CodeQL library for C#
codeql/csharp-all 3.1.2-dev (changelog, source)
Search

Module UnsafeDeserializationQuery

Provides a taint-tracking configuration for reasoning about uncontrolled data in calls to unsafe deserializers (XML, JSON, XAML).

Import path

import semmle.code.csharp.security.dataflow.UnsafeDeserializationQuery

Imports

csharp

The default C# QL library.

Classes

Sanitizer

A sanitizer for unsafe deserialization vulnerabilities.

Sink

A data flow sink for unsafe deserialization vulnerabilities.

Source

A data flow source for unsafe deserialization vulnerabilities.

Aliases

JsonConvertTracking

User input to JsonConvert call deserialization flow tracking module.

TaintToConstructorOrStaticMethodTracking

User input to static method or constructor call deserialization flow tracking module.

TaintToObjectMethodTracking

User input to object method call deserialization flow tracking module.

TaintToObjectTypeTracking

User input to instance type flow tracking module.

TypeNameTracking

Configuration module for tracking unsafe TypeNameHandling setting to JsonConvert calls.

WeakTypeCreationToUsageTracking

Unsafe deserializer creation to usage tracking module.