From 6c8a016ca609a42c6e4825e46d694fbbdab83626 Mon Sep 17 00:00:00 2001 From: yo-h <55373593+yo-h@users.noreply.github.com> Date: Sat, 9 May 2020 20:51:02 -0400 Subject: [PATCH] Java: add missing QLDoc for `JacksonSerializability.qll` --- .../frameworks/jackson/JacksonSerializability.qll | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll b/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll index 406cf35dcf7..99d73367162 100644 --- a/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll +++ b/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll @@ -9,6 +9,9 @@ import semmle.code.java.Reflection import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.DataFlow5 +/** + * A `@com.fasterxml.jackson.annotation.JsonIgnore` annoation. + */ class JacksonJSONIgnoreAnnotation extends NonReflectiveAnnotation { JacksonJSONIgnoreAnnotation() { exists(AnnotationType anntp | anntp = this.getType() | @@ -17,6 +20,7 @@ class JacksonJSONIgnoreAnnotation extends NonReflectiveAnnotation { } } +/** A type whose values may be serialized using the Jackson JSON framework. */ abstract class JacksonSerializableType extends Type { } /** @@ -34,6 +38,7 @@ library class JacksonWriteValueMethod extends Method { } } +/** A type whose values are explicitly serialized in a call to a Jackson method. */ library class ExplicitlyWrittenJacksonSerializableType extends JacksonSerializableType { ExplicitlyWrittenJacksonSerializableType() { exists(MethodAccess ma | @@ -45,12 +50,14 @@ library class ExplicitlyWrittenJacksonSerializableType extends JacksonSerializab } } +/** A type used in a `JacksonSerializableField` declaration. */ library class FieldReferencedJacksonSerializableType extends JacksonSerializableType { FieldReferencedJacksonSerializableType() { exists(JacksonSerializableField f | usesType(f.getType(), this)) } } +/** A type whose values may be deserialized by the Jackson JSON framework. */ abstract class JacksonDeserializableType extends Type { } private class TypeLiteralToJacksonDatabindFlowConfiguration extends DataFlow5::Configuration { @@ -76,6 +83,7 @@ private class TypeLiteralToJacksonDatabindFlowConfiguration extends DataFlow5::C TypeLiteral getSourceWithFlowToJacksonDatabind() { hasFlow(DataFlow::exprNode(result), _) } } +/** A type whose values are explicitly deserialized in a call to a Jackson method. */ library class ExplicitlyReadJacksonDeserializableType extends JacksonDeserializableType { ExplicitlyReadJacksonDeserializableType() { exists(TypeLiteralToJacksonDatabindFlowConfiguration conf | @@ -84,12 +92,14 @@ library class ExplicitlyReadJacksonDeserializableType extends JacksonDeserializa } } +/** A type used in a `JacksonDeserializableField` declaration. */ library class FieldReferencedJacksonDeSerializableType extends JacksonDeserializableType { FieldReferencedJacksonDeSerializableType() { exists(JacksonDeserializableField f | usesType(f.getType(), this)) } } +/** A field that may be serialized using the Jackson JSON framework. */ class JacksonSerializableField extends SerializableField { JacksonSerializableField() { exists(JacksonSerializableType superType | @@ -101,6 +111,7 @@ class JacksonSerializableField extends SerializableField { } } +/** A field that may be deserialized using the Jackson JSON framework. */ class JacksonDeserializableField extends DeserializableField { JacksonDeserializableField() { exists(JacksonDeserializableType superType | @@ -183,6 +194,7 @@ class JacksonMixinType extends ClassOrInterface { } } +/** A callable used as a Jackson mixin callable. */ class JacksonMixedInCallable extends Callable { JacksonMixedInCallable() { exists(JacksonMixinType mixinType | this = mixinType.getAMixedInCallable())