We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent a93d6a3 commit 57689dfCopy full SHA for 57689df
csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql
@@ -13,9 +13,7 @@
13
import csharp
14
import semmle.code.csharp.security.dataflow.UnsafeDeserialization::UnsafeDeserialization
15
16
-from Call deserializeCall, DataFlow::Node sink
17
-where
18
- deserializeCall.getAnArgument() = sink.asExpr() and
19
- sink instanceof Sink
+from Call deserializeCall, Sink sink
+where deserializeCall.getAnArgument() = sink.asExpr()
20
select deserializeCall,
21
"Unsafe deserializer is used. Make sure the value being deserialized comes from a trusted source."
0 commit comments