CodeQL library for Python
codeql/python-all 0.6.4 (changelog, source)
Search

Module Marshal

Provides class and predicates to track external data that may represent malicious marshals.

This module is intended to be imported into a taint-tracking query to extend TaintKind and TaintSink.

Import path

import semmle.python.security.injection.Marshal

Imports

Classes

UnmarshalingNode

A taint sink that is potentially vulnerable to malicious marshaled objects. The vuln in marshal.loads(vuln).