CodeQL library for C#
codeql/csharp-all 0.8.10-dev (changelog, source)
Search

Module UnsafeDeserializationQuery

Provides a taint-tracking configuration for reasoning about uncontrolled data in calls to unsafe deserializers (XML, JSON, XAML).

Import path

import semmle.code.csharp.security.dataflow.UnsafeDeserializationQuery

Imports

csharp

The default C# QL library.

Classes

JsonConvertTrackingConfig

DEPRECATED: Use JsonConvertTracking instead.

Sanitizer

A sanitizer for unsafe deserialization vulnerabilities.

Sink

A data flow sink for unsafe deserialization vulnerabilities.

Source

A data flow source for unsafe deserialization vulnerabilities.

TaintToConstructorOrStaticMethodTrackingConfig

DEPRECATED: Use TaintToConstructorOrStaticMethodTracking instead.

TaintToObjectMethodTrackingConfig

DEPRECATED: Use TaintToObjectMethodTracking instead.

TaintToObjectTypeTrackingConfig

DEPRECATED: Use TaintToObjectTypeTracking instead.

TypeNameTrackingConfig

DEPRECATED: Use TypeNameTracking instead.

WeakTypeCreationToUsageTrackingConfig

DEPRECATED: Use WeakTypeCreationToUsageTracking instead.

Aliases

JsonConvertTracking

User input to JsonConvert call deserialization flow tracking module.

TaintToConstructorOrStaticMethodTracking

User input to static method or constructor call deserialization flow tracking module.

TaintToObjectMethodTracking

User input to object method call deserialization flow tracking module.

TaintToObjectTypeTracking

User input to instance type flow tracking module.

TypeNameTracking

Configuration module for tracking unsafe TypeNameHandling setting to JsonConvert calls.

WeakTypeCreationToUsageTracking

Unsafe deserializer creation to usage tracking module.