#select
| A.java:19:12:19:26 | readObject(...) | A.java:17:31:17:51 | getInputStream(...) : InputStream | A.java:19:12:19:13 | in | Unsafe deserialization depends on a $@. | A.java:17:31:17:51 | getInputStream(...) | user-provided value |
| A.java:24:12:24:35 | readObject(...) | A.java:23:31:23:55 | getTaintedObjectInput(...) : ObjectInput | A.java:24:12:24:22 | objectInput | Unsafe deserialization depends on a $@. | A.java:23:31:23:55 | getTaintedObjectInput(...) | user-provided value |
| A.java:29:12:29:35 | readObject(...) | A.java:28:33:28:59 | getTaintedMyObjectInput(...) : MyObjectInput | A.java:29:12:29:22 | objectInput | Unsafe deserialization depends on a $@. | A.java:28:33:28:59 | getTaintedMyObjectInput(...) | user-provided value |
| A.java:35:12:35:28 | readUnshared(...) | A.java:33:31:33:51 | getInputStream(...) : InputStream | A.java:35:12:35:13 | in | Unsafe deserialization depends on a $@. | A.java:33:31:33:51 | getInputStream(...) | user-provided value |
| A.java:47:12:47:25 | readObject(...) | A.java:45:31:45:51 | getInputStream(...) : InputStream | A.java:47:12:47:12 | d | Unsafe deserialization depends on a $@. | A.java:45:31:45:51 | getInputStream(...) | user-provided value |
| A.java:54:12:54:29 | fromXML(...) | A.java:52:31:52:51 | getInputStream(...) : InputStream | A.java:54:23:54:28 | reader | Unsafe deserialization depends on a $@. | A.java:52:31:52:51 | getInputStream(...) | user-provided value |
| A.java:60:12:60:42 | readObject(...) | A.java:59:29:59:49 | getInputStream(...) : InputStream | A.java:60:28:60:32 | input | Unsafe deserialization depends on a $@. | A.java:59:29:59:49 | getInputStream(...) | user-provided value |
| A.java:61:12:61:48 | readObjectOrNull(...) | A.java:59:29:59:49 | getInputStream(...) : InputStream | A.java:61:34:61:38 | input | Unsafe deserialization depends on a $@. | A.java:59:29:59:49 | getInputStream(...) | user-provided value |
| A.java:62:16:62:45 | readClassAndObject(...) | A.java:59:29:59:49 | getInputStream(...) : InputStream | A.java:62:40:62:44 | input | Unsafe deserialization depends on a $@. | A.java:59:29:59:49 | getInputStream(...) | user-provided value |
| A.java:81:16:81:31 | load(...) | A.java:80:25:80:45 | getInputStream(...) : InputStream | A.java:81:26:81:30 | input | Unsafe deserialization depends on a $@. | A.java:80:25:80:45 | getInputStream(...) | user-provided value |
| A.java:82:17:82:35 | loadAll(...) | A.java:80:25:80:45 | getInputStream(...) : InputStream | A.java:82:30:82:34 | input | Unsafe deserialization depends on a $@. | A.java:80:25:80:45 | getInputStream(...) | user-provided value |
| A.java:83:17:83:56 | parse(...) | A.java:80:25:80:45 | getInputStream(...) : InputStream | A.java:83:28:83:55 | new InputStreamReader(...) | Unsafe deserialization depends on a $@. | A.java:80:25:80:45 | getInputStream(...) | user-provided value |
| A.java:84:12:84:38 | loadAs(...) | A.java:80:25:80:45 | getInputStream(...) : InputStream | A.java:84:24:84:28 | input | Unsafe deserialization depends on a $@. | A.java:80:25:80:45 | getInputStream(...) | user-provided value |
| A.java:85:12:85:61 | loadAs(...) | A.java:80:25:80:45 | getInputStream(...) : InputStream | A.java:85:24:85:51 | new InputStreamReader(...) | Unsafe deserialization depends on a $@. | A.java:80:25:80:45 | getInputStream(...) | user-provided value |
| A.java:91:16:91:31 | load(...) | A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:91:26:91:30 | input | Unsafe deserialization depends on a $@. | A.java:90:25:90:45 | getInputStream(...) | user-provided value |
| A.java:92:17:92:35 | loadAll(...) | A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:92:30:92:34 | input | Unsafe deserialization depends on a $@. | A.java:90:25:90:45 | getInputStream(...) | user-provided value |
| A.java:93:17:93:56 | parse(...) | A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:93:28:93:55 | new InputStreamReader(...) | Unsafe deserialization depends on a $@. | A.java:90:25:90:45 | getInputStream(...) | user-provided value |
| A.java:94:12:94:38 | loadAs(...) | A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:94:24:94:28 | input | Unsafe deserialization depends on a $@. | A.java:90:25:90:45 | getInputStream(...) | user-provided value |
| A.java:95:12:95:61 | loadAs(...) | A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:95:24:95:51 | new InputStreamReader(...) | Unsafe deserialization depends on a $@. | A.java:90:25:90:45 | getInputStream(...) | user-provided value |
| A.java:111:16:111:31 | load(...) | A.java:110:25:110:45 | getInputStream(...) : InputStream | A.java:111:26:111:30 | input | Unsafe deserialization depends on a $@. | A.java:110:25:110:45 | getInputStream(...) | user-provided value |
| A.java:112:17:112:35 | loadAll(...) | A.java:110:25:110:45 | getInputStream(...) : InputStream | A.java:112:30:112:34 | input | Unsafe deserialization depends on a $@. | A.java:110:25:110:45 | getInputStream(...) | user-provided value |
| A.java:113:17:113:56 | parse(...) | A.java:110:25:110:45 | getInputStream(...) : InputStream | A.java:113:28:113:55 | new InputStreamReader(...) | Unsafe deserialization depends on a $@. | A.java:110:25:110:45 | getInputStream(...) | user-provided value |
| A.java:114:12:114:38 | loadAs(...) | A.java:110:25:110:45 | getInputStream(...) : InputStream | A.java:114:24:114:28 | input | Unsafe deserialization depends on a $@. | A.java:110:25:110:45 | getInputStream(...) | user-provided value |
| A.java:115:12:115:61 | loadAs(...) | A.java:110:25:110:45 | getInputStream(...) : InputStream | A.java:115:24:115:51 | new InputStreamReader(...) | Unsafe deserialization depends on a $@. | A.java:110:25:110:45 | getInputStream(...) | user-provided value |
| B.java:8:12:8:46 | parseObject(...) | B.java:7:31:7:51 | getInputStream(...) : InputStream | B.java:8:29:8:39 | inputStream | Unsafe deserialization depends on a $@. | B.java:7:31:7:51 | getInputStream(...) | user-provided value |
| B.java:15:12:15:28 | parse(...) | B.java:12:31:12:51 | getInputStream(...) : InputStream | B.java:15:23:15:27 | bytes | Unsafe deserialization depends on a $@. | B.java:12:31:12:51 | getInputStream(...) | user-provided value |
