Skip to content

Latest commit

 

History

History
28 lines (19 loc) · 649 Bytes

Security-MarshalLoad.md

File metadata and controls

28 lines (19 loc) · 649 Bytes

Pattern: Use of Marshal.*

Issue: -

Description

This rule checks for the use of Marshal class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

Examples

# bad
Marshal.load("{}")
Marshal.restore("{}")

# good
Marshal.dump("{}")

# okish - deep copy hack
Marshal.load(Marshal.dump({}))

Further Reading