hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update java/ql/src/semmle/code/java/frameworks/Jackson.qll

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2021-08-02 10:16:42 +02:00
committed by GitHub
parent 7959e76da8
commit 6c973b59ac
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/semmle/code/java/frameworks/Jackson.qll
View File

@@ -156,7 +156,7 @@ predicate hasArgumentWithUnsafeJacksonAnnotation(MethodAccess call) {
/**
* Holds if `fromNode` to `toNode` is a dataflow step that looks like resolving a class.
* A method probably resolves a class if takes a string, returns a type descriptor,
* A method probably resolves a class if it takes a string, returns a type descriptor,
* and its name contains "resolve", "load", etc.
*
* Any method call that satisfies the rule above is assumed to propagate taint from its string arguments,