Rule Information
Tags
pythonruamel-yamlunsafe-yamldeserializationCWE-502OWASP-A08
CWE References
Interactive Playground
Experiment with the vulnerable code and security rule below. Edit the code to see how the rule detects different vulnerability patterns.
pathfinder scan --ruleset python/PYTHON-LANG-SEC-043 --project .1
2
3
4
5
6
7
8
rule.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
About This Rule
Understanding the vulnerability and how it is detected
ruamel.yaml is a YAML parser that supports multiple loading modes via the typ parameter: 'rt' (round-trip, default), 'safe', 'base', 'unsafe', and 'full'. When configured with typ='unsafe' or typ='full', ruamel.yaml enables Python-specific YAML tags (!!python/object, !!python/apply) that can instantiate arbitrary Python classes during parsing.
Like PyYAML's unsafe loader, this creates a remote code execution vulnerability when processing YAML from untrusted sources. An attacker who can control the YAML content can craft a document that executes arbitrary Python code when the YAML object's load() method is called.
The default typ='rt' (round-trip) loader does not support Python object instantiation and is safe for parsing untrusted YAML content. Always use typ='safe' or the default when processing external data.
Security Implications
Potential attack scenarios if this vulnerability is exploited
1
Python Object Instantiation via YAML Tags
With typ='unsafe', ruamel.yaml processes !!python/object and !!python/apply YAML tags that import and instantiate arbitrary Python classes. An attacker crafts YAML with !!python/object/apply:os.system to execute system commands when the YAML is parsed.
2
Configuration File Attack Surface
Infrastructure tools, DevOps scripts, and application configuration loaders that use ruamel.yaml to process user-editable or network-sourced YAML files with typ='unsafe' are vulnerable. This is especially common in Python-based configuration management tools.
3
CI/CD Pipeline Exploitation
CI/CD tools written in Python that parse pipeline definition files or workflow configurations using ruamel.yaml with unsafe mode allow users who can submit pipeline files to execute code with the pipeline runner's privileges.
4
Infrastructure-as-Code Attacks
Ansible, SaltStack, and similar Python-based IaC tools use YAML for playbooks and configuration. If any component uses ruamel.yaml with unsafe mode to process playbooks, submitted playbook content could execute code on the management node.
How to Fix
Recommended remediation steps
- 1Replace YAML(typ='unsafe') with YAML(typ='safe') or YAML() (default round-trip) for all external YAML parsing.
- 2Never use typ='full' or typ='unsafe' for YAML content that could be influenced by external users.
- 3If Python object serialization is required for internal use, consider alternative approaches such as explicit JSON schemas or Protocol Buffers.
- 4Audit all ruamel.yaml usage in CI/CD tools, configuration loaders, and infrastructure scripts.
- 5Validate YAML structure and types after safe loading to ensure the input matches the expected schema.
Detection Scope
How Code Pathfinder analyzes your code for this vulnerability
This rule detects YAML() constructor calls where the typ parameter is set to 'unsafe' or 'full'. These are the ruamel.yaml modes that enable Python object instantiation during YAML parsing and are dangerous when processing untrusted YAML content.
Compliance & Standards
Industry frameworks and regulations that require detection of this vulnerability
CWE Top 25
CWE-502 - Deserialization of Untrusted Data
OWASP Top 10
A08:2021 - Software and Data Integrity Failures
NIST SP 800-53
SI-10: Information Input Validation
PCI DSS v4.0
Requirement 6.2.4 - Protect against deserialization attacks
References
External resources and documentation
Similar Rules
Explore related security rules for Python
HIGH
Pickle Deserialization of Untrusted Data
pickle.loads() and pickle.load() execute arbitrary Python code during deserialization. Never unpickle data from untrusted sources.
HIGH
PyYAML Unsafe Load Function
yaml.load() and yaml.unsafe_load() can execute arbitrary Python objects during YAML parsing. Use yaml.safe_load() instead.
HIGH
jsonpickle Deserialization Detected
jsonpickle.decode() can execute arbitrary Python code during deserialization. Use the standard json module for untrusted data.
Frequently Asked Questions
Common questions about ruamel.yaml Unsafe Loader Configuration
'rt' (round-trip, default): preserves comments and formatting, does not instantiate
Python objects. 'safe': equivalent to PyYAML's SafeLoader, only standard YAML types.
'base': minimal loader for scalars only. 'unsafe': enables all Python tags including
!!python/object/apply. 'full': similar to unsafe, supports full Python type set. Use
'safe' or 'rt' (default) for untrusted data.
Yes. ruamel.yaml's default typ='rt' (round-trip) does not process Python-specific
YAML tags and is safe for parsing untrusted YAML. The vulnerability only occurs with
typ='unsafe' or typ='full'. If you're using YAML() without a typ argument, you are
using the safer round-trip loader.
The unsafe loader is intended for deserializing Python objects that were serialized
using ruamel.yaml's unsafe dumper, typically for Python-to-Python data exchange where
both ends are trusted. It is not intended for processing user-provided YAML or any
data from external sources.
Both have equivalent YAML deserialization risks when configured with unsafe loaders.
ruamel.yaml's default mode is safer than old PyYAML (pre-5.1) since it does not
process Python tags by default. When explicitly configured with typ='unsafe', they
have the same RCE risk. Prefer ruamel.yaml's default mode or typ='safe' for all
external YAML parsing.
Yes. typ='safe' handles all standard YAML 1.1 and 1.2 features including anchors,
aliases, multi-document streams, and all standard scalar types (strings, integers,
floats, booleans, nulls, timestamps). The only restriction is Python-specific tags.
Implement explicit serialization using typ='safe' YAML with manual dict/list conversion.
Use dataclasses or pydantic models with .model_dump() to convert to plain dicts before
YAML serialization. This produces portable YAML that can be loaded with any safe YAML
parser without Python-specific tag dependencies.
New feature
Get these findings posted directly on your GitHub pull requests
The ruamel.yaml Unsafe Loader Configuration rule runs in CI and posts inline review comments on the exact lines — no dashboard, no SARIF viewer.