semgrep-rules
semgrep-rules copied to clipboard
[Security] Added edge cases for tainted pickle deserialization
- Added
pattern-not
conditions to exclude safe usage patterns and minimize false positives. - Added new test cases to cover a wider range of scenarios, including both vulnerable and safe usage patterns.
The patterns like pickle.load(pickle.dumps(...))
are added to pattern-not
to avoid false positives in situations where the data being deserialized is explicitly serialized using pickle.dumps() within the same codebase.