sdk/python/Deserialization/PyToml

PyToml

toml parses TOML configuration. toml.load() is a neutral data loader — values become sources when the config file is user-supplied. tomllib (stdlib, 3.11+) is the modern replacement.

2 sources

Taint flow2 sources → 0 sinks

Sources — untrusted input

.load()Parses TOML from a file

.loads()Parses TOML from a string

Sources

— user-controlled input enters here

.load()Source

Signature

toml.load(f) -> dict

Parses TOML from a file. Source when file is user-controlled.

tracks:return

.loads()Source

Signature

toml.loads(s: str) -> dict

Parses TOML from a string. Source.

tracks:return

Fully-Qualified Names

FQN	Field
toml	fqns[0]
tomllib	fqns[1]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py

from codepathfinder.go_rule import PyToml

← PreviousPySimplejson

Next →PyXmlDom