| B.java:23:12:23:30 | parseObject(...) | B.java:19:31:19:51 | getInputStream(...) : InputStream | B.java:23:29:23:29 | s | Unsafe deserialization depends on a $@. | B.java:19:31:19:51 | getInputStream(...) | user-provided value |
| B.java:31:12:31:24 | parse(...) | B.java:27:31:27:51 | getInputStream(...) : InputStream | B.java:31:23:31:23 | s | Unsafe deserialization depends on a $@. | B.java:27:31:27:51 | getInputStream(...) | user-provided value |
| C.java:24:3:24:17 | load(...) | C.java:23:17:23:44 | getParameter(...) : String | C.java:24:13:24:16 | data | Unsafe deserialization depends on a $@. | C.java:23:17:23:44 | getParameter(...) | user-provided value |
| C.java:25:3:25:23 | loadStream(...) | C.java:23:17:23:44 | getParameter(...) : String | C.java:25:19:25:22 | data | Unsafe deserialization depends on a $@. | C.java:23:17:23:44 | getParameter(...) | user-provided value |
| C.java:26:3:26:43 | loadStreamOfType(...) | C.java:23:17:23:44 | getParameter(...) : String | C.java:26:25:26:28 | data | Unsafe deserialization depends on a $@. | C.java:23:17:23:44 | getParameter(...) | user-provided value |
| C.java:27:3:27:35 | loadType(...) | C.java:23:17:23:44 | getParameter(...) : String | C.java:27:17:27:20 | data | Unsafe deserialization depends on a $@. | C.java:23:17:23:44 | getParameter(...) | user-provided value |
| C.java:30:3:30:23 | load(...) | C.java:23:17:23:44 | getParameter(...) : String | C.java:30:19:30:22 | data | Unsafe deserialization depends on a $@. | C.java:23:17:23:44 | getParameter(...) | user-provided value |
| C.java:31:3:31:29 | loadStream(...) | C.java:23:17:23:44 | getParameter(...) : String | C.java:31:25:31:28 | data | Unsafe deserialization depends on a $@. | C.java:23:17:23:44 | getParameter(...) | user-provided value |
| C.java:32:3:32:49 | loadStreamOfType(...) | C.java:23:17:23:44 | getParameter(...) : String | C.java:32:31:32:34 | data | Unsafe deserialization depends on a $@. | C.java:23:17:23:44 | getParameter(...) | user-provided value |
| C.java:33:3:33:41 | loadType(...) | C.java:23:17:23:44 | getParameter(...) : String | C.java:33:23:33:26 | data | Unsafe deserialization depends on a $@. | C.java:23:17:23:44 | getParameter(...) | user-provided value |
| C.java:43:3:43:29 | jsonToJava(...) | C.java:38:17:38:44 | getParameter(...) : String | C.java:43:25:43:28 | data | Unsafe deserialization depends on a $@. | C.java:38:17:38:44 | getParameter(...) | user-provided value |
| C.java:46:3:46:17 | readObject(...) | C.java:38:17:38:44 | getParameter(...) : String | C.java:46:3:46:4 | jr | Unsafe deserialization depends on a $@. | C.java:38:17:38:44 | getParameter(...) | user-provided value |
| C.java:53:3:53:10 | read(...) | C.java:51:17:51:44 | getParameter(...) : String | C.java:53:3:53:3 | r | Unsafe deserialization depends on a $@. | C.java:51:17:51:44 | getParameter(...) | user-provided value |
| C.java:54:3:54:22 | read(...) | C.java:51:17:51:44 | getParameter(...) : String | C.java:54:3:54:3 | r | Unsafe deserialization depends on a $@. | C.java:51:17:51:44 | getParameter(...) | user-provided value |
| C.java:55:3:55:36 | read(...) | C.java:51:17:51:44 | getParameter(...) : String | C.java:55:3:55:3 | r | Unsafe deserialization depends on a $@. | C.java:51:17:51:44 | getParameter(...) | user-provided value |
| C.java:63:3:63:27 | readObject(...) | C.java:60:18:60:45 | getParameter(...) : String | C.java:63:3:63:14 | hessianInput | Unsafe deserialization depends on a $@. | C.java:60:18:60:45 | getParameter(...) | user-provided value |
| C.java:64:3:64:39 | readObject(...) | C.java:60:18:60:45 | getParameter(...) : String | C.java:64:3:64:14 | hessianInput | Unsafe deserialization depends on a $@. | C.java:60:18:60:45 | getParameter(...) | user-provided value |
| C.java:72:3:72:27 | readObject(...) | C.java:69:18:69:45 | getParameter(...) : String | C.java:72:3:72:14 | hessianInput | Unsafe deserialization depends on a $@. | C.java:69:18:69:45 | getParameter(...) | user-provided value |
| C.java:73:3:73:39 | readObject(...) | C.java:69:18:69:45 | getParameter(...) : String | C.java:73:3:73:14 | hessianInput | Unsafe deserialization depends on a $@. | C.java:69:18:69:45 | getParameter(...) | user-provided value |
| C.java:79:3:79:72 | unmarshal(...) | C.java:79:43:79:70 | getParameter(...) : String | C.java:79:26:79:71 | new StringReader(...) | Unsafe deserialization depends on a $@. | C.java:79:43:79:70 | getParameter(...) | user-provided value |
| C.java:87:3:87:26 | readObject(...) | C.java:84:27:84:54 | getParameter(...) : String | C.java:87:3:87:13 | burlapInput | Unsafe deserialization depends on a $@. | C.java:84:27:84:54 | getParameter(...) | user-provided value |
| C.java:91:3:91:27 | readObject(...) | C.java:84:27:84:54 | getParameter(...) : String | C.java:91:3:91:14 | burlapInput1 | Unsafe deserialization depends on a $@. | C.java:84:27:84:54 | getParameter(...) | user-provided value |
| FlexjsonServlet.java:36:28:36:68 | deserialize(...) | FlexjsonServlet.java:36:53:36:67 | getReader(...) | FlexjsonServlet.java:36:53:36:67 | getReader(...) | Unsafe deserialization depends on a $@. | FlexjsonServlet.java:36:53:36:67 | getReader(...) | user-provided value |
| FlexjsonServlet.java:44:28:44:68 | deserialize(...) | FlexjsonServlet.java:44:53:44:67 | getReader(...) | FlexjsonServlet.java:44:53:44:67 | getReader(...) | Unsafe deserialization depends on a $@. | FlexjsonServlet.java:44:53:44:67 | getReader(...) | user-provided value |
| FlexjsonServlet.java:52:28:52:82 | deserialize(...) | FlexjsonServlet.java:52:53:52:67 | getReader(...) | FlexjsonServlet.java:52:53:52:67 | getReader(...) | Unsafe deserialization depends on a $@. | FlexjsonServlet.java:52:53:52:67 | getReader(...) | user-provided value |
| FlexjsonServlet.java:68:25:68:131 | deserialize(...) | FlexjsonServlet.java:67:23:67:46 | getParameter(...) : String | FlexjsonServlet.java:68:127:68:130 | json | Unsafe deserialization depends on a $@. | FlexjsonServlet.java:67:23:67:46 | getParameter(...) | user-provided value |
