Addition of Synacktivs CodeQL analysisΒ #28
Description
Synacktiv have done an awesome write up of using CodeQL for source/sink analysis for detection of Java deserialization that would go well in this list
Writeup:
https://www.synacktiv.com/en/publications/finding-gadgets-like-its-2022
Associated tool/codebase:
https://github.com/synacktiv/QLinspector