From 24e4b68b9cc1367b91c6bc01202f761588bba951 Mon Sep 17 00:00:00 2001
From: Artem Smotrakov <artem.smotrakov@gmail.com>
Date: Mon, 17 May 2021 20:29:27 +0200
Subject: [PATCH] Removed getAnAccess() calls for Jackson

---
 .../semmle/code/java/security/UnsafeDeserialization.qll    | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/java/ql/src/semmle/code/java/security/UnsafeDeserialization.qll b/java/ql/src/semmle/code/java/security/UnsafeDeserialization.qll
index 8d44ee571ac..1566daf3381 100644
--- a/java/ql/src/semmle/code/java/security/UnsafeDeserialization.qll
+++ b/java/ql/src/semmle/code/java/security/UnsafeDeserialization.qll
@@ -85,7 +85,7 @@ class SetPolymorphicTypeValidatorSource extends DataFlow::ExprNode {
         m.getDeclaringType() instanceof MapperBuilder and
         m.hasName("polymorphicTypeValidator")
       ) and
-      this.asExpr() = [q, q.(VarAccess).getVariable().getAnAccess()]
+      this.asExpr() = q
     )
   }
 }
@@ -185,8 +185,7 @@ class EnabledJacksonDefaultTyping extends DataFlow2::Configuration {
   EnabledJacksonDefaultTyping() { this = "EnabledJacksonDefaultTyping" }
 
   override predicate isSource(DataFlow::Node src) {
-    any(EnableJacksonDefaultTyping ma).getQualifier().(VarAccess).getVariable().getAnAccess() =
-      src.asExpr()
+    any(EnableJacksonDefaultTyping ma).getQualifier() = src.asExpr()
   }
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof ObjectMapperReadSink }
@@ -212,7 +211,7 @@ class SafeObjectMapper extends DataFlow2::Configuration {
           .(RefType)
           .hasQualifiedName("com.fasterxml.jackson.databind.json",
             ["JsonMapper$Builder", "JsonMapper"]) and
-      fromNode.asExpr() = [q, q.(VarAccess).getVariable().getAnAccess()] and
+      fromNode.asExpr() = q and
       ma = toNode.asExpr()
     )
   }