mirror of
https://github.com/github/codeql.git
synced 2026-03-05 07:06:47 +01:00
fdd1e3fefe
Many of the unsafe deserialization sinks have to stay defined in QL because they have custom logic that cannot be expressed in MaD models.
7 lines
221 B
YAML
7 lines
221 B
YAML
extensions:
|
|
- addsTo:
|
|
pack: codeql/java-all
|
|
extensible: sinkModel
|
|
data:
|
|
- ["org.exolab.castor.xml", "Unmarshaller", True, "unmarshal", "", "", "Argument[0..1]", "unsafe-deserialization", "manual"]
|