def check_deserialize result, target, arg = nil
return unless original? result
arg ||= result[:call].first_arg
method = result[:call].method
if input = has_immediate_user_input?(arg)
confidence = :high
elsif input = include_user_input?(arg)
confidence = :medium
end
if confidence
message = msg(msg_code("#{target}.#{method}"), " called with ", msg_input(input))
warn :result => result,
:warning_type => "Remote Code Execution",
:warning_code => :unsafe_deserialize,
:message => message,
:user_input => input,
:confidence => confidence,
:link_path => "unsafe_deserialization"
end
end