| FlexjsonServlet.java:80:25:80:97 | deserialize(...) | FlexjsonServlet.java:79:23:79:46 | getParameter(...) : String | FlexjsonServlet.java:80:93:80:96 | json | Unsafe deserialization depends on a $@. | FlexjsonServlet.java:79:23:79:46 | getParameter(...) | user-provided value |
| FlexjsonServlet.java:124:25:124:54 | deserialize(...) | FlexjsonServlet.java:119:23:119:46 | getParameter(...) : String | FlexjsonServlet.java:124:50:124:53 | json | Unsafe deserialization depends on a $@. | FlexjsonServlet.java:119:23:119:46 | getParameter(...) | user-provided value |
| GsonServlet.java:44:26:44:66 | fromJson(...) | GsonServlet.java:39:23:39:46 | getParameter(...) : String | GsonServlet.java:44:40:44:43 | json | Unsafe deserialization depends on a $@. | GsonServlet.java:39:23:39:46 | getParameter(...) | user-provided value |
| GsonServlet.java:60:26:60:66 | fromJson(...) | GsonServlet.java:53:23:53:46 | getParameter(...) : String | GsonServlet.java:60:40:60:43 | json | Unsafe deserialization depends on a $@. | GsonServlet.java:53:23:53:46 | getParameter(...) | user-provided value |
| JabsorbServlet.java:102:32:102:93 | unmarshall(...) | JabsorbServlet.java:89:23:89:46 | getParameter(...) : String | JabsorbServlet.java:102:83:102:92 | jsonObject | Unsafe deserialization depends on a $@. | JabsorbServlet.java:89:23:89:46 | getParameter(...) | user-provided value |
| JabsorbServlet.java:116:32:116:56 | fromJSON(...) | JabsorbServlet.java:110:23:110:46 | getParameter(...) : String | JabsorbServlet.java:116:52:116:55 | json | Unsafe deserialization depends on a $@. | JabsorbServlet.java:110:23:110:46 | getParameter(...) | user-provided value |
| JacksonTest.java:76:13:76:50 | readValue(...) | JacksonTest.java:20:25:20:47 | getInputStream(...) : InputStream | JacksonTest.java:76:30:76:35 | string | Unsafe deserialization depends on a $@. | JacksonTest.java:20:25:20:47 | getInputStream(...) | user-provided value |
| JacksonTest.java:85:13:85:52 | readValue(...) | JacksonTest.java:20:25:20:47 | getInputStream(...) : InputStream | JacksonTest.java:85:30:85:35 | string | Unsafe deserialization depends on a $@. | JacksonTest.java:20:25:20:47 | getInputStream(...) | user-provided value |
| JacksonTest.java:94:13:94:48 | readValue(...) | JacksonTest.java:20:25:20:47 | getInputStream(...) : InputStream | JacksonTest.java:94:30:94:35 | string | Unsafe deserialization depends on a $@. | JacksonTest.java:20:25:20:47 | getInputStream(...) | user-provided value |
| JacksonTest.java:142:13:142:47 | readValue(...) | JacksonTest.java:20:25:20:47 | getInputStream(...) : InputStream | JacksonTest.java:142:30:142:35 | string | Unsafe deserialization depends on a $@. | JacksonTest.java:20:25:20:47 | getInputStream(...) | user-provided value |
| JacksonTest.java:151:13:151:80 | readValues(...) | JacksonTest.java:20:25:20:47 | getInputStream(...) : InputStream | JacksonTest.java:151:31:151:68 | createParser(...) | Unsafe deserialization depends on a $@. | JacksonTest.java:20:25:20:47 | getInputStream(...) | user-provided value |
| JacksonTest.java:160:13:160:66 | treeToValue(...) | JacksonTest.java:20:25:20:47 | getInputStream(...) : InputStream | JacksonTest.java:160:32:160:54 | readTree(...) | Unsafe deserialization depends on a $@. | JacksonTest.java:20:25:20:47 | getInputStream(...) | user-provided value |
| JacksonTest.java:172:13:172:41 | readValue(...) | JacksonTest.java:20:25:20:47 | getInputStream(...) : InputStream | JacksonTest.java:172:30:172:33 | data | Unsafe deserialization depends on a $@. | JacksonTest.java:20:25:20:47 | getInputStream(...) | user-provided value |
| JacksonTest.java:183:13:183:61 | readValue(...) | JacksonTest.java:20:25:20:47 | getInputStream(...) : InputStream | JacksonTest.java:183:30:183:33 | data | Unsafe deserialization depends on a $@. | JacksonTest.java:20:25:20:47 | getInputStream(...) | user-provided value |
| JoddJsonServlet.java:45:24:45:47 | parse(...) | JoddJsonServlet.java:32:23:32:46 | getParameter(...) : String | JoddJsonServlet.java:45:37:45:40 | json | Unsafe deserialization depends on a $@. | JoddJsonServlet.java:32:23:32:46 | getParameter(...) | user-provided value |
| JoddJsonServlet.java:47:13:47:66 | parse(...) | JoddJsonServlet.java:32:23:32:46 | getParameter(...) : String | JoddJsonServlet.java:47:56:47:59 | json | Unsafe deserialization depends on a $@. | JoddJsonServlet.java:32:23:32:46 | getParameter(...) | user-provided value |
| JoddJsonServlet.java:49:13:49:77 | parse(...) | JoddJsonServlet.java:32:23:32:46 | getParameter(...) : String | JoddJsonServlet.java:49:67:49:70 | json | Unsafe deserialization depends on a $@. | JoddJsonServlet.java:32:23:32:46 | getParameter(...) | user-provided value |
| JoddJsonServlet.java:51:13:51:71 | parse(...) | JoddJsonServlet.java:32:23:32:46 | getParameter(...) : String | JoddJsonServlet.java:51:61:51:64 | json | Unsafe deserialization depends on a $@. | JoddJsonServlet.java:32:23:32:46 | getParameter(...) | user-provided value |
| JoddJsonServlet.java:63:26:63:65 | parse(...) | JoddJsonServlet.java:58:23:58:46 | getParameter(...) : String | JoddJsonServlet.java:63:39:63:42 | json | Unsafe deserialization depends on a $@. | JoddJsonServlet.java:58:23:58:46 | getParameter(...) | user-provided value |
| ObjectMessageTest.java:7:9:7:45 | getObject(...) | ObjectMessageTest.java:6:27:6:41 | message : Message | ObjectMessageTest.java:7:26:7:32 | message | Unsafe deserialization depends on a $@. | ObjectMessageTest.java:6:27:6:41 | message | user-provided value |
| ParcelableEntity.java:32:30:32:70 | fromJson(...) | GsonActivity.java:15:54:15:64 | getIntent(...) : Intent | ParcelableEntity.java:32:44:32:62 | readString(...) | Unsafe deserialization depends on a $@. | GsonActivity.java:15:54:15:64 | getIntent(...) | user-provided value |
| TestMessageBodyReader.java:22:18:22:65 | readObject(...) | TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) | Unsafe deserialization depends on a $@. | TestMessageBodyReader.java:20:55:20:78 | entityStream | user-provided value |
