hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Apply code-review suggestion

Browse Source 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
This commit is contained in:
Rasmus Wriedt Larsen
2021-02-15 14:38:20 +01:00
committed by GitHub
parent 2478a9f10e
commit 69e081e897
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/change-notes/2021-02-10-yaml-more-loading-functions.md
View File

@@ -1,2 +1,2 @@
lgtm,codescanning
* Improved modeling for the `PyYAML` PyPI package (imported as `yaml`), now supporting `safe_load`, `unsafe_load`, and `full_load` (as well as the `..._load_all` functions). In the current version of PyYAML (5.4.1), only `safe_load` is known to be safe from code execution exploits. Calls to the other functions are now modeled as sinks of the _Deserializing untrusted input_ (`py/unsafe-deserialization`) query.
* Improved modeling of the `PyYAML` PyPI package (imported as `yaml`) now includes `safe_load`, `unsafe_load`, and `full_load` (as well as the `..._load_all` functions). In the current version of PyYAML (5.4.1), only `safe_load` is known to be safe from code execution exploits. Consequently, calls to the other functions are modeled as sinks of the _Deserializing untrusted input_ (`py/unsafe-deserialization`) query.