>/id SrSSKrSSKJr SSKJr \R "S5\R"S5S55rg)a =============================== B506: Test for use of yaml load =============================== This plugin test checks for the unsafe usage of the ``yaml.load`` function from the PyYAML package. The yaml.load function provides the ability to construct an arbitrary Python object, which may be dangerous if you receive a YAML document from an untrusted source. The function yaml.safe_load limits this ability to simple Python objects like integers or lists. Please see https://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML for more information on ``yaml.load`` and yaml.safe_load :Example: .. code-block:: none >> Issue: [yaml_load] Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). Severity: Medium Confidence: High CWE: CWE-20 (https://cwe.mitre.org/data/definitions/20.html) Location: examples/yaml_load.py:5 4 ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3}) 5 y = yaml.load(ystr) 6 yaml.dump(y) .. seealso:: - https://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML - https://cwe.mitre.org/data/definitions/20.html .. versionadded:: 1.0.0 .. versionchanged:: 1.7.3 CWE information added N)issue)test_propertiesB506Callc <URS5nURnU(d[U[5(agUR S5nUSn[ SU;US:HUR SS5(+UR SS5(+URS5S:X+URS5S:X+/5(a`[R"[R[R[RRS URR S 9$g) Nyaml.loadLoader SafeLoader CSafeLoaderz^Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().)severity confidencecwetextlineno)is_module_imported_exactcall_function_name_qual isinstancestrsplitallcheck_call_arg_valueget_call_arg_at_positionbanditIssueMEDIUMHIGHrCweIMPROPER_INPUT_VALIDATIONnoder)contextimportedqualname qualname_listfuncs R/home/james-whalen/.local/lib/python3.13/site-packages/bandit/plugins/yaml_load.py yaml_loadr*1s//7H..H  8S11NN3'M  D m # FN,,X|D D,,X}E E003| C003} D    ||]]{{ 33=<<&&    ) __doc__r bandit.corerrtesttest_idchecksr*r+r)r2sD &N/fV  r+