// Investigate insecure deserialization vulnerabilities that can lead to RCE or data manipulation. Use when threat model identifies CWE-502 (Deserialization of Untrusted Data), CWE-915 (Mass Assignment), or object deserialization concerns.
Investigate authentication vulnerabilities in source code including missing authentication, weak authentication, and session management issues. Use when threat model identifies CWE-287 (Improper Authentication), CWE-384 (Session Fixation), CWE-306 (Missing Authentication), or authentication concerns.
Investigate authorization vulnerabilities in source code including IDOR, privilege escalation, and missing access controls. Use when threat model identifies CWE-639 (IDOR), CWE-862 (Missing Authorization), CWE-863 (Incorrect Authorization), CWE-269 (Privilege Escalation), or access control concerns.
Investigate browser security vulnerabilities including CORS misconfiguration, CSRF, clickjacking, and cookie security. Use when threat model identifies CWE-346 (Origin Validation), CWE-942 (Permissive CORS), CWE-352 (CSRF), CWE-1021 (Clickjacking), or browser security concerns.
Investigate cryptographic vulnerabilities in source code including weak algorithms, hardcoded secrets, and improper key management. Use when threat model identifies CWE-327 (Use of Broken Crypto), CWE-798 (Hardcoded Credentials), CWE-326 (Inadequate Encryption), or cryptography concerns.
Investigate data exposure vulnerabilities in source code including PII leakage, sensitive data logging, and information disclosure. Use when threat model identifies CWE-200 (Information Exposure), CWE-532 (Sensitive Data in Logs), CWE-359 (Privacy Violation), or data exposure concerns.
Investigate file operation vulnerabilities including unrestricted file upload, path traversal in file operations, and insecure file handling. Use when threat model identifies CWE-434 (Unrestricted Upload), CWE-73 (External Control of File Path), CWE-427 (Uncontrolled Search Path), or file security concerns.
| name | sast-deserialization-testing |
| description | Investigate insecure deserialization vulnerabilities that can lead to RCE or data manipulation. Use when threat model identifies CWE-502 (Deserialization of Untrusted Data), CWE-915 (Mass Assignment), or object deserialization concerns. |
| allowed-tools | Read, Grep, Glob |
Investigate deserialization vulnerabilities by analyzing:
Insecure deserialization can lead to:
Python's pickle module executes arbitrary code during deserialization.
Dangerous Patterns:
import pickle
# CRITICAL: Never unpickle untrusted data
data = request.get_data()
obj = pickle.loads(data) # RCE!
# Base64-encoded pickle
import base64
encoded = request.args.get('data')
obj = pickle.loads(base64.b64decode(encoded)) # RCE!
# From file uploaded by user
with open(uploaded_file, 'rb') as f:
obj = pickle.load(f) # RCE!
# From Redis/cache (if attacker can poison cache)
cached = redis.get(key)
obj = pickle.loads(cached)
Safe Patterns:
# Use JSON instead
import json
data = request.get_json()
# If pickle is absolutely required, use hmac signing
import hmac
def safe_loads(data, key):
signature, payload = data.split(b':', 1)
expected = hmac.new(key, payload, 'sha256').digest()
if not hmac.compare_digest(signature, expected):
raise ValueError("Invalid signature")
return pickle.loads(payload)
PyYAML with unsafe loader allows code execution.
Dangerous Patterns:
import yaml
# CRITICAL: yaml.load without Loader
data = request.get_data()
config = yaml.load(data) # RCE in older PyYAML versions
# Explicitly unsafe
config = yaml.load(data, Loader=yaml.UnsafeLoader)
config = yaml.unsafe_load(data)
# FullLoader still has some risks
config = yaml.load(data, Loader=yaml.FullLoader)
Safe Patterns:
# Use SafeLoader
config = yaml.safe_load(data)
config = yaml.load(data, Loader=yaml.SafeLoader)
# Or use JSON for untrusted input
import json
config = json.loads(data)
Binding user input directly to object attributes.
Dangerous Patterns:
# Direct attribute assignment from request
user = User()
for key, value in request.json.items():
setattr(user, key, value) # Can set is_admin, role, etc.
# ORM update with all fields
User.query.filter_by(id=user_id).update(request.json)
# Model creation with **kwargs
user = User(**request.json) # All fields from request
# Django example
user = User.objects.create(**request.POST.dict())
Safe Patterns:
# Explicit field allowlist
ALLOWED_FIELDS = {'name', 'email', 'bio'}
data = {k: v for k, v in request.json.items() if k in ALLOWED_FIELDS}
user = User(**data)
# Pydantic/dataclass validation
from pydantic import BaseModel
class UserUpdate(BaseModel):
name: str
email: str
# is_admin NOT included - cannot be set
user_data = UserUpdate(**request.json)
# Django Forms
form = UserForm(request.POST)
if form.is_valid():
user = form.save()
Custom object hooks can be exploited.
Dangerous Patterns:
import json
# Custom decoder that instantiates classes
def object_hook(d):
if '__class__' in d:
cls = globals()[d['__class__']] # Dangerous!
return cls(**d)
return d
data = json.loads(request.data, object_hook=object_hook)
# jsonpickle (unsafe by default)
import jsonpickle
obj = jsonpickle.decode(request.data) # Can instantiate arbitrary classes
Safe Patterns:
# Plain JSON without object hooks
data = json.loads(request.data)
# Type-safe deserialization
from pydantic import BaseModel
data = UserModel.parse_raw(request.data)
# marshmallow schemas
schema = UserSchema()
user = schema.loads(request.data)
Java:
// Dangerous
ObjectInputStream ois = new ObjectInputStream(inputStream);
Object obj = ois.readObject(); // RCE via gadget chains
// Jackson with default typing
ObjectMapper mapper = new ObjectMapper();
mapper.enableDefaultTyping(); // Dangerous!
PHP:
// Dangerous
$obj = unserialize($_POST['data']); // Object injection
// Safe
$data = json_decode($_POST['data'], true); // Returns array
Ruby:
# Dangerous
obj = Marshal.load(params[:data])
YAML.load(params[:config])
# Safe
data = JSON.parse(params[:data])
YAML.safe_load(params[:config])
# Python
Search for: pickle.load, pickle.loads, cPickle
yaml.load, yaml.unsafe_load
marshal.load, shelve.open
jsonpickle.decode
# General
Search for: deserialize, unmarshal, unserialize
object_hook, decode(, loads(
For each deserialization call:
Search for: setattr(, __dict__.update
**request, **kwargs, .update(request
Model(**data), create(**data)
__reduce__, __getstate__?TRUE_POSITIVE:
FALSE_POSITIVE:
UNVALIDATED:
### Verdict
- **verdict**: TRUE_POSITIVE or FALSE_POSITIVE
- **confidence_score**: 1-10
- **risk_level**: LOW, MEDIUM, HIGH, or CRITICAL
### Vulnerability Type
- **Category**: Pickle RCE / YAML RCE / Mass Assignment / JSON Object Injection
- **Potential Impact**: RCE / Privilege Escalation / Data Manipulation
### Evidence
- **Location**: file:line
- **Dangerous Function**: [pickle.loads, yaml.load, etc.]
- **Data Source**: [request, file, cache, etc.]
### Attack Scenario
1. [How attacker provides malicious payload]
2. [What code executes or what state changes]
### Gadget Chain Analysis (if applicable)
- Libraries in scope: [list]
- Known gadgets: [if any]
### Recommendations
- [Specific fix with code example]
Deserialization investigations may need:
subprocess, os - Command executionrequests - SSRF chains