feat(TIER13-FULLSTACK-WP-041) v1.0.0 — Full-Stack AI Governance Ontology (Tier 1-3) for G-SIFIs (2026-2030)#76
Found 0 failures, 1 warning, and 0 notices.
The check found 0 failures, 1 warning, and 0 notices. Review the documentation link on each issue to determine how to resolve. Alternatively, false positives can be suppressed. See documentation for details.
Details
PY009: Deserialization of Untrusted Data
Expand for further details
The Python json module provides a way to parse and generate JSON data.
However, it is important to be aware that malicious JSON strings can be used
to attack applications that use the json module. For example, a malicious
JSON string could be used to cause the decoder to consume considerable CPU
and memory resources, which could lead to a denial-of-service attack.
Example
import json
json.loads('["foo", {"bar":["baz", null, 1.0, 2]}]')??? example "Example Output"
> precli --enable=all tests/unit/rules/python/stdlib/json/examples/json_loads.py ⚠️ Warning on line 4 in tests/unit/rules/python/stdlib/json/examples/json_loads.py PY009: Deserialization of Untrusted Data Potential unsafe usage of 'json.loads' that can allow instantiation of arbitrary objects.
Remediation
To avoid this vulnerability, it is important to only parse JSON data from
trusted sources. If you are parsing JSON data from an untrusted source, you
should first sanitize the data to remove any potential malicious code.
Default Configuration
enabled = false
level = "warning"See also
!!! info
- json — JSON encoder and decoder
- CWE-502: Deserialization of Untrusted Data
New in version 0.1.0
Precaution v0.7.9
Annotations
Check warning on line 10 in rag-agentic-dashboard/gen-tier13-fullstack-html.py
precaution / Precaution Basic
PY009: Deserialization of Untrusted Data
Potential unsafe usage of 'json.loads' that can allow instantiation of
arbitrary objects.