Fix code scanning alert - Deserialization of user-controlled data

Question

Fix code scanning alert - Deserialization of user-controlled data

northlander opened this issue a year ago · comments

Tracking issue for:

https://github.com/fmtn/a/security/code-scanning/1

Petter Nordlander · Answer 1 · Sun Sep 03 2023 16:43:55 GMT+0800 (China Standard Time)

Will close this one. It's about dealing with ObjectMessage from a dump. Not sure it's possible to do without serialization. Of course, ObjectMessage is a security issue in itself, but if someone decide it's safe to deal with them in their broker, then this software should not make any other assumptions.