This linter searches for insecure use of the yaml
module. Its parsing
functions dump
, dump_all
, load
, and load_all
allow for arbitrary code
execution. Thus, they should be avoided in favor of their safe equivalents:
safe_dump
, safe_dump_all
, safe_load
, and safe_load_all
.
import yaml
malicious_user_input = "your_files: !!python/object/apply:subprocess.check_output ['ls']"
yaml.load(malicious_user_input)
import yaml
malicious_user_input = "your_files: !!python/object/apply:subprocess.check_output ['ls']"
yaml.safe_load(malicious_user_input)
Arbitrary code execution allows an attacker to perform any action within the context of the system the bug is found. E.g. open a reverse shell to a system of their choosing, install malware by downloading and running a payload, silently log actions performed on the victim system, etc.
Arbitrary code execution bugs are effectively the keys to the castle. We'd like to avoid using the above function because it commonly allows for these types of bugs.
None