sdk/python/Deserialization/PyYaml

PyYaml

PyYAML is the standard YAML library. yaml.load() with the default Loader (or UnsafeLoader / Loader) instantiates arbitrary Python classes — RCE sink on untrusted input. Use yaml.safe_load() or Loader=yaml.SafeLoader instead.

3 sinks2 sanitizers

Taint flow0 sources → 2 sanitizers → 3 sinks

Sanitizers — blocks taint

.safe_load().safe_load_all()

Sinks — dangerous call

.load()Deserializes a YAML document

.load_all()Deserializes multiple YAML documents

.full_load()Uses FullLoader — safer than Loader but still resolves some Python tags

Sinks

— dangerous functions taint must not reach

.load()Sink

Signature

yaml.load(stream, Loader) -> Any

Deserializes a YAML document. RCE sink under Loader / UnsafeLoader.

tracks:0

.load_all()Sink

Signature

yaml.load_all(stream, Loader) -> Iterator[Any]

Deserializes multiple YAML documents. Same RCE risk as load().

tracks:0

.full_load()Sink

Signature

yaml.full_load(stream) -> Any

Uses FullLoader — safer than Loader but still resolves some Python tags. Prefer safe_load.

tracks:0

Sanitizers

— functions that neutralize taint

.safe_load()Sanitizer

Signature

yaml.safe_load(stream) -> Any

Deserializes YAML using SafeLoader. Only built-in types. Use this.

tracks:return

.safe_load_all()Sanitizer

Signature

yaml.safe_load_all(stream) -> Iterator[Any]

Safe multi-document load. Sanitizer.

tracks:return

Fully-Qualified Names

FQN	Field
yaml	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py

from codepathfinder.go_rule import PyYaml

← PreviousPyXmltodict