RoslynAnalyzers Do Not Call Dangerous Methods In Deserialization
Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a Denial-of-Service (DoS) attack, or even execute arbitrary code upon it being deserialized. It's frequently possible for malicious users to abuse these deserialization features when the application is deserializing untrusted data which is under their control. Specifically, invoke dangerous methods in the process of deserialization. Successful insecure deserialization attacks could allow an attacker to carry out attacks such as DoS attacks, authentication bypasses, and remote code execution.
Locating this inspection
- By ID
Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.
CA5360- Via Settings dialog
Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.
Suppressing Inspection
You can suppress this inspection by placing the following comment marker before the code fragment where you no longer want messages from this inspection to appear:
More detailed instructions as well as other ways and options that you have can be found in the product documentation:
Inspection Details | |
|---|---|
By default bundled with: |