UnsafeDeserialization: add missing getASelectedSinkLocation override

This fixes the failing diff-informed consistency check.
2026-03-02 05:43:54 +01:00 · 2025-06-24 15:36:43 +02:00
parent e213e3fc37
commit b2cb585bf2
1 changed files with 4 additions and 0 deletions
--- a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
@@ -323,6 +323,10 @@ private module UnsafeDeserializationConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node node) { isUnsafeDeserializationSanitizer(node) }

  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    result = sink.(UnsafeDeserializationSink).getMethodCall().getLocation()
+  }
 }

 module UnsafeDeserializationFlow = TaintTracking::Global<UnsafeDeserializationConfig>;