From 03078603bf6fa8e4c8783f7adbb65c0fad0450f9 Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Thu, 30 Mar 2023 11:24:33 -0400
Subject: [PATCH] Reinstate private markers on additional predicates

---
 .../code/java/security/UnsafeDeserializationQuery.qll     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
index b6d78b6318e..af998cdc6b7 100644
--- a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
@@ -75,7 +75,7 @@ private module SafeKryoConfig implements DataFlow::ConfigSig {
    * Holds when a functional expression is used to create a `KryoPool.Builder`.
    * Eg. `new KryoPool.Builder(() -> new Kryo())`
    */
-  additional predicate stepKryoPoolBuilderFactoryArgToConstructor(
+  private predicate stepKryoPoolBuilderFactoryArgToConstructor(
     DataFlow::Node node1, DataFlow::Node node2
   ) {
     exists(ConstructorCall cc, FunctionalExpr fe |
@@ -90,7 +90,7 @@ private module SafeKryoConfig implements DataFlow::ConfigSig {
    * Holds when a `KryoPool.run` is called to use a `Kryo` instance.
    * Eg. `pool.run(kryo -> ...)`
    */
-  additional predicate stepKryoPoolRunMethodAccessQualifierToFunctionalArgument(
+  private predicate stepKryoPoolRunMethodAccessQualifierToFunctionalArgument(
     DataFlow::Node node1, DataFlow::Node node2
   ) {
     exists(MethodAccess ma |
@@ -103,7 +103,7 @@ private module SafeKryoConfig implements DataFlow::ConfigSig {
   /**
    * Holds when a `KryoPool.Builder` method is called fluently.
    */
-  additional predicate stepKryoPoolBuilderChainMethod(DataFlow::Node node1, DataFlow::Node node2) {
+  private predicate stepKryoPoolBuilderChainMethod(DataFlow::Node node1, DataFlow::Node node2) {
     exists(MethodAccess ma |
       ma.getMethod() instanceof KryoPoolBuilderMethod and
       ma = node2.asExpr() and
@@ -114,7 +114,7 @@ private module SafeKryoConfig implements DataFlow::ConfigSig {
   /**
    * Holds when a `KryoPool.borrow` method is called.
    */
-  additional predicate stepKryoPoolBorrowMethod(DataFlow::Node node1, DataFlow::Node node2) {
+  private predicate stepKryoPoolBorrowMethod(DataFlow::Node node1, DataFlow::Node node2) {
     exists(MethodAccess ma |
       ma.getMethod() =
         any(Method m | m.getDeclaringType() instanceof KryoPool and m.hasName("borrow")) and