hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
Artem Smotrakov
2021-07-19 11:45:56 +02:00
committed by Artem Smotrakov
parent c367c7e33b
commit e02530749b
3 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/src/semmle/code/java/frameworks/JacksonQuery.qll
View File

@@ -5,7 +5,6 @@
import java import java
import semmle.code.java.Reflection import semmle.code.java.Reflection
import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.dataflow.TaintTracking2 import semmle.code.java.dataflow.TaintTracking2
private class ObjectMapper extends RefType { private class ObjectMapper extends RefType {

1
java/ql/src/semmle/code/java/security/UnsafeDeserializationQuery.qll
View File

@@ -1,5 +1,4 @@
import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking2
import semmle.code.java.frameworks.Kryo import semmle.code.java.frameworks.Kryo
import semmle.code.java.frameworks.XStream import semmle.code.java.frameworks.XStream
import semmle.code.java.frameworks.SnakeYaml import semmle.code.java.frameworks.SnakeYaml

4
java/ql/test/query-tests/security/CWE-502/UnsafeDeserialization.ql
View File

@@ -9,8 +9,8 @@ class UnsafeDeserializationTest extends InlineExpectationsTest {
override predicate hasActualResult(Location location, string element, string tag, string value) { override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "unsafeDeserialization" and tag = "unsafeDeserialization" and
exists(DataFlow::Node src, DataFlow::Node sink, UnsafeDeserializationConfig conf | exists(DataFlow::Node sink, UnsafeDeserializationConfig conf |
conf.hasFlow(src, sink) conf.hasFlowTo(sink)
| |
sink.getLocation() = location and sink.getLocation() = location and
element = sink.toString() and element = sink.toString() and