hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
remove-javascript
codeql/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/XmlObjectSerializerUntrustedInputGood.cs
edvraa ac29184521 deserialization sinks
2021-03-20 21:50:46 +02:00

22 lines
662 B
C#
Raw Permalink Blame History

using System.Web.UI.WebControls;
using System.Runtime.Serialization;
using System.IO;
using System.Text;
using System;
class GoodXmlObjectSerializer
{
public static object Deserialize1(TextBox data)
{
// GOOD
XmlObjectSerializer ds = new DataContractSerializer(typeof(GoodXmlObjectSerializer));
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text)));
}
public static object Deserialize2(TextBox type)
{
XmlObjectSerializer ds = new DataContractSerializer(Type.GetType(type.Text));
// GOOD
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes("hardcoded")));
}
}
Reference in New Issue View Git Blame Copy Permalink