RFH: jsonpickle security detection
davvid opened this issue · 1 comments
davvid commented
I'd like to work with y'all to have snyk detect when applications use jsonpickle.decode() on untrusted/tainted inputs.
We've since added lots of warnings to jsonpickle's documentation, but working with security scanners to treat jsonpickle usage as equivalent to pickle usage is an important next step.
Please let me know what we can do to help.
davvid commented
Sorry, didn't notice this project is no longer maintained.
I'll look into https://github.com/facebook/pyre-check