hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Fix IncorrectSerializableMethods.ql using wrong readObject signature

Browse Source
This commit is contained in:
Marcono1234
2021-10-11 01:10:08 +02:00
parent b009886664
commit 12936ff5fe
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql
View File

@@ -16,8 +16,9 @@ import java
from Method m, TypeSerializable serializable
where
m.getDeclaringType().hasSupertype+(serializable) and
m.getNumberOfParameters() = 1 and
m.getAParameter().getType().(RefType).hasQualifiedName("java.io", "ObjectOutputStream") and
(m.hasName("readObject") or m.hasName("writeObject")) and
(
m.hasStringSignature("readObject(ObjectInputStream)") or
m.hasName("writeObject(ObjectOutputStream)")
) and
not m.isPrivate()
select m, "readObject and writeObject should be private methods."