mirror of
https://github.com/github/codeql.git
synced 2026-02-12 05:01:06 +01:00
fdd1e3fefe
Many of the unsafe deserialization sinks have to stay defined in QL because they have custom logic that cannot be expressed in MaD models.
7 lines
223 B
YAML
7 lines
223 B
YAML
extensions:
|
|
- addsTo:
|
|
pack: codeql/java-all
|
|
extensible: sinkModel
|
|
data:
|
|
- ["com.esotericsoftware.yamlbeans", "YamlReader", True, "read", "", "", "Argument[this]", "unsafe-deserialization", "manual"]
|