edges
| A.java:17:31:17:51 | getInputStream(...) : InputStream | A.java:18:50:18:60 | inputStream : InputStream | provenance | Src:MaD:17  |
| A.java:17:31:17:51 | getInputStream(...) : InputStream | A.java:19:12:19:13 | in | provenance | Src:MaD:17 inputStreamWrapper |
| A.java:18:28:18:61 | new ObjectInputStream(...) : ObjectInputStream | A.java:19:12:19:13 | in | provenance |  |
| A.java:18:50:18:60 | inputStream : InputStream | A.java:18:28:18:61 | new ObjectInputStream(...) : ObjectInputStream | provenance | MaD:29 |
| A.java:23:31:23:55 | getTaintedObjectInput(...) : ObjectInput | A.java:24:12:24:22 | objectInput | provenance | Src:MaD:21  |
| A.java:28:33:28:59 | getTaintedMyObjectInput(...) : MyObjectInput | A.java:29:12:29:22 | objectInput | provenance | Src:MaD:20  |
| A.java:33:31:33:51 | getInputStream(...) : InputStream | A.java:34:50:34:60 | inputStream : InputStream | provenance | Src:MaD:17  |
| A.java:33:31:33:51 | getInputStream(...) : InputStream | A.java:35:12:35:13 | in | provenance | Src:MaD:17 inputStreamWrapper |
| A.java:34:28:34:61 | new ObjectInputStream(...) : ObjectInputStream | A.java:35:12:35:13 | in | provenance |  |
| A.java:34:50:34:60 | inputStream : InputStream | A.java:34:28:34:61 | new ObjectInputStream(...) : ObjectInputStream | provenance | MaD:29 |
| A.java:45:31:45:51 | getInputStream(...) : InputStream | A.java:46:35:46:45 | inputStream : InputStream | provenance | Src:MaD:17  |
| A.java:46:20:46:46 | new XMLDecoder(...) : XMLDecoder | A.java:47:12:47:12 | d | provenance | Sink:MaD:6 |
| A.java:46:35:46:45 | inputStream : InputStream | A.java:46:20:46:46 | new XMLDecoder(...) : XMLDecoder | provenance | MaD:25 |
| A.java:52:31:52:51 | getInputStream(...) : InputStream | A.java:53:43:53:53 | inputStream : InputStream | provenance | Src:MaD:17  |
| A.java:53:21:53:54 | new InputStreamReader(...) : InputStreamReader | A.java:54:23:54:28 | reader | provenance |  |
| A.java:53:43:53:53 | inputStream : InputStream | A.java:53:21:53:54 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:28 |
| A.java:59:19:59:50 | new Input(...) : Input | A.java:60:28:60:32 | input | provenance |  |
| A.java:59:19:59:50 | new Input(...) : Input | A.java:61:34:61:38 | input | provenance |  |
| A.java:59:19:59:50 | new Input(...) : Input | A.java:62:40:62:44 | input | provenance |  |
| A.java:59:29:59:49 | getInputStream(...) : InputStream | A.java:59:19:59:50 | new Input(...) : Input | provenance | Src:MaD:17 MaD:23 |
| A.java:80:25:80:45 | getInputStream(...) : InputStream | A.java:81:26:81:30 | input | provenance | Src:MaD:17  |
| A.java:80:25:80:45 | getInputStream(...) : InputStream | A.java:82:30:82:34 | input | provenance | Src:MaD:17  |
| A.java:80:25:80:45 | getInputStream(...) : InputStream | A.java:83:50:83:54 | input : InputStream | provenance | Src:MaD:17  |
| A.java:80:25:80:45 | getInputStream(...) : InputStream | A.java:84:24:84:28 | input | provenance | Src:MaD:17  |
| A.java:80:25:80:45 | getInputStream(...) : InputStream | A.java:85:46:85:50 | input : InputStream | provenance | Src:MaD:17  |
| A.java:83:50:83:54 | input : InputStream | A.java:83:28:83:55 | new InputStreamReader(...) | provenance | MaD:28 |
| A.java:85:46:85:50 | input : InputStream | A.java:85:24:85:51 | new InputStreamReader(...) | provenance | MaD:28 |
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:91:26:91:30 | input | provenance | Src:MaD:17  |
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:92:30:92:34 | input | provenance | Src:MaD:17  |
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:93:50:93:54 | input : InputStream | provenance | Src:MaD:17  |
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:94:24:94:28 | input | provenance | Src:MaD:17  |
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:95:46:95:50 | input : InputStream | provenance | Src:MaD:17  |
| A.java:93:50:93:54 | input : InputStream | A.java:93:28:93:55 | new InputStreamReader(...) | provenance | MaD:28 |
| A.java:95:46:95:50 | input : InputStream | A.java:95:24:95:51 | new InputStreamReader(...) | provenance | MaD:28 |
| A.java:110:25:110:45 | getInputStream(...) : InputStream | A.java:111:26:111:30 | input | provenance | Src:MaD:17  |
| A.java:110:25:110:45 | getInputStream(...) : InputStream | A.java:112:30:112:34 | input | provenance | Src:MaD:17  |
| A.java:110:25:110:45 | getInputStream(...) : InputStream | A.java:113:50:113:54 | input : InputStream | provenance | Src:MaD:17  |
| A.java:110:25:110:45 | getInputStream(...) : InputStream | A.java:114:24:114:28 | input | provenance | Src:MaD:17  |
| A.java:110:25:110:45 | getInputStream(...) : InputStream | A.java:115:46:115:50 | input : InputStream | provenance | Src:MaD:17  |
| A.java:113:50:113:54 | input : InputStream | A.java:113:28:113:55 | new InputStreamReader(...) | provenance | MaD:28 |
| A.java:115:46:115:50 | input : InputStream | A.java:115:24:115:51 | new InputStreamReader(...) | provenance | MaD:28 |
| B.java:7:31:7:51 | getInputStream(...) : InputStream | B.java:8:29:8:39 | inputStream | provenance | Src:MaD:17  |
| B.java:12:31:12:51 | getInputStream(...) : InputStream | B.java:14:5:14:15 | inputStream : InputStream | provenance | Src:MaD:17  |
| B.java:14:5:14:15 | inputStream : InputStream | B.java:14:22:14:26 | bytes [post update] : byte[] | provenance | MaD:27 |
| B.java:14:22:14:26 | bytes [post update] : byte[] | B.java:15:23:15:27 | bytes | provenance |  |
| B.java:19:31:19:51 | getInputStream(...) : InputStream | B.java:21:5:21:15 | inputStream : InputStream | provenance | Src:MaD:17  |
| B.java:21:5:21:15 | inputStream : InputStream | B.java:21:22:21:26 | bytes [post update] : byte[] | provenance | MaD:27 |
| B.java:21:22:21:26 | bytes [post update] : byte[] | B.java:22:27:22:31 | bytes : byte[] | provenance |  |
| B.java:22:16:22:32 | new String(...) : String | B.java:23:29:23:29 | s | provenance |  |
| B.java:22:27:22:31 | bytes : byte[] | B.java:22:16:22:32 | new String(...) : String | provenance | MaD:31 |
| B.java:27:31:27:51 | getInputStream(...) : InputStream | B.java:29:5:29:15 | inputStream : InputStream | provenance | Src:MaD:17  |
