Bandit reports 'json.load' as 'yaml.load'
Bug #1622615 reported by
Luke Hinds
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bandit |
Fix Released
|
Undecided
|
Dave McCowan |
Bug Description
json.load is incorrectly parsed as yaml.load...see the following example
yaml_load: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
Test ID: B506
Severity: MEDIUM
Confidence: HIGH
File: <snip>
More info: http://
348 .format(
349 json_data = json.load(
Changed in bandit: | |
assignee: | nobody → Dave McCowan (dave-mccowan) |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/383245
Review: https:/