hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 22:56:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor QL to make type check more concise

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-07-11 06:13:01 +01:00
parent 439cf7a659
commit 006d77ffdd
1 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
View File

@@ -149,10 +149,7 @@ predicate unsafeDeserialization(MethodCall ma, Expr sink) {
exists(Method m | m = ma.getMethod() |
m instanceof ObjectInputStreamReadObjectMethod and
sink = ma.getQualifier() and
not exists(DataFlow::ExprNode node |
node.getExpr() = sink and
node.getTypeBound() instanceof SafeObjectInputStreamType
)
not DataFlow::exprNode(sink).getTypeBound() instanceof SafeObjectInputStreamType
or
m instanceof XmlDecoderReadObjectMethod and
sink = ma.getQualifier()