From ba0dbd58718e435feb42f4a426b63018bdc92f64 Mon Sep 17 00:00:00 2001
From: Marcono1234 <Marcono1234@users.noreply.github.com>
Date: Mon, 11 Oct 2021 14:29:10 +0200
Subject: [PATCH] Java: Improve IncorrectSerializableMethods.ql; address review
 comments

---
 .../Serialization/IncorrectSerializableMethods.ql     | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql b/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql
index 60c5ac30523..815245d1a7d 100644
--- a/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql	
+++ b/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql	
@@ -15,15 +15,18 @@ import java
 
 from Method m, TypeSerializable serializable, string reason
 where
+  m.fromSource() and
   m.getDeclaringType().hasSupertype+(serializable) and
   (
     m.hasStringSignature("readObject(ObjectInputStream)") or
     m.hasStringSignature("readObjectNoData()") or
-    m.hasName("writeObject(ObjectOutputStream)")
+    m.hasStringSignature("writeObject(ObjectOutputStream)")
   ) and
   (
     not m.isPrivate() and reason = "Method must be private"
-    or m.isStatic() and reason = "Method must not be static"
-    or not m.getReturnType() instanceof VoidType and reason = "Return type must be void"
+    or
+    m.isStatic() and reason = "Method must not be static"
+    or
+    not m.getReturnType() instanceof VoidType and reason = "Return type must be void"
   )
-select m, reason
+select m, "Not recognized by Java serialization framework: " + reason