Fix SnakeYaml query to account for Yaml subclasses and compose methods

2026-04-29 10:45:15 +02:00 · 2020-10-28 14:52:14 +01:00
parent c28856d3dc
commit a57308a519
1 changed files with 2 additions and 2 deletions
--- a/java/ql/src/semmle/code/java/frameworks/SnakeYaml.qll
+++ b/java/ql/src/semmle/code/java/frameworks/SnakeYaml.qll
@@ -39,7 +39,7 @@ class SafeSnakeYamlConstruction extends ClassInstanceExpr {
 * The class `org.yaml.snakeyaml.Yaml`.
 */
 class Yaml extends RefType {
-  Yaml() { this.hasQualifiedName("org.yaml.snakeyaml", "Yaml") }
+  Yaml() { this.getASupertype*().hasQualifiedName("org.yaml.snakeyaml", "Yaml") }
 }

 private class SafeYamlConstructionFlowConfig extends DataFlow2::Configuration {
@@ -71,7 +71,7 @@ private class SnakeYamlParse extends MethodAccess {
  SnakeYamlParse() {
    exists(Method m |
      m.getDeclaringType() instanceof Yaml and
-      (m.hasName("load") or m.hasName("loadAll") or m.hasName("loadAs") or m.hasName("parse")) and
+      (m.hasName("compose") or m.hasName("composeAll") or m.hasName("load") or m.hasName("loadAll") or m.hasName("loadAs") or m.hasName("parse")) and
      m = this.getMethod()
    )
  }