hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
remove-javascript
codeql/python/change-notes/2021-02-10-yaml-more-loading-functions.md
Rasmus Wriedt Larsen 6e2445cce6 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
2021-02-23 15:19:29 +01:00

3 lines
458 B
Markdown
Raw Permalink Blame History

lgtm,codescanning
* Improved modeling of the `PyYAML` PyPI package (imported as `yaml`) now includes `safe_load`, `unsafe_load`, and `full_load` (as well as the `..._load_all` functions). In the current version of PyYAML (5.4.1), only `safe_load` and `safe_load_all` are known to be safe from code execution exploits. Consequently, calls to the other functions are modeled as sinks of the _Deserializing untrusted input_ (`py/unsafe-deserialization`) query.
Reference in New Issue View Git Blame Copy Permalink