Module UnsafeDeserializationQuery
Provides a taint-tracking configuration for reasoning about uncontrolled data in calls to unsafe deserializers (XML, JSON, XAML).
Import path
import semmle.code.csharp.security.dataflow.UnsafeDeserializationQuery
Imports
csharp | The default C# QL library. |
Classes
Aliases
JsonConvertTracking | User input to |
TaintToConstructorOrStaticMethodTracking | User input to static method or constructor call deserialization flow tracking module. |
TaintToObjectMethodTracking | User input to object method call deserialization flow tracking module. |
TaintToObjectTypeTracking | User input to instance type flow tracking module. |
TypeNameTracking | Configuration module for tracking unsafe |
WeakTypeCreationToUsageTracking | Unsafe deserializer creation to usage tracking module. |