hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll

Browse Source 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
This commit is contained in:
Jonathan Leitschuh
2021-05-12 08:58:01 -04:00
committed by GitHub
parent 5a68ac88ef
commit 48b50f93c2
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
View File

@@ -53,7 +53,10 @@ private class JacksonWriteValueMethod extends Method, TaintPreservingCallable {
private class JacksonReadValueMethod extends Method, TaintPreservingCallable {
JacksonReadValueMethod() {
getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectReader") and
(
getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectReader") or
getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectMapper")
) and
hasName(["readValue", "readValues"])
}