8209548e54
Improvement identified in #2790. Add a prefix to the diff-id when it is used multiple times in different "how to fix it in XYZ" sections to avoid ambiguity and pedantically follow the spec: > A single and unique diff-id should be used only once for each type of code example as shown in the description of a rule. Obvious typos around `diff-type` were fixed. An obvious extra use of diff blocks was removed.
47 lines
1.1 KiB
Plaintext
47 lines
1.1 KiB
Plaintext
== How to fix it in PyYAML
|
|
|
|
=== Code examples
|
|
|
|
The following code is vulnerable to deserialization attacks because it
|
|
deserializes untrusted data without validating it first.
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,python,diff-id=11,diff-type=noncompliant]
|
|
----
|
|
def unsafe():
|
|
obj = yaml.load(request.args.get("object"), Loader=yaml.Loader)
|
|
return str(obj["status"] == "OK")
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,python,diff-id=11,diff-type=compliant]
|
|
----
|
|
def safe():
|
|
obj = yaml.safe_load(request.args.get("object"))
|
|
return str(obj["status"] == "OK")
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/introduction.adoc[]
|
|
|
|
include::../../common/fix/safer-serialization.adoc[]
|
|
|
|
The example compliant solution uses the `safe_load` method in place of the less
|
|
secure `load` one. It disables loading arbitrary Python object and thus
|
|
prevents the execution of arbitrary or dangerous functions.
|
|
|
|
Note that the same level of security can be reached with the `load` method as
|
|
soon as a safe `Loader` component is passed to it.
|
|
|
|
[source,python]
|
|
----
|
|
yaml.load(untrusted, Loader=yaml.SafeLoader)
|
|
----
|
|
|
|
include::../../common/fix/integrity-check.adoc[]
|
|
|
|
|