Our website uses cookies to enhance your browsing experience.
Accept
to the top
Home
>
Posts
>
Examples of errors
>
Examples of errors detected by the...

Examples of errors detected by the V5611 diagnostic

V5611. OWASP. Potential insecure deserialization vulnerability. Potentially tainted data is used to create an object using deserialization.

Power-Fx

V5611 [CWE-502, OWASP-1.5.2, OWASP-5.5.3] Possible insecure deserialization. Potentially tainted data in the 'json' variable is used to deserialize an object. EngineSchemaChecker.cs 31


public static void Check(Engine engine, string pathInput)
{
  EngineSchema schema;
  if (pathInput != null)
  {
    var json = File.ReadAllText(pathInput);
    schema = JsonSerializer.Deserialize<EngineSchema>(json);
  }
  ....
}

Similar errors can be found in some other places:

  • V5611 [CWE-502, OWASP-1.5.2, OWASP-5.5.3] Possible insecure deserialization. Potentially tainted data in the 'expected' variable is used to deserialize an object. FormulaTypeSerializerSnapshotTests.cs 62