hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix wording of change-note

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-02-14 23:20:46 +01:00
parent 10fdc4bfb9
commit 2478a9f10e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/change-notes/2021-02-10-yaml-more-loading-functions.md
View File

@@ -1,2 +1,2 @@
lgtm,codescanning
* Improved modeling for the `PyYAML` PyPI package (imported as `yaml`), now supporting `safe_load`, `unsafe_load`, and `full_load` (as well as the `..._load_all` functions). In the current version of PyYAML (5.4.1), only `safe_load` is known to not be safe from code execution exploits. Calls to the other functions are now modeled as sinks of the _Deserializing untrusted input_ (`py/unsafe-deserialization`) query.
* Improved modeling for the `PyYAML` PyPI package (imported as `yaml`), now supporting `safe_load`, `unsafe_load`, and `full_load` (as well as the `..._load_all` functions). In the current version of PyYAML (5.4.1), only `safe_load` is known to be safe from code execution exploits. Calls to the other functions are now modeled as sinks of the _Deserializing untrusted input_ (`py/unsafe-deserialization`) query.