Derived from the flake8-bandit linter.
What it does#
Checks for uses of the
Why is this bad?#
yaml.load function over untrusted YAML files is insecure, as
yaml.load allows for the creation of arbitrary Python objects, which can
then be used to execute arbitrary code.
Instead, consider using
yaml.safe_load, which allows for the creation of
simple Python objects like integers and lists, but prohibits the creation of
more complex objects like functions and classes.