cs/unsafe-deserialization-untrusted-input - deserialization flow steps

[felickz]

trafficstars

• Add csharp debugging query for partial flows
• WIP: Add flow steps for deserialization flow cs/unsafe-deserialization-untrusted-input to detect this flow
  • Queries
    • csharp/CWE-502/UnsafeDeserialization.ql
    • csharp/CWE-502/UnsafeDeserializationQuery.qll
  • Flow Steps
    • ✅ HttpContext.Request.Body
    • [x] System.Xml.XmlDocument.Load() - PR added flow step
    • [ ] XmlElement in xmlDocument.SelectNodes
    • [ ] XmlElement.GetAttribute
    • [ ] XmlSerializer type from Type.GetType()
    • [ ] XmlTextReader reader from StringReader()
    • ✅ XmlSerializer.Deserialize() on XmlTextReader

[pwntester]

This repo has been merged with the Security Lab one into the new community-codeql-packs repo which we plan to make public and promote soon. If you would like this PR to be applied to the new repo, please open a new PR there so it can get merged in the new QLPacks.