SharpSerializer

csharp/ql/src/semmle/code/csharp/security/dataflow/UnsafeDeserialization.qll

@@ -798,4 +798,18 @@ module UnsafeDeserialization {
       )
     }
   }
+
+  /** SharpSerializer */
+  private class SharpSerializerDeserializeMethodSink extends InstanceMethodSink {
+    SharpSerializerDeserializeMethodSink() {
+      exists(MethodCall mc, Method m |
+        m = mc.getTarget() and
+        (
+          not mc.getArgument(0).hasValue() and
+          m instanceof SharpSerializerClassDeserializeMethod
+        ) and
+        this.asExpr() = mc.getArgument(0)
+      )
+    }
+  }
 }

csharp/ql/src/semmle/code/csharp/serialization/Deserializers.qll

@@ -63,6 +63,8 @@ class WeakTypeDeserializer extends Class {
     this instanceof ServiceStackTextCsvSerializerClass
     or
     this instanceof ServiceStackTextXmlSerializerClass
+    or
+    this instanceof SharpSerializerClass
   }
 }
 
@@ -624,3 +626,16 @@ class CsPicklerSerializerClassUnPickleOfStringMethod extends Method, UnsafeDeser
     this.hasName("UnPickleOfString")
   }
 }
+
+/** Polenter.Serialization.SharpSerializer */
+private class SharpSerializerClass extends Class {
+  SharpSerializerClass() { this.hasQualifiedName("Polenter.Serialization.SharpSerializer") }
+}
+
+/** `Polenter.Serialization.SharpSerializer.Deserialize` method */
+class SharpSerializerClassDeserializeMethod extends Method, UnsafeDeserializer {
+  SharpSerializerClassDeserializeMethod() {
+    this.getDeclaringType().getBaseClass*() instanceof SharpSerializerClass and
+    this.hasName("Deserialize")
+  }
+}