Module UnsafeDeserializationQuery
Provides a taint-tracking configuration for reasoning about uncontrolled data in calls to unsafe deserializers (XML, JSON, XAML).
Import path
import semmle.code.csharp.security.dataflow.UnsafeDeserializationQuery
Imports
csharp | The default C# QL library. |
Classes
JsonConvertTrackingConfig | DEPRECATED: Use |
Sanitizer | A sanitizer for unsafe deserialization vulnerabilities. |
Sink | A data flow sink for unsafe deserialization vulnerabilities. |
Source | A data flow source for unsafe deserialization vulnerabilities. |
TaintToConstructorOrStaticMethodTrackingConfig | DEPRECATED: Use |
TaintToObjectMethodTrackingConfig | DEPRECATED: Use |
TaintToObjectTypeTrackingConfig | DEPRECATED: Use |
TypeNameTrackingConfig | DEPRECATED: Use |
WeakTypeCreationToUsageTrackingConfig | DEPRECATED: Use |
Aliases
JsonConvertTracking | User input to |
TaintToConstructorOrStaticMethodTracking | User input to static method or constructor call deserialization flow tracking module. |
TaintToObjectMethodTracking | User input to object method call deserialization flow tracking module. |
TaintToObjectTypeTracking | User input to instance type flow tracking module. |
TypeNameTracking | Configuration module for tracking unsafe |
WeakTypeCreationToUsageTracking | Unsafe deserializer creation to usage tracking module. |