Bug 1692477 - Warning issued when loading a yaml file
Summary: Warning issued when loading a yaml file
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: python-nose-testconfig
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: David Shea
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-25 16:57 UTC by David Shea
Modified: 2019-04-04 03:11 UTC (History)
1 user (show)

Fixed In Version: python-nose-testconfig-0.10-13.fc30 python-nose-testconfig-0.10-13.fc28 python-nose-testconfig-0.10-13.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-31 00:03:54 UTC


Attachments (Terms of Use)

Description David Shea 2019-03-25 16:57:52 UTC
Description of problem:

When using nose-testconfig with PyYAML >= 5.1, loading any YAML file will display a warning.

Version-Release number of selected component (if applicable):
python3-nose-testconfig-0.10-12.fc30.noarch
python3-pyyaml-5.1-1.fc31.x86_64

How reproducible:
Always

Steps to Reproduce:
>>> import testconfig
>>> testconfig.load_yaml('examples/example_cfg.yaml', 'utf-8')

Actual results:
/usr/lib/python3.7/site-packages/testconfig.py:37: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
  parsed_config = yaml.load(codecs.open(yaml_file, 'r', encoding).read())

Expected results:
just load the file

Additional info:

Loading config files with nose-testconfig is intentionally and explicitly unsafe. One of the config file loaders just execs a python file, after all. nose-testconfig can be modified to use Loader=Loader with no change in expected behavior.

Comment 1 David Shea 2019-03-25 17:31:24 UTC
(In reply to David Shea from comment #0)
> Loading config files with nose-testconfig is intentionally and explicitly
> unsafe.

Scratch that. From the pypi description: "When using YAML-style configuration, you get a lot of the power of pure python without the danger of unprotected exec()". yaml.FullLoader (the default in PyYAML-5.1) is appropriate for nose-testconfig in order to allow the !!python extensions without arbitrary code execution.

Comment 2 Fedora Update System 2019-03-25 18:03:46 UTC
python-nose-testconfig-0.10-13.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-c58c812825

Comment 3 Fedora Update System 2019-03-25 18:09:30 UTC
python-nose-testconfig-0.10-13.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-ad61fd43f7

Comment 4 Fedora Update System 2019-03-25 18:16:14 UTC
python-nose-testconfig-0.10-13.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2019-4fb43a355e

Comment 5 Fedora Update System 2019-03-25 18:54:58 UTC
python-nose-testconfig-0.10-13.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-c58c812825

Comment 6 Fedora Update System 2019-03-27 04:11:36 UTC
python-nose-testconfig-0.10-13.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-4fb43a355e

Comment 7 Fedora Update System 2019-03-27 04:34:16 UTC
python-nose-testconfig-0.10-13.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-ad61fd43f7

Comment 8 Fedora Update System 2019-03-31 00:03:54 UTC
python-nose-testconfig-0.10-13.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2019-04-04 02:26:23 UTC
python-nose-testconfig-0.10-13.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2019-04-04 03:11:08 UTC
python-nose-testconfig-0.10-13.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.