Update javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll

Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2026-05-01 11:45:14 +02:00 · 2020-10-08 21:28:50 +02:00
parent 1ed026fcce
commit 65b90c411c
1 changed files with 1 additions and 0 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
@@ -87,6 +87,7 @@ module CodeInjection {
        this = c.getArgument(index)
      )
      or
+      // node-serialize is not intended to be safe for untrusted inputs
      this = DataFlow::moduleMember("node-serialize", "unserialize").getACall().getArgument(0)
    }
  }