From 1d3eb570bf1d6012fa791c2e020b3983c76ff01d Mon Sep 17 00:00:00 2001
From: Fosstars <artem.smotrakov@gmail.com>
Date: Fri, 30 Jul 2021 08:30:40 +0200
Subject: [PATCH] hasJsonTypeInfoAnnotation() should check fields recursively

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
---
 java/ql/src/semmle/code/java/frameworks/Jackson.qll | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/java/ql/src/semmle/code/java/frameworks/Jackson.qll b/java/ql/src/semmle/code/java/frameworks/Jackson.qll
index c501cb35da7..a84fcec42b8 100644
--- a/java/ql/src/semmle/code/java/frameworks/Jackson.qll
+++ b/java/ql/src/semmle/code/java/frameworks/Jackson.qll
@@ -27,7 +27,7 @@ private class JsonParser extends RefType {
   JsonParser() { hasQualifiedName("com.fasterxml.jackson.core", "JsonParser") }
 }
 
-/** A type descriptor in Jackson libraries. */
+/** A type descriptor in Jackson libraries. For example, `java.lang.Class`. */
 class JacksonTypeDescriptorType extends RefType {
   JacksonTypeDescriptorType() {
     this instanceof TypeClass or
@@ -128,7 +128,7 @@ predicate createJacksonTreeNodeStep(DataFlow::Node fromNode, DataFlow::Node toNo
  */
 private predicate hasJsonTypeInfoAnnotation(RefType type) {
   hasFieldWithJsonTypeAnnotation(type.getASupertype*()) or
-  hasFieldWithJsonTypeAnnotation(type.getAField().getType())
+  hasJsonTypeInfoAnnotation(type.getAField().getType())
 }
 
 /**