hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Improve IncorrectSerializableMethods.ql; address review comments

Browse Source
This commit is contained in:
Marcono1234
2021-10-11 14:29:10 +02:00
parent a7670fbcab
commit ba0dbd5871
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql
View File

@@ -15,15 +15,18 @@ import java
from Method m, TypeSerializable serializable, string reason
where
m.fromSource() and
m.getDeclaringType().hasSupertype+(serializable) and
(
m.hasStringSignature("readObject(ObjectInputStream)") or
m.hasStringSignature("readObjectNoData()") or
m.hasName("writeObject(ObjectOutputStream)")
m.hasStringSignature("writeObject(ObjectOutputStream)")
) and
(
not m.isPrivate() and reason = "Method must be private"
or m.isStatic() and reason = "Method must not be static"
or not m.getReturnType() instanceof VoidType and reason = "Return type must be void"
or
m.isStatic() and reason = "Method must not be static"
or
not m.getReturnType() instanceof VoidType and reason = "Return type must be void"
)
select m, reason
select m, "Not recognized by Java serialization framework: " + reason