codeql/python/change-notes/2021-10-26-ruamel.yaml-modeling.md

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
lgtm,codescanning
* Added modeling of the `ruamel.yaml` PyPI package, resulting in additional sinks for the _Deserializing untrusted input_ (`py/unsafe-deserialization`) query (since `ruamel.yaml.load` can lead to code execution).
	`lgtm,codescanning`
	* Added modeling of the `ruamel.yaml` PyPI package, resulting in additional sinks for the _Deserializing untrusted input_ (`py/unsafe-deserialization`) query (since `ruamel.yaml.load` can lead to code execution).