Improper input validation Medium

Improper input validation can enable attacks and lead to unwanted behavior. Parts of the system may receive unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.

Detector ID
python/improper-input-validation@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1def yaml_load_noncompliant():
2    import json
3    import yaml
4    response = yaml.dump({'a': 1, 'b': 2, 'c': 3})
5    # Noncompliant: uses unsafe yaml load.
6    result = yaml.load(response)
7    yaml.dump(result)

Compliant example

1def yaml_load_compliant():
2    import json
3    import yaml
4    response = yaml.dump({'a': 1, 'b': 2, 'c': 3})
5    # Compliant: uses safe yaml load.
6    result = yaml.load(response, Loader=yaml.CSafeLoader)
7    yaml.dump(result)