Update client to use json serialization

This changes the client to use json serialization rather than pickles. Related: CVE-2016-1000003 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
fedora-infra · Jun 17, 2016 · eb9b542 · eb9b542
1 parent 2e227f6
commit eb9b542
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/client/report_mirror b/client/report_mirror
@@ -1,7 +1,7 @@
 #!/usr/bin/python
 
 import os, sys
-import pickle
+import json
 import ConfigParser
 import pprint
 import xmlrpclib
@@ -186,7 +186,7 @@ def get_stats(conf, section):
             try:
                 f = open(fn, 'r')
                 contents = contents + f.readlines()
-                statsdata[name] = pickle.dumps(contents, -1)
+                statsdata[name] = json.dumps(contents, -1)
                 f.close()
             except:
                 pass
@@ -284,15 +284,15 @@ def main():
     get_exclude_dir_patterns_from_file(options)
     if options.input:
         infile = open(options.input, 'rb')
-        item.config = pickle.load(infile)
+        item.config = json.load(infile)
         infile.close()
         if not config(options.config, item, crawl=False):
             sys.exit(1)
     else:
         if not config(options.config, item, crawl=True):
             sys.exit(1)
 
-    p = pickle.dumps(item.config, -1)
+    p = json.dumps(item.config, -1)
 
     if options.debug:
         pp = pprint.PrettyPrinter(indent=4)