diff --git a/unit_tests/test_zaza_charm_lifecycle_utils.py b/unit_tests/test_zaza_charm_lifecycle_utils.py index e61a2f9..073a60c 100644 --- a/unit_tests/test_zaza_charm_lifecycle_utils.py +++ b/unit_tests/test_zaza_charm_lifecycle_utils.py @@ -33,7 +33,7 @@ class TestCharmLifecycleUtils(ut_utils.BaseTestCase): self.patch_object(lc_utils, 'yaml') _yaml = "testconfig: someconfig" _yaml_dict = {'test_config': 'someconfig'} - self.yaml.load.return_value = _yaml_dict + self.yaml.safe_load.return_value = _yaml_dict _filename = "filename" _fileobj = mock.MagicMock() _fileobj.__enter__.return_value = _yaml @@ -42,7 +42,7 @@ class TestCharmLifecycleUtils(ut_utils.BaseTestCase): self.assertEqual(lc_utils.get_charm_config(yaml_file=_filename), _yaml_dict) self._open.assert_called_once_with(_filename, "r") - self.yaml.load.assert_called_once_with(_yaml) + self.yaml.safe_load.assert_called_once_with(_yaml) def test_get_class(self): self.assertEqual( diff --git a/unit_tests/utilities/test_zaza_utilities_juju.py b/unit_tests/utilities/test_zaza_utilities_juju.py index 4754b6c..5848557 100644 --- a/unit_tests/utilities/test_zaza_utilities_juju.py +++ b/unit_tests/utilities/test_zaza_utilities_juju.py @@ -193,7 +193,7 @@ class TestJujuUtils(ut_utils.BaseTestCase): self.model.run_on_unit.assert_called_with( 'aunit/0', 'relation-get --format=yaml -r "42" - "otherunit/0"') - self.yaml.load.assert_called_with(str(data)) + self.yaml.safe_load.assert_called_with(str(data)) def test_get_relation_from_unit_fails(self): self.patch_object(juju_utils, '_get_unit_names') @@ -208,7 +208,7 @@ class TestJujuUtils(ut_utils.BaseTestCase): self.model.run_on_unit.assert_called_with( 'aunit/0', 'relation-get --format=yaml -r "42" - "otherunit/0"') - self.assertFalse(self.yaml.load.called) + self.assertFalse(self.yaml.safe_load.called) def test_leader_get(self): self.patch_object(juju_utils, 'yaml') @@ -219,7 +219,7 @@ class TestJujuUtils(ut_utils.BaseTestCase): juju_utils.leader_get('application') self.model.run_on_leader.assert_called_with( 'application', 'leader-get --format=yaml ') - self.yaml.load.assert_called_with(str(data)) + self.yaml.safe_load.assert_called_with(str(data)) def test_leader_get_key(self): self.patch_object(juju_utils, 'yaml') @@ -230,7 +230,7 @@ class TestJujuUtils(ut_utils.BaseTestCase): juju_utils.leader_get('application', 'foo') self.model.run_on_leader.assert_called_with( 'application', 'leader-get --format=yaml foo') - self.yaml.load.assert_called_with(data['foo']) + self.yaml.safe_load.assert_called_with(data['foo']) def test_leader_get_fails(self): self.patch_object(juju_utils, 'yaml') @@ -241,7 +241,7 @@ class TestJujuUtils(ut_utils.BaseTestCase): juju_utils.leader_get('application') self.model.run_on_leader.assert_called_with( 'application', 'leader-get --format=yaml ') - self.assertFalse(self.yaml.load.called) + self.assertFalse(self.yaml.safe_load.called) def test_get_machine_series(self): self.patch( diff --git a/zaza/charm_lifecycle/utils.py b/zaza/charm_lifecycle/utils.py index f80e27d..0032741 100644 --- a/zaza/charm_lifecycle/utils.py +++ b/zaza/charm_lifecycle/utils.py @@ -32,7 +32,7 @@ def get_charm_config(yaml_file=None): if not yaml_file: yaml_file = DEFAULT_TEST_CONFIG with open(yaml_file, 'r') as stream: - return yaml.load(stream) + return yaml.safe_load(stream) def get_class(class_str): diff --git a/zaza/charm_tests/vault/utils.py b/zaza/charm_tests/vault/utils.py index 3bed8c1..f3ccc21 100644 --- a/zaza/charm_tests/vault/utils.py +++ b/zaza/charm_tests/vault/utils.py @@ -158,7 +158,7 @@ def get_credentails(): '~/{}'.format(AUTH_FILE), tmp_file) with open(tmp_file, 'r') as stream: - creds = yaml.load(stream) + creds = yaml.safe_load(stream) return creds @@ -190,7 +190,7 @@ def get_credentails_from_file(auth_file): :rtype: dict """ with open(auth_file, 'r') as stream: - vault_creds = yaml.load(stream) + vault_creds = yaml.safe_load(stream) return vault_creds diff --git a/zaza/model.py b/zaza/model.py index 357c56d..e5ee479 100644 --- a/zaza/model.py +++ b/zaza/model.py @@ -855,7 +855,7 @@ def get_actions(application_name, model_name=None): # https://github.com/juju/python-libjuju/issues/226 cmd = ['juju', 'actions', '-m', model_name, application_name, '--format', 'yaml'] - return yaml.load(subprocess.check_output(cmd)) + return yaml.safe_load(subprocess.check_output(cmd)) async def async_get_current_model(): diff --git a/zaza/utilities/generic.py b/zaza/utilities/generic.py index 0f81a5c..e9e9e4c 100644 --- a/zaza/utilities/generic.py +++ b/zaza/utilities/generic.py @@ -167,7 +167,7 @@ def get_yaml_config(config_file): # through mojo stage directories. This version assumes the yaml file is in # the pwd. logging.info('Using config %s' % (config_file)) - return yaml.load(open(config_file, 'r').read()) + return yaml.safe_load(open(config_file, 'r').read()) def series_upgrade_non_leaders_first(application, from_series="trusty", diff --git a/zaza/utilities/juju.py b/zaza/utilities/juju.py index 6f3c792..1a01a99 100644 --- a/zaza/utilities/juju.py +++ b/zaza/utilities/juju.py @@ -238,7 +238,7 @@ def get_relation_from_unit(entity, remote_entity, remote_interface_name): cmd = 'relation-get --format=yaml -r "{}" - "{}"' .format(rid, remote_unit) result = model.run_on_unit(unit, cmd) if result and int(result.get('Code')) == 0: - return yaml.load(result.get('Stdout')) + return yaml.safe_load(result.get('Stdout')) else: raise model.CommandRunFailed(cmd, result) @@ -255,6 +255,6 @@ def leader_get(application, key=''): cmd = 'leader-get --format=yaml {}'.format(key) result = model.run_on_leader(application, cmd) if result and int(result.get('Code')) == 0: - return yaml.load(result.get('Stdout')) + return yaml.safe_load(result.get('Stdout')) else: raise model.CommandRunFailed(cmd, result)