hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
27650267a196a62350c4361b8ad506dc1e234117
codeql/csharp/ql/test/query-tests/Security Features/CWE-502/DeserializedDelegate/DeserializedDelegate.cs

23 lines
656 B
C#
Raw Blame History

using System;
using System.Linq.Expressions;
using System.IO;
using System.Runtime.Serialization.Formatters.Binary;
class DeserializedDelegate
{
delegate int D();
public static void M(FileStream fs)
{
var formatter = new BinaryFormatter();
// BAD
var a = (Func<int>)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
// BAD
var b = (Expression<Func<int>>)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
// BAD
var c = (D)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
// GOOD
var d = (int)formatter.Deserialize(fs);
}
}
Reference in New Issue View Git Blame Copy Permalink