File security_fix_yaml.diff of Package cobbler.518

Overview Repositories Revisions Requests Users Attributes Meta

File security_fix_yaml.diff of Package cobbler.518

--- cobbler/api.py
+++ cobbler/api.py	2012/04/16 15:22:59
@@ -222,7 +222,7 @@
         fd = open("/etc/cobbler/version")
         ydata = fd.read()
         fd.close()
-        data = yaml.load(ydata)
+        data = yaml.safe_load(ydata)
         if not extended:
             # for backwards compatibility and use with koan's comparisons
             elems = data["version_tuple"] 
--- cobbler/item.py
+++ cobbler/item.py	2012/04/16 15:22:59
@@ -245,7 +245,7 @@
             self.mgmt_parameters = mgmt_parameters
         else:
             import yaml
-            data = yaml.load(mgmt_parameters)
+            data = yaml.safe_load(mgmt_parameters)
             if type(data) is not dict:
                 raise CX(_("Input YAML in Puppet Parameter field must evaluate to a dictionary."))
             self.mgmt_parameters = data
--- cobbler/modules/serializer_catalog.py
+++ cobbler/modules/serializer_catalog.py	2012/04/16 15:22:59
@@ -134,7 +134,7 @@
     if os.path.exists(filename): 
         fd = open(filename)
         data = fd.read()
-        return yaml.load(data)
+        return yaml.safe_load(data)
     elif os.path.exists(filename2):
         fd = open(filename2)
         data = fd.read()
@@ -166,13 +166,13 @@
    
     if collection_type == "settings":
          fd = open("/etc/cobbler/settings")
-         datastruct = yaml.load(fd.read())
+         datastruct = yaml.safe_load(fd.read())
          fd.close()
          return datastruct
     elif os.path.exists(old_filename):
          # for use in migration from serializer_yaml to serializer_catalog (yaml/json)
          fd = open(old_filename)
-         datastruct = yaml.load(fd.read())
+         datastruct = yaml.safe_load(fd.read())
          fd.close()
          return datastruct
     else:
@@ -192,7 +192,7 @@
              if f.endswith(".json"):
                  datastruct = simplejson.loads(ydata, encoding='utf-8')
              else:
-                 datastruct = yaml.load(ydata)
+                 datastruct = yaml.safe_load(ydata)
              results.append(datastruct)
              fd.close()
          return results    
--- cobbler/modules/serializer_couch.py
+++ cobbler/modules/serializer_couch.py	2012/04/16 15:22:59
@@ -109,7 +109,7 @@
 
     if collection_type == "settings":
          fd = open("/etc/cobbler/settings")
-         datastruct = yaml.load(fd.read())
+         datastruct = yaml.safe_load(fd.read())
          fd.close()
          return datastruct
     else:
--- cobbler/remote.py
+++ cobbler/remote.py	2012/04/16 15:22:59
@@ -1964,7 +1964,7 @@
     MODULES_TEMPLATE = "installer_templates/modules.conf.template"
     DEFAULTS = "installer_templates/defaults"
     fh = open(DEFAULTS)
-    data = yaml.load(fh.read())
+    data = yaml.safe_load(fh.read())
     fh.close()
     data["authn_module"] = authn
     data["authz_module"] = authz
@@ -1985,7 +1985,7 @@
     MODULES_TEMPLATE = "installer_templates/settings.template"
     DEFAULTS = "installer_templates/defaults"
     fh = open(DEFAULTS)
-    data = yaml.load(fh.read())
+    data = yaml.safe_load(fh.read())
     fh.close()
     data["pxe_once"] = pxe_once
 
--- cobbler/services.py
+++ cobbler/services.py	2012/04/16 15:22:59
@@ -441,7 +441,7 @@
     assert data.find("gamma") != -1
     assert data.find("3") != -1
     
-    data = yaml.load(data)
+    data = yaml.safe_load(data)
     assert data.has_key("classes")
     assert data.has_key("parameters")
     
--- cobbler/utils.py
+++ cobbler/utils.py	2012/04/16 15:22:59
@@ -1981,7 +1981,7 @@
     # Load server and http port
     try:
         fh = open("/etc/cobbler/settings")
-        data = yaml.load(fh.read())
+        data = yaml.safe_load(fh.read())
         fh.close()
     except:
        traceback.print_exc()
@@ -2002,7 +2002,7 @@
     # Load xmlrpc port
     try:
         fh = open("/etc/cobbler/settings")
-        data = yaml.load(fh.read())
+        data = yaml.safe_load(fh.read())
         fh.close()
     except:
        traceback.print_exc()
--- scripts/cobbler-ext-nodes
+++ scripts/cobbler-ext-nodes	2012/04/16 15:22:59
@@ -13,7 +13,7 @@
 
    if hostname is not None:
        conf = open("/etc/cobbler/settings")
-       config = yaml.load(conf.read());
+       config = yaml.safe_load(conf.read());
        conf.close()
        url = "http://%s:%s/cblr/svc/op/puppet/hostname/%s" % (config["server"], config["http_port"], hostname)
        print urlgrabber.urlread(url)
--- scripts/index.py
+++ scripts/index.py	2012/04/16 15:22:59
@@ -109,7 +109,7 @@
     fd = open("/etc/cobbler/settings")
     data = fd.read()
     fd.close()
-    ydata = yaml.load(data)
+    ydata = yaml.safe_load(data)
     remote_port = ydata.get("xmlrpc_port", 25151)
 
     mode = form.get('mode','index')
--- scripts/services.py
+++ scripts/services.py	2012/04/16 15:22:59
@@ -61,7 +61,7 @@
     fd = open("/etc/cobbler/settings")
     data = fd.read()
     fd.close()
-    ydata = yaml.load(data)
+    ydata = yaml.safe_load(data)
     remote_port = ydata.get("xmlrpc_port",25151)
 
     # instantiate a CobblerWeb object

Places

File security_fix_yaml.diff of Package cobbler.518

Places