hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
27650267a196a62350c4361b8ad506dc1e234117
codeql/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/DataContractSerializerBad.cs

14 lines
311 B
C#
Raw Blame History

using System.Runtime.Serialization;
using System.IO;
using System;
class BadDataContractSerializer
{
public static object Deserialize(Type type, Stream s)
{
var ds = new DataContractSerializer(type);
// BAD
return ds.ReadObject(s); // $ Alert[cs/unsafe-deserialization]
}
}
Reference in New Issue View Git Blame Copy Permalink