...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
| SER12-J | High | Likely | High | P9 | L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Useful for developing exploits that detect violation of this rule |
It should not be difficult No known tools for automated detection exist yet. However, it should not to be hard to write a static analysis to check for deserialization that fails to overload overload resolveClass() to compare against a whitelist.
Related Guidelines
...