)
config = yaml.load(testvars.snap_pattern_ft)['actions'][1]
config = yaml.safe_load(testvars.snap_pattern_ft)['actions'][1]
slo.iterate_filters(config)
self.assertEqual(
['snap_name', 'snapshot-2015.03.01'], sorted(slo.snapshots))
Expand All @@ -332,7 +332,7 @@ def test_none_filtertype(self):
client.snapshot.get.return_value = testvars.snapshots
client.snapshot.get_repository.return_value = testvars.test_repo
slo = curator.SnapshotList(client, repository=testvars.repo_name)
config = yaml.load(testvars.snap_none_ft)['actions'][1]
config = yaml.safe_load(testvars.snap_none_ft)['actions'][1]
slo.iterate_filters(config)
self.assertEqual(
['snap_name', 'snapshot-2015.03.01'], sorted(slo.snapshots))
Expand Down