| B.java:29:5:29:15 | inputStream : InputStream | B.java:29:22:29:26 | bytes [post update] : byte[] | provenance | MaD:27 |
| B.java:29:22:29:26 | bytes [post update] : byte[] | B.java:30:27:30:31 | bytes : byte[] | provenance |  |
| B.java:30:16:30:32 | new String(...) : String | B.java:31:23:31:23 | s | provenance |  |
| B.java:30:27:30:31 | bytes : byte[] | B.java:30:16:30:32 | new String(...) : String | provenance | MaD:31 |
| C.java:23:17:23:44 | getParameter(...) : String | C.java:24:13:24:16 | data | provenance | Src:MaD:19 Sink:MaD:8 |
| C.java:23:17:23:44 | getParameter(...) : String | C.java:25:19:25:22 | data | provenance | Src:MaD:19 Sink:MaD:9 |
| C.java:23:17:23:44 | getParameter(...) : String | C.java:26:25:26:28 | data | provenance | Src:MaD:19 Sink:MaD:10 |
| C.java:23:17:23:44 | getParameter(...) : String | C.java:27:17:27:20 | data | provenance | Src:MaD:19 Sink:MaD:11 |
| C.java:23:17:23:44 | getParameter(...) : String | C.java:30:19:30:22 | data | provenance | Src:MaD:19 Sink:MaD:12 |
| C.java:23:17:23:44 | getParameter(...) : String | C.java:31:25:31:28 | data | provenance | Src:MaD:19 Sink:MaD:13 |
| C.java:23:17:23:44 | getParameter(...) : String | C.java:32:31:32:34 | data | provenance | Src:MaD:19 Sink:MaD:14 |
| C.java:23:17:23:44 | getParameter(...) : String | C.java:33:23:33:26 | data | provenance | Src:MaD:19 Sink:MaD:15 |
| C.java:38:17:38:44 | getParameter(...) : String | C.java:43:25:43:28 | data | provenance | Src:MaD:19 Sink:MaD:3 |
| C.java:38:17:38:44 | getParameter(...) : String | C.java:45:34:45:37 | data : String | provenance | Src:MaD:19  |
| C.java:45:19:45:44 | new JsonReader(...) : JsonReader | C.java:46:3:46:4 | jr | provenance | Sink:MaD:4 |
| C.java:45:34:45:37 | data : String | C.java:45:19:45:44 | new JsonReader(...) : JsonReader | provenance | Config |
| C.java:51:17:51:44 | getParameter(...) : String | C.java:52:33:52:36 | data : String | provenance | Src:MaD:19  |
| C.java:52:18:52:37 | new YamlReader(...) : YamlReader | C.java:53:3:53:3 | r | provenance | Sink:MaD:5 |
| C.java:52:18:52:37 | new YamlReader(...) : YamlReader | C.java:54:3:54:3 | r | provenance | Sink:MaD:5 |
| C.java:52:18:52:37 | new YamlReader(...) : YamlReader | C.java:55:3:55:3 | r | provenance | Sink:MaD:5 |
| C.java:52:33:52:36 | data : String | C.java:52:18:52:37 | new YamlReader(...) : YamlReader | provenance | Config |
| C.java:60:18:60:45 | getParameter(...) : String | C.java:60:18:60:56 | getBytes(...) : byte[] | provenance | Src:MaD:19 MaD:32 |
| C.java:60:18:60:56 | getBytes(...) : byte[] | C.java:61:55:61:59 | bytes : byte[] | provenance |  |
| C.java:60:18:60:56 | getBytes(...) : byte[] | C.java:62:48:62:50 | bis : ByteArrayInputStream | provenance | inputStreamWrapper |
| C.java:61:30:61:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | C.java:62:48:62:50 | bis : ByteArrayInputStream | provenance |  |
| C.java:61:55:61:59 | bytes : byte[] | C.java:61:30:61:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | provenance | MaD:26 |
| C.java:62:31:62:51 | new HessianInput(...) : HessianInput | C.java:63:3:63:14 | hessianInput | provenance | Sink:MaD:2 |
| C.java:62:31:62:51 | new HessianInput(...) : HessianInput | C.java:64:3:64:14 | hessianInput | provenance | Sink:MaD:2 |
| C.java:62:48:62:50 | bis : ByteArrayInputStream | C.java:62:31:62:51 | new HessianInput(...) : HessianInput | provenance | Config |
| C.java:69:18:69:45 | getParameter(...) : String | C.java:69:18:69:56 | getBytes(...) : byte[] | provenance | Src:MaD:19 MaD:32 |
| C.java:69:18:69:56 | getBytes(...) : byte[] | C.java:70:55:70:59 | bytes : byte[] | provenance |  |
| C.java:69:18:69:56 | getBytes(...) : byte[] | C.java:71:50:71:52 | bis : ByteArrayInputStream | provenance | inputStreamWrapper |
| C.java:70:30:70:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | C.java:71:50:71:52 | bis : ByteArrayInputStream | provenance |  |
| C.java:70:55:70:59 | bytes : byte[] | C.java:70:30:70:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | provenance | MaD:26 |
| C.java:71:32:71:53 | new Hessian2Input(...) : Hessian2Input | C.java:72:3:72:14 | hessianInput | provenance | Sink:MaD:2 |
| C.java:71:32:71:53 | new Hessian2Input(...) : Hessian2Input | C.java:73:3:73:14 | hessianInput | provenance | Sink:MaD:2 |
| C.java:71:50:71:52 | bis : ByteArrayInputStream | C.java:71:32:71:53 | new Hessian2Input(...) : Hessian2Input | provenance | Config |
| C.java:79:43:79:70 | getParameter(...) : String | C.java:79:26:79:71 | new StringReader(...) | provenance | Src:MaD:19 MaD:30 Sink:MaD:7 |
| C.java:84:27:84:54 | getParameter(...) : String | C.java:84:27:84:65 | getBytes(...) : byte[] | provenance | Src:MaD:19 MaD:32 |
| C.java:84:27:84:65 | getBytes(...) : byte[] | C.java:85:54:85:67 | serializedData : byte[] | provenance |  |
| C.java:84:27:84:65 | getBytes(...) : byte[] | C.java:86:45:86:46 | is : ByteArrayInputStream | provenance | inputStreamWrapper |
| C.java:85:29:85:68 | new ByteArrayInputStream(...) : ByteArrayInputStream | C.java:86:45:86:46 | is : ByteArrayInputStream | provenance |  |
| C.java:85:54:85:67 | serializedData : byte[] | C.java:85:29:85:68 | new ByteArrayInputStream(...) : ByteArrayInputStream | provenance | MaD:26 |
| C.java:86:29:86:47 | new BurlapInput(...) : BurlapInput | C.java:87:3:87:13 | burlapInput | provenance | Sink:MaD:1 |
| C.java:86:29:86:47 | new BurlapInput(...) : BurlapInput | C.java:87:3:87:13 | burlapInput | provenance | Sink:MaD:2 |
| C.java:86:45:86:46 | is : ByteArrayInputStream | C.java:86:29:86:47 | new BurlapInput(...) : BurlapInput | provenance | Config |
| C.java:86:45:86:46 | is : ByteArrayInputStream | C.java:90:21:90:22 | is : ByteArrayInputStream | provenance |  |
| C.java:90:3:90:14 | burlapInput1 : BurlapInput | C.java:91:3:91:14 | burlapInput1 | provenance | Sink:MaD:1 |
| C.java:90:3:90:14 | burlapInput1 : BurlapInput | C.java:91:3:91:14 | burlapInput1 | provenance | Sink:MaD:2 |
| C.java:90:21:90:22 | is : ByteArrayInputStream | C.java:90:3:90:14 | burlapInput1 : BurlapInput | provenance | Config |
