codeql Ruby: treat `Psych` and `YAML` as aliases for rb/unsafe-deserialization

Ruby: treat `Psych` and `YAML` as aliases for rb/unsafe-deserialization

Open alexrford opened this issue 3 years ago • 0 comments

trafficstars

In semi-recent versions of ruby the YAML module is an alias of Psych. https://ruby-doc.com/stdlib-3.0.1/libdoc/yaml/rdoc/YAML.html

Sep 23 '22 14:09 alexrford