hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add JMS sink to java/unsafe-deserialization

Browse Source
This commit is contained in:
Tony Torralba
2023-10-26 16:46:19 +02:00
parent b1d4ca505d
commit 7af3d239ab
5 changed files with 29 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/test/query-tests/security/CWE-502/ObjectMessageTest.java Normal file
View File

@@ -0,0 +1,9 @@
import javax.jms.Message;
import javax.jms.MessageListener;
import javax.jms.ObjectMessage;
public class ObjectMessageTest implements MessageListener {
public void onMessage(Message message) {
((ObjectMessage) message).getObject(); // $ unsafeDeserialization
}
}