| FlexjsonServlet.java:67:23:67:46 | getParameter(...) : String | FlexjsonServlet.java:68:127:68:130 | json | provenance | Src:MaD:19  |
| FlexjsonServlet.java:79:23:79:46 | getParameter(...) : String | FlexjsonServlet.java:80:93:80:96 | json | provenance | Src:MaD:19  |
| FlexjsonServlet.java:119:23:119:46 | getParameter(...) : String | FlexjsonServlet.java:124:50:124:53 | json | provenance | Src:MaD:19  |
| GsonActivity.java:15:54:15:64 | getIntent(...) : Intent | ParcelableEntity.java:29:50:29:62 | parcel : Parcel | provenance | Config |
| GsonServlet.java:39:23:39:46 | getParameter(...) : String | GsonServlet.java:44:40:44:43 | json | provenance | Src:MaD:19  |
| GsonServlet.java:53:23:53:46 | getParameter(...) : String | GsonServlet.java:60:40:60:43 | json | provenance | Src:MaD:19  |
| JabsorbServlet.java:89:23:89:46 | getParameter(...) : String | JabsorbServlet.java:93:48:93:51 | json : String | provenance | Src:MaD:19  |
| JabsorbServlet.java:93:33:93:52 | new JSONObject(...) : JSONObject | JabsorbServlet.java:102:83:102:92 | jsonObject | provenance |  |
| JabsorbServlet.java:93:48:93:51 | json : String | JabsorbServlet.java:93:33:93:52 | new JSONObject(...) : JSONObject | provenance | MaD:34 |
| JabsorbServlet.java:110:23:110:46 | getParameter(...) : String | JabsorbServlet.java:116:52:116:55 | json | provenance | Src:MaD:19 Sink:MaD:16 |
| JacksonTest.java:20:25:20:47 | getInputStream(...) : InputStream | JacksonTest.java:20:54:20:58 | bytes [post update] : byte[] | provenance | Src:MaD:17 MaD:27 |
| JacksonTest.java:20:54:20:58 | bytes [post update] : byte[] | JacksonTest.java:21:46:21:50 | bytes : byte[] | provenance |  |
| JacksonTest.java:21:35:21:57 | new String(...) : String | JacksonTest.java:22:28:22:35 | jexlExpr : String | provenance |  |
| JacksonTest.java:21:46:21:50 | bytes : byte[] | JacksonTest.java:21:35:21:57 | new String(...) : String | provenance | MaD:31 |
| JacksonTest.java:22:28:22:35 | jexlExpr : String | JacksonTest.java:74:32:74:37 | string : String | provenance |  |
| JacksonTest.java:22:28:22:35 | jexlExpr : String | JacksonTest.java:83:32:83:37 | string : String | provenance |  |
| JacksonTest.java:22:28:22:35 | jexlExpr : String | JacksonTest.java:92:32:92:37 | string : String | provenance |  |
| JacksonTest.java:22:28:22:35 | jexlExpr : String | JacksonTest.java:139:32:139:37 | string : String | provenance |  |
| JacksonTest.java:22:28:22:35 | jexlExpr : String | JacksonTest.java:148:32:148:37 | string : String | provenance |  |
| JacksonTest.java:22:28:22:35 | jexlExpr : String | JacksonTest.java:157:32:157:37 | string : String | provenance |  |
| JacksonTest.java:22:28:22:35 | jexlExpr : String | JacksonTest.java:166:32:166:36 | input : String | provenance |  |
| JacksonTest.java:22:28:22:35 | jexlExpr : String | JacksonTest.java:178:32:178:36 | input : String | provenance |  |
| JacksonTest.java:74:32:74:37 | string : String | JacksonTest.java:76:30:76:35 | string | provenance |  |
| JacksonTest.java:83:32:83:37 | string : String | JacksonTest.java:85:30:85:35 | string | provenance |  |
| JacksonTest.java:92:32:92:37 | string : String | JacksonTest.java:94:30:94:35 | string | provenance |  |
| JacksonTest.java:139:32:139:37 | string : String | JacksonTest.java:142:30:142:35 | string | provenance |  |
| JacksonTest.java:148:32:148:37 | string : String | JacksonTest.java:151:62:151:67 | string : String | provenance |  |
| JacksonTest.java:151:62:151:67 | string : String | JacksonTest.java:151:31:151:68 | createParser(...) | provenance | Config |
| JacksonTest.java:151:62:151:67 | string : String | JacksonTest.java:151:31:151:68 | createParser(...) | provenance | MaD:24 |
| JacksonTest.java:157:32:157:37 | string : String | JacksonTest.java:160:48:160:53 | string : String | provenance |  |
| JacksonTest.java:160:48:160:53 | string : String | JacksonTest.java:160:32:160:54 | readTree(...) | provenance | Config |
| JacksonTest.java:166:32:166:36 | input : String | JacksonTest.java:167:30:167:34 | input : String | provenance |  |
| JacksonTest.java:167:30:167:34 | input : String | JacksonTest.java:167:30:167:45 | split(...) : String[] | provenance | MaD:33 |
| JacksonTest.java:167:30:167:45 | split(...) : String[] | JacksonTest.java:172:30:172:33 | data | provenance |  |
| JacksonTest.java:178:32:178:36 | input : String | JacksonTest.java:179:30:179:34 | input : String | provenance |  |
| JacksonTest.java:179:30:179:34 | input : String | JacksonTest.java:179:30:179:45 | split(...) : String[] | provenance | MaD:33 |
| JacksonTest.java:179:30:179:45 | split(...) : String[] | JacksonTest.java:183:30:183:33 | data | provenance |  |
| JoddJsonServlet.java:32:23:32:46 | getParameter(...) : String | JoddJsonServlet.java:45:37:45:40 | json | provenance | Src:MaD:19  |
| JoddJsonServlet.java:32:23:32:46 | getParameter(...) : String | JoddJsonServlet.java:47:56:47:59 | json | provenance | Src:MaD:19  |
| JoddJsonServlet.java:32:23:32:46 | getParameter(...) : String | JoddJsonServlet.java:49:67:49:70 | json | provenance | Src:MaD:19  |
| JoddJsonServlet.java:32:23:32:46 | getParameter(...) : String | JoddJsonServlet.java:51:61:51:64 | json | provenance | Src:MaD:19  |
| JoddJsonServlet.java:58:23:58:46 | getParameter(...) : String | JoddJsonServlet.java:63:39:63:42 | json | provenance | Src:MaD:19  |
| ObjectMessageTest.java:6:27:6:41 | message : Message | ObjectMessageTest.java:7:26:7:32 | message | provenance | Src:MaD:18  |
| ParcelableEntity.java:29:50:29:62 | parcel : Parcel | ParcelableEntity.java:32:44:32:49 | parcel : Parcel | provenance |  |
| ParcelableEntity.java:32:44:32:49 | parcel : Parcel | ParcelableEntity.java:32:44:32:62 | readString(...) | provenance | MaD:22 |
| TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) | provenance | inputStreamWrapper |
| TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | TestMessageBodyReader.java:22:40:22:51 | entityStream : InputStream | provenance |  |
| TestMessageBodyReader.java:22:40:22:51 | entityStream : InputStream | TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) | provenance | MaD:29 |
