mirror of
https://github.com/github/codeql.git
synced 2025-12-20 02:44:30 +01:00
17 lines
416 B
Ruby
17 lines
416 B
Ruby
require "oj"
|
|
|
|
class UsersController < ActionController::Base
|
|
# GOOD - Oj.load is safe when any mode other than :object is set globally
|
|
def route0
|
|
json_data = params[:key]
|
|
object = Oj.load json_data
|
|
end
|
|
|
|
# BAD - the safe mode set globally is overridden with an unsafe mode passed as
|
|
# a call argument
|
|
def route1
|
|
json_data = params[:key]
|
|
object = Oj.load json_data, mode: :object
|
|
end
|
|
end
|