Thanks to visit codestin.com Credit goes to github.com
We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 8a2e063 commit f328e84Copy full SHA for f328e84
1 file changed
python/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
@@ -24,6 +24,9 @@ Avoid deserialization of untrusted data if at all possible. If the
24
architecture permits it then use other formats instead of serialized objects,
25
for example JSON.
26
</p>
27
+<p>
28
+If you need to use YAML, use the <code>yaml.safe_load</code> function.
29
+</p>
30
</recommendation>
31
32
<example>
0 commit comments