Dangerous API
ID |
csharp.dangerous_api |
Severity |
low |
Resource |
Api |
Language |
CSharp |
Tags |
CWE:676, NIST.SP.800-53 |
Rationale
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
This rule specifically examines the usage of BinaryFormatter in C# applications. BinaryFormatter serialization is obsolete and should not be used.
Configuration
The detector has the following configurable parameters:
-
banned, that indicates the APIs that the detector is going to consider as banned.
References
-
CWE-676 : Use of Potentially Dangerous Function.
-
BinaryFormatter obsolete : Deserialization risks in use of BinaryFormatter and related types.