Refactor CWE-502/UnsafeDeserialization

2026-04-30 19:26:02 +02:00 · 2023-03-16 15:41:24 -04:00
parent 434b1b35d8
commit e5f11d00a7
4 changed files with 265 additions and 125 deletions
--- a/java/ql/test/query-tests/security/CWE-502/UnsafeDeserialization.ql
+++ b/java/ql/test/query-tests/security/CWE-502/UnsafeDeserialization.ql
@@ -9,7 +9,7 @@ class UnsafeDeserializationTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "unsafeDeserialization" and
-    exists(DataFlow::Node sink, UnsafeDeserializationConfig conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | UnsafeDeserializationFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""