CodeQL is a query language created in 2018 by Pavel Avgustinov.
| #394on PLDB | 6Years Old | 4kRepos |
git clone https://github.com/github/codeqlCodeQL let's you query code as if it were data.
from DataFlow::PathNode source, DataFlow::PathNode sink, UnsafeDeserializationConfig conf
where conf.hasFlowPath(source, sink)
select sink.getNode().(UnsafeDeserializationSink).getMethodAccess(), source, sink,
"Unsafe deserialization of $@.", source.getNode(), "user input"