Challenge type: Code review
Fixed in: version 0.2.2
Original code: found here
This week's challenge was another code review challenge that shows a Python-based YAML parser from the MLAlchemy library. Parsing can be tricky business, if not done correctly it can lead to a slew of arbitrary code execution issues. That's exactly what happened in this case.
The parse_yaml_query function is the culprit in this case, it uses the yaml.load method call instead of its more secure safe_load alternative.
Take a look at the code below to see how it looks.
If you're interested in keeping up on Coffee With A Splash Of Cyber each week, subscribe by entering your email address below.