This commit is contained in:
Tom Hvitved 2019-11-04 13:43:39 +01:00
Родитель fd63246f44
Коммит 508b09f565
3 изменённых файлов: 4 добавлений и 4 удалений

Просмотреть файл

@ -9,9 +9,9 @@ The following changes in version 1.23 affect C# analysis in all applications.
| **Query** | **Tags** | **Purpose** |
|-----------------------------|-----------|--------------------------------------------------------------------|
| Deserialized delegate (`cs/deserialized-delegate`) | security, external/cwe/cwe-502 | Finds unsafe deserialization of delegate types. |
| Deserialization of untrusted data (`cs/unsafe-deserialization-untrusted-input`) | security | Finds flow of untrusted input to calls to unsafe deserializers. |
| Deserialization of untrusted data (`cs/unsafe-deserialization-untrusted-input`) | security, external/cwe/cwe-502 | Finds flow of untrusted input to calls to unsafe deserializers. |
| Unsafe year argument for 'DateTime' constructor (`cs/unsafe-year-construction`) | reliability, date-time | Finds incorrect manipulation of `DateTime` values, which could lead to invalid dates. |
| Unsafe deserializer (`cs/unsafe-deserialization`) | security | Finds calls to unsafe deserializers. |
| Unsafe deserializer (`cs/unsafe-deserialization`) | security, external/cwe/cwe-502 | Finds calls to unsafe deserializers. |
| Mishandling the Japanese era start date (`cs/mishandling-japanese-era`) | reliability, date-time | Finds hard-coded Japanese era start dates that could be invalid. |
## Changes to existing queries

Просмотреть файл

@ -5,7 +5,7 @@
<overview>
<p>Deserializing an object from untrusted input may result in security problems, such
as denial-of-service or remote code execution.</p>
as denial of service or remote code execution.</p>
</overview>
<recommendation>

Просмотреть файл

@ -5,7 +5,7 @@
<overview>
<p>Deserializing an object from untrusted input may result in security problems, such
as denial-of-service or remote code execution.</p>
as denial of service or remote code execution.</p>
</overview>
<recommendation>