feat: Added a new rule to detect unsafe use of yaml.load

Stanley · Stanley · commit 0096dbe92f70 · 2025-09-24T11:48:47.000+02:00
diff --git a/src/pyspector/rules/built-in-rules.toml b/src/pyspector/rules/built-in-rules.toml
@@ -84,6 +84,14 @@ remediation = "Avoid shell=True with subprocess.run. Pass commands as a list ins
 ast_match = "Call(func.value.id=subprocess, func.attr=run)"
 file_pattern = "*.py"
 
+[[rule]]
+id = "PY107"
+description = "Unsafe deserialization with 'yaml.load'."
+severity = "High"
+remediation = "Use 'yaml.safe_load()' instead of 'yaml.load()'."
+ast_match = "Call(func.value.id=yaml, func.attr=load)"
+file_pattern = "*.py"
+
 # -------------------------------------------
 # SECTION: Cryptographic Failures (OWASP A02:2021)
 # -------------------------------------------