models
| 1 | Sink: com.caucho.burlap.io; BurlapInput; true; readObject; ; ; Argument[this]; unsafe-deserialization; manual |
| 2 | Sink: com.caucho.hessian.io; AbstractHessianInput; true; readObject; ; ; Argument[this]; unsafe-deserialization; manual |
| 3 | Sink: com.cedarsoftware.util.io; JsonReader; false; jsonToJava; ; ; Argument[0]; unsafe-deserialization; manual |
| 4 | Sink: com.cedarsoftware.util.io; JsonReader; true; readObject; ; ; Argument[this]; unsafe-deserialization; manual |
| 5 | Sink: com.esotericsoftware.yamlbeans; YamlReader; true; read; ; ; Argument[this]; unsafe-deserialization; manual |
| 6 | Sink: java.beans; XMLDecoder; true; readObject; (); ; Argument[this]; unsafe-deserialization; manual |
| 7 | Sink: org.exolab.castor.xml; Unmarshaller; true; unmarshal; ; ; Argument[0..1]; unsafe-deserialization; manual |
| 8 | Sink: org.ho.yaml; Yaml; false; load; ; ; Argument[0]; unsafe-deserialization; manual |
| 9 | Sink: org.ho.yaml; Yaml; false; loadStream; ; ; Argument[0]; unsafe-deserialization; manual |
| 10 | Sink: org.ho.yaml; Yaml; false; loadStreamOfType; ; ; Argument[0]; unsafe-deserialization; manual |
| 11 | Sink: org.ho.yaml; Yaml; false; loadType; ; ; Argument[0]; unsafe-deserialization; manual |
| 12 | Sink: org.ho.yaml; YamlConfig; false; load; ; ; Argument[0]; unsafe-deserialization; manual |
| 13 | Sink: org.ho.yaml; YamlConfig; false; loadStream; ; ; Argument[0]; unsafe-deserialization; manual |
| 14 | Sink: org.ho.yaml; YamlConfig; false; loadStreamOfType; ; ; Argument[0]; unsafe-deserialization; manual |
| 15 | Sink: org.ho.yaml; YamlConfig; false; loadType; ; ; Argument[0]; unsafe-deserialization; manual |
| 16 | Sink: org.jabsorb; JSONSerializer; true; fromJSON; ; ; Argument[0]; unsafe-deserialization; manual |
| 17 | Source: java.net; Socket; false; getInputStream; (); ; ReturnValue; remote; manual |
| 18 | Source: javax.jms; MessageListener; true; onMessage; (Message); ; Parameter[0]; remote; manual |
| 19 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
| 20 | Source: unsafedeserialization; A; false; getTaintedMyObjectInput; (); ; ReturnValue; remote; manual |
| 21 | Source: unsafedeserialization; A; false; getTaintedObjectInput; (); ; ReturnValue; remote; manual |
| 22 | Summary: android.os; Parcel; false; readString; ; ; Argument[this]; ReturnValue; taint; manual |
| 23 | Summary: com.esotericsoftware.kryo.io; Input; false; Input; ; ; Argument[0]; Argument[this]; taint; manual |
| 24 | Summary: com.fasterxml.jackson.core; JsonFactory; false; createParser; ; ; Argument[0]; ReturnValue; taint; manual |
| 25 | Summary: java.beans; XMLDecoder; false; XMLDecoder; ; ; Argument[0]; Argument[this]; taint; manual |
| 26 | Summary: java.io; ByteArrayInputStream; false; ByteArrayInputStream; ; ; Argument[0]; Argument[this]; taint; manual |
| 27 | Summary: java.io; InputStream; true; read; (byte[]); ; Argument[this]; Argument[0]; taint; manual |
| 28 | Summary: java.io; InputStreamReader; false; InputStreamReader; ; ; Argument[0]; Argument[this]; taint; manual |
| 29 | Summary: java.io; ObjectInputStream; false; ObjectInputStream; ; ; Argument[0]; Argument[this]; taint; manual |
| 30 | Summary: java.io; StringReader; false; StringReader; ; ; Argument[0]; Argument[this]; taint; manual |
| 31 | Summary: java.lang; String; false; String; ; ; Argument[0]; Argument[this]; taint; manual |
| 32 | Summary: java.lang; String; false; getBytes; ; ; Argument[this]; ReturnValue; taint; manual |
| 33 | Summary: java.lang; String; false; split; ; ; Argument[this]; ReturnValue; taint; manual |
| 34 | Summary: org.json; JSONObject; false; JSONObject; (String); ; Argument[0]; Argument[this]; taint; manual |
nodes
| A.java:17:31:17:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| A.java:18:28:18:61 | new ObjectInputStream(...) : ObjectInputStream | semmle.label | new ObjectInputStream(...) : ObjectInputStream |
| A.java:18:50:18:60 | inputStream : InputStream | semmle.label | inputStream : InputStream |
| A.java:19:12:19:13 | in | semmle.label | in |
| A.java:23:31:23:55 | getTaintedObjectInput(...) : ObjectInput | semmle.label | getTaintedObjectInput(...) : ObjectInput |
| A.java:24:12:24:22 | objectInput | semmle.label | objectInput |
| A.java:28:33:28:59 | getTaintedMyObjectInput(...) : MyObjectInput | semmle.label | getTaintedMyObjectInput(...) : MyObjectInput |
| A.java:29:12:29:22 | objectInput | semmle.label | objectInput |
| A.java:33:31:33:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| A.java:34:28:34:61 | new ObjectInputStream(...) : ObjectInputStream | semmle.label | new ObjectInputStream(...) : ObjectInputStream |
| A.java:34:50:34:60 | inputStream : InputStream | semmle.label | inputStream : InputStream |
| A.java:35:12:35:13 | in | semmle.label | in |
| A.java:45:31:45:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| A.java:46:20:46:46 | new XMLDecoder(...) : XMLDecoder | semmle.label | new XMLDecoder(...) : XMLDecoder |
| A.java:46:35:46:45 | inputStream : InputStream | semmle.label | inputStream : InputStream |
| A.java:47:12:47:12 | d | semmle.label | d |
| A.java:52:31:52:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| A.java:53:21:53:54 | new InputStreamReader(...) : InputStreamReader | semmle.label | new InputStreamReader(...) : InputStreamReader |
| A.java:53:43:53:53 | inputStream : InputStream | semmle.label | inputStream : InputStream |
| A.java:54:23:54:28 | reader | semmle.label | reader |
| A.java:59:19:59:50 | new Input(...) : Input | semmle.label | new Input(...) : Input |
| A.java:59:29:59:49 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| A.java:60:28:60:32 | input | semmle.label | input |
| A.java:61:34:61:38 | input | semmle.label | input |
| A.java:62:40:62:44 | input | semmle.label | input |
| A.java:80:25:80:45 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| A.java:81:26:81:30 | input | semmle.label | input |
| A.java:82:30:82:34 | input | semmle.label | input |
| A.java:83:28:83:55 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
