Improper input validation can enable attacks and lead to unwanted behavior. Parts of the system may receive unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.
1def yaml_load_noncompliant():
2 import json
3 import yaml
4 response = yaml.dump({'a': 1, 'b': 2, 'c': 3})
5 # Noncompliant: uses unsafe yaml load.
6 result = yaml.load(response)
7 yaml.dump(result)
1def yaml_load_compliant():
2 import json
3 import yaml
4 response = yaml.dump({'a': 1, 'b': 2, 'c': 3})
5 # Compliant: uses safe yaml load.
6 result = yaml.load(response, Loader=yaml.CSafeLoader)
7 yaml.dump(result)