GoogleFriendlyConfig.read: Use YAML.safe_load to avoid arbitrary Ruby class construction #295
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Same as ManageIQ/kubeclient#334, you have a copy-paste of that code since #88.
I don't think there is any security impact in this project, like most uses of Config.read out there it's a command-line tool, config(s) come from $KUBECONFIG env var, so user that runs this controls the config but can only "attack themself".
P.S. ManageIQ/kubeclient#213 finally landed in kubeclient 3.1, you could in principle drop GoogleFriendlyConfig in favor of that — though it doesn't autodetect auth-provider 'gcp', you'd need to know when to call it.
P.S. you have some unrelated
YAML.load
uses, consider checking which can besafe_load
.Cheers