ishangsf/rspec - rspec - BuBaQ

ishangsf/rspec

2 lines

309 B

Plaintext

Raw Normal View History

Modify rule S5773: Change text to education framework format (APPSEC-1112) (#3166) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

2023-09-29 15:43:53 +02:00

During the deserialization process, the state of an object will be reconstructed from the serialized data stream. By allowing unrestricted deserialization of types, the application makes it possible for attackers to use types with dangerous or otherwise sensitive behavior during the deserialization process.