False-positive when Loader= not used in yaml.load(foo, yaml.SafeLoader)
#546
Labels
bug
Something isn't working
yaml.load(foo, yaml.SafeLoader)
#546
Summary
In the fix for #437, we forgot to handle positional arguments, it seems
context.get_call_arg_at_position
[1] can resolve this. PR #436 has all the related code one needs to edit.yaml.load(foo, yaml.SafeLoader)
, note noLoader=
keyword argument, we will alert off of it.p.s. Labels:
good first issue
,accuracy
[1]
bandit/bandit/core/context.py
Lines 284 to 285 in 09b0207
The text was updated successfully, but these errors were encountered: