hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

change name

Browse Source
This commit is contained in:
haby0
2021-06-16 11:29:37 +08:00
parent d6782767b7
commit 9badd7aa27
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/semmle/code/java/frameworks/Castor.qll
View File

@@ -12,8 +12,8 @@ class CastorUnmarshaller extends RefType {
}
/** A method with the name `unmarshal` declared in `org.exolab.castor.xml.Unmarshaller`. */
class UnmarshalMethod extends Method {
UnmarshalMethod() {
class CastorUnmarshalMethod extends Method {
CastorUnmarshalMethod() {
this.getDeclaringType() instanceof CastorUnmarshaller and
this.getName() = "unmarshal"
}

2
java/ql/src/semmle/code/java/security/UnsafeDeserialization.qll
View File

@@ -100,7 +100,7 @@ predicate unsafeDeserialization(MethodAccess ma, Expr sink) {
or
ma.getMethod() instanceof UnsafeHessianInputReadObjectMethod and sink = ma.getQualifier()
or
ma.getMethod() instanceof UnmarshalMethod and sink = ma.getAnArgument()
ma.getMethod() instanceof CastorUnmarshalMethod and sink = ma.getAnArgument()
or
ma.getMethod() instanceof BurlapInputReadObjectMethod and sink = ma.getQualifier()
)