From 6ecbdfc5cc53313e6a1a3c5b268e525f5902e1a5 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Thu, 26 Mar 2026 09:12:20 +0000
Subject: [PATCH] fix: resolve CodeQL alert #34 - Deserialization of
 user-controlled data

---
 vulnerable_deserialization.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vulnerable_deserialization.py b/vulnerable_deserialization.py
index 4d443d1..9d48693 100644
--- a/vulnerable_deserialization.py
+++ b/vulnerable_deserialization.py
@@ -1,4 +1,4 @@
-import pickle
+import json
 import yaml
 import marshal
 from flask import Flask, request
@@ -9,7 +9,7 @@
 def load_data():
     data = request.data
     
-    obj = pickle.loads(data)
+    obj = json.loads(data)
     
     return str(obj)