Apply suggestions from code review

Co-authored-by: Chris Smowton <smowton@github.com>
2026-03-23 16:06:47 +01:00 · 2021-07-19 11:45:56 +02:00
parent c367c7e33b
commit e02530749b
3 changed files with 2 additions and 4 deletions
--- a/java/ql/src/semmle/code/java/frameworks/JacksonQuery.qll
+++ b/java/ql/src/semmle/code/java/frameworks/JacksonQuery.qll
@@ -5,7 +5,6 @@
 import java
 import semmle.code.java.Reflection
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.TaintTracking2

 private class ObjectMapper extends RefType {
--- a/java/ql/src/semmle/code/java/security/UnsafeDeserializationQuery.qll
+++ b/java/ql/src/semmle/code/java/security/UnsafeDeserializationQuery.qll
@@ -1,5 +1,4 @@
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 import semmle.code.java.frameworks.Kryo
 import semmle.code.java.frameworks.XStream
 import semmle.code.java.frameworks.SnakeYaml
--- a/java/ql/test/query-tests/security/CWE-502/UnsafeDeserialization.ql
+++ b/java/ql/test/query-tests/security/CWE-502/UnsafeDeserialization.ql
@@ -9,8 +9,8 @@ class UnsafeDeserializationTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "unsafeDeserialization" and
-    exists(DataFlow::Node src, DataFlow::Node sink, UnsafeDeserializationConfig conf |
-      conf.hasFlow(src, sink)
+    exists(DataFlow::Node sink, UnsafeDeserializationConfig conf |
+      conf.hasFlowTo(sink)
    |
      sink.getLocation() = location and
      element = sink.toString() and