Closed sahirK closed 2 years ago
Even though handle could be a trusted input, using yaml_load() could be bad (depending on permissions to write files to the policy path, perms for user runnning terrafirma,.......)
handle
https://github.com/wayfair/terrafirma/blob/973c521a72dbd5eaa91061898bab351c3d1668a6/terrafirma/checks.py#L24
Even though
handlecould be a trusted input, using yaml_load() could be bad (depending on permissions to write files to the policy path, perms for user runnning terrafirma,.......)https://github.com/wayfair/terrafirma/blob/973c521a72dbd5eaa91061898bab351c3d1668a6/terrafirma/checks.py#L24