From 2e4affe4421e4d74b8b1c2c2edc93d7bdc7eb341 Mon Sep 17 00:00:00 2001
From: delerrr <deler@hust.edu.cn>
Date: Fri, 21 Apr 2023 22:03:54 +0800
Subject: [PATCH] tools: changed Loader to SafeLoader for security

in several files such as "verify_repo_binary_install_uninstall.py",
the "Loader" parameter that has been used is unsafe
which will cause issues with unsafely parsing serialized data.
to fix it, "yaml.SafeLoader" is used for "Loader" parameter.

Signed-off-by: delerrr <deler@hust.edu.cn>
---
 tools/check_package_binary_archive.py         | 2 +-
 tools/modify_src_openeuler_yaml.py            | 2 +-
 tools/verify_repo_binary_install_uninstall.py | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/check_package_binary_archive.py b/tools/check_package_binary_archive.py
index 41d1631..7d6f2f4 100644
--- a/tools/check_package_binary_archive.py
+++ b/tools/check_package_binary_archive.py
@@ -73,7 +73,7 @@ def read_yaml():
     rpmlist = []
     if os.path.exists(yaml_file):
         with open(yaml_file, "r", encoding='utf-8') as f:
-            file_msg = yaml.load(f, Loader=yaml.FullLoader)
+            file_msg = yaml.load(f, Loader=yaml.SafeLoader)
         for rpm in file_msg.values():
             rpmlist.extend(rpm)
     shutil.rmtree(gitee_repo_path)
diff --git a/tools/modify_src_openeuler_yaml.py b/tools/modify_src_openeuler_yaml.py
index bd48510..0e75c65 100644
--- a/tools/modify_src_openeuler_yaml.py
+++ b/tools/modify_src_openeuler_yaml.py
@@ -42,7 +42,7 @@ def git_clone(gitee_repo):
 def read_yaml(file_path):
     if os.path.exists(file_path):
         with open(file_path, "r", encoding='utf-8') as f:
-            file_msg = yaml.load(f, Loader=yaml.FullLoader)
+            file_msg = yaml.load(f, Loader=yaml.SafeLoader)
     return file_msg
 
 def write_yaml(dict_msg, file_path):
diff --git a/tools/verify_repo_binary_install_uninstall.py b/tools/verify_repo_binary_install_uninstall.py
index edb336d..905c5ff 100644
--- a/tools/verify_repo_binary_install_uninstall.py
+++ b/tools/verify_repo_binary_install_uninstall.py
@@ -85,7 +85,7 @@ def read_yaml(file_path):
     file_msg = {}
     if os.path.exists(file_path):
         with open(file_path, "r", encoding='utf-8') as f:
-            file_msg = yaml.load(f, Loader=yaml.FullLoader)
+            file_msg = yaml.load(f, Loader=yaml.SafeLoader)
     return file_msg
 
 def get_project_packages():
@@ -101,7 +101,7 @@ def get_project_packages():
         pkglist = []
         yaml_file = os.path.join(os.getcwd(), "config/%s/%s/to_check.yaml" % 
                 (args.branch, p))
-        file_msg = read_yaml(yaml_file)
+        file_msg = read_yaml(yaml_file, Loader=yaml.SafeLoader)
         if file_msg:
             if file_msg["packages"]:
                 for pkg in file_msg['packages']:
-- 
Gitee