Untrusted data is not dynamically executed or unsafely deserialized
sec-002
Intent
Keep attacker-controlled data from becoming executable code, type metadata, or rich object graphs with dangerous behavior.
Applicability
Applies when the diff evaluates runtime code, deserializes non-trivial objects, loads YAML or similar rich formats, or uses deserialization APIs on external or semi-trusted input. Return unknown when loader choice is hidden behind wrappers.
What to inspect
eval-style APIs, object deserializers, unsafe YAML loaders, JNDI-like remote object lookups, and type-selection logic derived from input.
Pass criteria
External data is parsed as data through safe fixed-contract formats, and dynamic execution is avoided on untrusted paths.
Fail criteria
Untrusted data reaches eval, exec, new Function, unsafe object deserializers, remote lookup mechanisms that rehydrate objects, or attacker-controlled type metadata.
Do not flag
Trusted offline tooling with repository-owned input. Build-time code generation. Safe DTO binding. Serialization-only code with no unsafe deserialization path.
Confidence guidance
HIGH when the unsafe API and untrusted input path are directly visible. MEDIUM when trust level is inferred. LOW when loader choice is hidden.
Remediation
Use safe schema-driven formats, safe loaders, and explicit dispatch tables. Keep untrusted data as data, not code.
Pass example
payload = json.loads(body)
Fail example
payload = pickle.loads(body)