From 6c82002058869c7dfde4dc7fc438f971e32de074 Mon Sep 17 00:00:00 2001 From: vnitinv Date: Tue, 19 Mar 2019 15:51:34 +0530 Subject: [PATCH] upgrade pyyaml as per CVE-2017-18342 --- lib/jnpr/junos/factory/__init__.py | 2 +- requirements.txt | 2 +- tests/unit/factory/test_cfgtable.py | 30 ++++++++++++++--------------- tests/unit/facts/test_swver.py | 2 +- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/lib/jnpr/junos/factory/__init__.py b/lib/jnpr/junos/factory/__init__.py index 60a4b1d6a..760c031b1 100644 --- a/lib/jnpr/junos/factory/__init__.py +++ b/lib/jnpr/junos/factory/__init__.py @@ -30,4 +30,4 @@ def loadyaml(path): # if no extension is given, default to '.yml' if os.path.splitext(path)[1] == '': path += '.yml' - return FactoryLoader().load(yaml.load(open(path, 'r'))) + return FactoryLoader().load(yaml.load(open(path, 'r'), Loader=yaml.FullLoader)) diff --git a/requirements.txt b/requirements.txt index 95c1470c3..fd3b3c659 100755 --- a/requirements.txt +++ b/requirements.txt @@ -3,7 +3,7 @@ ncclient>=0.5.4 paramiko>=1.15.2 scp>=0.7.0 jinja2>=2.7.1 -PyYAML<=3.13 +PyYAML>=5.1 netaddr six pyserial diff --git a/tests/unit/factory/test_cfgtable.py b/tests/unit/factory/test_cfgtable.py index 40f865da3..f13017214 100644 --- a/tests/unit/factory/test_cfgtable.py +++ b/tests/unit/factory/test_cfgtable.py @@ -53,7 +53,7 @@ args_key: name options: {} """ -globals().update(FactoryLoader().load(yaml.load(yaml_data))) +globals().update(FactoryLoader().load(yaml.load(yaml_data, Loader=yaml.FullLoader))) yaml_bgp_data = \ """--- @@ -79,7 +79,7 @@ neigh : name """ -globals().update(FactoryLoader().load(yaml.load(yaml_bgp_data))) +globals().update(FactoryLoader().load(yaml.load(yaml_bgp_data, Loader=yaml.FullLoader))) @attr('unit') @@ -231,7 +231,7 @@ def test_cfgtable_set_inactive(self, mock_execute): fields_auth: password: user/encrypted-password """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) at = UserConfigTable1(self.dev) at.rpc.lock_configuration = MagicMock() at.username = 'user1' @@ -264,7 +264,7 @@ def test_cfgtable_set_bool(self, mock_execute): fields_auth: password: user/encrypted-password """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) at = UserConfigTable1(self.dev) at.rpc.lock_configuration = MagicMock() at.username = True @@ -377,7 +377,7 @@ def test_cfgtable_str_key_field(self, mock_execute): fields: as_num: as-number """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) at = AutoSysTable(self.dev) at.rpc.lock_configuration = MagicMock() at.as_num = 100 @@ -403,7 +403,7 @@ def test_cfgtable_field_value_xpath(self, mock_execute): fields: as_num: autonomous-system/as-number """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) at = AutoSysTable(self.dev) at.rpc.lock_configuration = MagicMock() at.as_num = 150 @@ -429,7 +429,7 @@ def test_cfgtable_user_defined_type_error(self, mock_execute): fields: as_num: {'as-number': {'type': {'UserDefined': ''}}} """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) at = AutoSysTable(self.dev) at.rpc.lock_configuration = MagicMock() at.as_num = 100 @@ -449,7 +449,7 @@ def test_cfgtable_wrong_type_error(self, mock_execute): fields: as_num: {'as-number' : { 'type' : 'int'} } """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) at = AutoSysTable(self.dev) at.as_num = '100' self.assertRaises(TypeError, at.append) @@ -468,7 +468,7 @@ def test_cfgtable_unsupported_type_error(self, mock_execute): fields: as_num: {'as-number' : { 'type' : 'interger'} } """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) at = AutoSysTable(self.dev) at.as_num = 100 self.assertRaises(TypeError, at.append) @@ -487,7 +487,7 @@ def test_cfgtable_enum_value_str_error(self, mock_execute): fields: as_num: {'as-number' : {'type' : {'enum': '100'}}} """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) at = AutoSysTable(self.dev) at.as_num = 100 self.assertRaises(ValueError, at.append) @@ -506,7 +506,7 @@ def test_cfgtable_enum_value_type_error(self, mock_execute): fields: as_num: {'as-number' : {'type' : {'enum': {'100': ''}}}} """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) at = AutoSysTable(self.dev) at.as_num = 100 self.assertRaises(TypeError, at.append) @@ -525,7 +525,7 @@ def test_cfgtable_invalid_type_error(self, mock_execute): fields: as_num: {'as-number': {'type': ['abc']}} """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) at = AutoSysTable(self.dev) at.as_num = 100 self.assertRaises(TypeError, at.append) @@ -544,7 +544,7 @@ def test_cfgtable_invalid_key_field_type_error(self, mock_execute): fields: as_num: as-number """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) self.assertRaises(TypeError, AutoSysTable, self.dev) @patch('jnpr.junos.Device.execute') @@ -559,7 +559,7 @@ def test_cfgtable_invalid_key_field_not_defined_error(self, mock_execute): fields: as_num: as-number """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) self.assertRaises(ValueError, AutoSysTable, self.dev) @patch('jnpr.junos.Device.execute') @@ -569,7 +569,7 @@ def test_cfgtable_invalid_view_not_defined_type_error(self, mock_execute): AutoSysTable: set: routing-options/autonomous-system """ - globals().update(FactoryLoader().load(yaml.load(yaml_auto_data))) + globals().update(FactoryLoader().load(yaml.load(yaml_auto_data, Loader=yaml.FullLoader))) self.assertRaises(ValueError, AutoSysTable, self.dev) @patch('jnpr.junos.Device.execute') diff --git a/tests/unit/facts/test_swver.py b/tests/unit/facts/test_swver.py index b39afe0eb..3aa82aeee 100644 --- a/tests/unit/facts/test_swver.py +++ b/tests/unit/facts/test_swver.py @@ -58,7 +58,7 @@ def test_version_to_yaml(self): import yaml self.assertEqual( yaml.dump(version_info('11.4R7.5')), - "build: 5\nmajor: !!python/tuple [11, 4]\nminor: '7'\ntype: R\n") + "build: 5\nmajor: !!python/tuple\n- 11\n- 4\nminor: '7'\ntype: R\n") def test_version_iter(self): self.assertItemsEqual(