hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

hasJsonTypeInfoAnnotation() should check fields recursively

Browse Source 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
This commit is contained in:
Fosstars
2021-07-30 08:30:40 +02:00
parent 83a9b0ee28
commit 1d3eb570bf
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/semmle/code/java/frameworks/Jackson.qll
View File

@@ -27,7 +27,7 @@ private class JsonParser extends RefType {
JsonParser() { hasQualifiedName("com.fasterxml.jackson.core", "JsonParser") }
}
/** A type descriptor in Jackson libraries. */
/** A type descriptor in Jackson libraries. For example, `java.lang.Class`. */
class JacksonTypeDescriptorType extends RefType {
JacksonTypeDescriptorType() {
this instanceof TypeClass or
@@ -128,7 +128,7 @@ predicate createJacksonTreeNodeStep(DataFlow::Node fromNode, DataFlow::Node toNo
*/
private predicate hasJsonTypeInfoAnnotation(RefType type) {
hasFieldWithJsonTypeAnnotation(type.getASupertype*()) or
hasFieldWithJsonTypeAnnotation(type.getAField().getType())
hasJsonTypeInfoAnnotation(type.getAField().getType())
}
/**