-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathUnsafeDeserialization.qhelp
More file actions
38 lines (27 loc) · 996 Bytes
/
UnsafeDeserialization.qhelp
File metadata and controls
38 lines (27 loc) · 996 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>Deserializing an object from untrusted input may result in security problems, such
as denial of service or remote code execution.</p>
</overview>
<recommendation>
<p>Avoid using an unsafe deserialization framework.</p>
</recommendation>
<example>
<p>In this example, a string is deserialized using a
<code>JavaScriptSerializer</code> with a simple type resolver. Using a type resolver
means that arbitrary code may be executed.</p>
<sample src="UnsafeDeserializationBad.cs" />
<p>To fix this specific vulnerability, we avoid using a type resolver. In other cases,
it may be necessary to use a different deserialization framework.</p>
<sample src="UnsafeDeserializationGood.cs" />
</example>
<references>
<li>
Muñoz, Alvaro and Mirosh, Oleksandr:
<a href="https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-Json-Attacks.pdf">JSON Attacks</a>.
</li>
</references>
</qhelp>