codeql/python/change-notes/2021-10-26-ruamel.yaml-modeling.md

mirror of https://github.com/github/codeql.git synced 2026-04-04 22:58:16 +02:00
lgtm,codescanning
* Added modeling of the `ruamel.yaml` PyPI package, resulting in additional sinks for the _Deserializing untrusted input_ (`py/unsafe-deserialization`) query (since `ruamel.yaml.load` can lead to code execution).
	`lgtm,codescanning`
	* Added modeling of the `ruamel.yaml` PyPI package, resulting in additional sinks for the _Deserializing untrusted input_ (`py/unsafe-deserialization`) query (since `ruamel.yaml.load` can lead to code execution).