Object deserialized from potentially dangerous source. This could overload a system with a denial of service attack, or execute remote code to control a system.
1def handler_noncompliant(event:, context:)
2 foobar = event['smth']
3 # Noncompliant: tainted data passed inside `CSV.load()`.
4 obj3 = CSV.load("o:" + event['data'])
5end
1def handler_compliant(event:, context:)
2 # Compliant: no tainted data passed inside `CSV.load()`.
3 obj3 = CSV.load(get_safe_data())
4end