Try CodeQL on LGTM.com

UnsafeDeserialization.ql

from DataFlow::PathNode source, DataFlow::PathNode sink, UnsafeDeserializationConfig conf

where conf.hasFlowPath(source, sink)

select sink.getNode().(UnsafeDeserializationSink).getMethodAccess(), source, sink,
    "Unsafe deserialization of $@.", source.getNode(), "user input"

Meet CodeQL

Run real queries on popular open source codebases using the using these instructions.

Step 2: query the code and find vulnerabilities

$ # Clone the project
$ git clone https://github.com/m-y-mo/struts_9805


$ # Create a CodeQL database
$ codeql database create ./struts_db -s ./struts_9805 \
  -j 0 -l java --command "mvn -B -DskipTests \
  -DskipAssembly"

Query open source codebases

You can create CodeQL databases yourself for any project that's under an OSI-approved open source license. To download CodeQL and get started, Features

  • Pricing
  • Atom
  • Community Forum
  • Contact GitHub

    • Company

    Follow Lee on X/Twitter - Father, Husband, Serial builder creating AI, crypto, games & web tools. We are friends :) AI Will Come To Life!

    Check out: eBank.nz (Art Generator) | Netwrck.com (AI Tools) | Text-Generator.io (AI API) | BitBank.nz (Crypto AI) | ReadingTime (Kids Reading) | RewordGame | BigMultiplayerChess | WebFiddle | How.nz | Helix AI Assistant