rspec/rules/S5766/description.adoc


			
				
					
						
						
						
							
							
							Deserialization process extracts data from the serialized representation of an object and reconstruct it directly, without calling constructors. Thus, data validation implemented in constructors can be bypassed if serialized objects are controlled by an attacker.

						
						
					
				
				
					
						Reference in New Issue
					
					View Git Blame
					Copy Permalink