Skip to main content

34. Secure JSON and YAML Handling

Improper parsing can expose code execution or resource loading vulnerabilities.

Insecure Example

import yaml
config = yaml.load(open("config.yaml"))  # Unsafe loader!

Secure Example

import yaml, json

with open("config.yaml", "r", encoding="utf-8") as f:
    config = yaml.safe_load(f)

with open("output.json", "w", encoding="utf-8") as out:
    json.dump(config, out, indent=2)

✅ Lesson: Always use yaml.safe_load and properly encoded JSON for configuration files.

Insecure Example
Secure Example