| A.java:83:50:83:54 | input : InputStream | semmle.label | input : InputStream |
| A.java:84:24:84:28 | input | semmle.label | input |
| A.java:85:24:85:51 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
| A.java:85:46:85:50 | input : InputStream | semmle.label | input : InputStream |
| A.java:90:25:90:45 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| A.java:91:26:91:30 | input | semmle.label | input |
| A.java:92:30:92:34 | input | semmle.label | input |
| A.java:93:28:93:55 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
| A.java:93:50:93:54 | input : InputStream | semmle.label | input : InputStream |
| A.java:94:24:94:28 | input | semmle.label | input |
| A.java:95:24:95:51 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
| A.java:95:46:95:50 | input : InputStream | semmle.label | input : InputStream |
| A.java:110:25:110:45 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| A.java:111:26:111:30 | input | semmle.label | input |
| A.java:112:30:112:34 | input | semmle.label | input |
| A.java:113:28:113:55 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
| A.java:113:50:113:54 | input : InputStream | semmle.label | input : InputStream |
| A.java:114:24:114:28 | input | semmle.label | input |
| A.java:115:24:115:51 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
| A.java:115:46:115:50 | input : InputStream | semmle.label | input : InputStream |
| B.java:7:31:7:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| B.java:8:29:8:39 | inputStream | semmle.label | inputStream |
| B.java:12:31:12:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| B.java:14:5:14:15 | inputStream : InputStream | semmle.label | inputStream : InputStream |
| B.java:14:22:14:26 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
| B.java:15:23:15:27 | bytes | semmle.label | bytes |
| B.java:19:31:19:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| B.java:21:5:21:15 | inputStream : InputStream | semmle.label | inputStream : InputStream |
| B.java:21:22:21:26 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
| B.java:22:16:22:32 | new String(...) : String | semmle.label | new String(...) : String |
| B.java:22:27:22:31 | bytes : byte[] | semmle.label | bytes : byte[] |
| B.java:23:29:23:29 | s | semmle.label | s |
| B.java:27:31:27:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| B.java:29:5:29:15 | inputStream : InputStream | semmle.label | inputStream : InputStream |
| B.java:29:22:29:26 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
| B.java:30:16:30:32 | new String(...) : String | semmle.label | new String(...) : String |
| B.java:30:27:30:31 | bytes : byte[] | semmle.label | bytes : byte[] |
| B.java:31:23:31:23 | s | semmle.label | s |
| C.java:23:17:23:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| C.java:24:13:24:16 | data | semmle.label | data |
| C.java:25:19:25:22 | data | semmle.label | data |
| C.java:26:25:26:28 | data | semmle.label | data |
| C.java:27:17:27:20 | data | semmle.label | data |
| C.java:30:19:30:22 | data | semmle.label | data |
| C.java:31:25:31:28 | data | semmle.label | data |
| C.java:32:31:32:34 | data | semmle.label | data |
| C.java:33:23:33:26 | data | semmle.label | data |
| C.java:38:17:38:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| C.java:43:25:43:28 | data | semmle.label | data |
| C.java:45:19:45:44 | new JsonReader(...) : JsonReader | semmle.label | new JsonReader(...) : JsonReader |
| C.java:45:34:45:37 | data : String | semmle.label | data : String |
| C.java:46:3:46:4 | jr | semmle.label | jr |
| C.java:51:17:51:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| C.java:52:18:52:37 | new YamlReader(...) : YamlReader | semmle.label | new YamlReader(...) : YamlReader |
| C.java:52:33:52:36 | data : String | semmle.label | data : String |
| C.java:53:3:53:3 | r | semmle.label | r |
| C.java:54:3:54:3 | r | semmle.label | r |
| C.java:55:3:55:3 | r | semmle.label | r |
| C.java:60:18:60:45 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| C.java:60:18:60:56 | getBytes(...) : byte[] | semmle.label | getBytes(...) : byte[] |
| C.java:61:30:61:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | semmle.label | new ByteArrayInputStream(...) : ByteArrayInputStream |
| C.java:61:55:61:59 | bytes : byte[] | semmle.label | bytes : byte[] |
| C.java:62:31:62:51 | new HessianInput(...) : HessianInput | semmle.label | new HessianInput(...) : HessianInput |
| C.java:62:48:62:50 | bis : ByteArrayInputStream | semmle.label | bis : ByteArrayInputStream |
| C.java:63:3:63:14 | hessianInput | semmle.label | hessianInput |
| C.java:64:3:64:14 | hessianInput | semmle.label | hessianInput |
| C.java:69:18:69:45 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| C.java:69:18:69:56 | getBytes(...) : byte[] | semmle.label | getBytes(...) : byte[] |
| C.java:70:30:70:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | semmle.label | new ByteArrayInputStream(...) : ByteArrayInputStream |
| C.java:70:55:70:59 | bytes : byte[] | semmle.label | bytes : byte[] |
| C.java:71:32:71:53 | new Hessian2Input(...) : Hessian2Input | semmle.label | new Hessian2Input(...) : Hessian2Input |
| C.java:71:50:71:52 | bis : ByteArrayInputStream | semmle.label | bis : ByteArrayInputStream |
| C.java:72:3:72:14 | hessianInput | semmle.label | hessianInput |
| C.java:73:3:73:14 | hessianInput | semmle.label | hessianInput |
| C.java:79:26:79:71 | new StringReader(...) | semmle.label | new StringReader(...) |
| C.java:79:43:79:70 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| C.java:84:27:84:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| C.java:84:27:84:65 | getBytes(...) : byte[] | semmle.label | getBytes(...) : byte[] |
| C.java:85:29:85:68 | new ByteArrayInputStream(...) : ByteArrayInputStream | semmle.label | new ByteArrayInputStream(...) : ByteArrayInputStream |
| C.java:85:54:85:67 | serializedData : byte[] | semmle.label | serializedData : byte[] |
| C.java:86:29:86:47 | new BurlapInput(...) : BurlapInput | semmle.label | new BurlapInput(...) : BurlapInput |
| C.java:86:45:86:46 | is : ByteArrayInputStream | semmle.label | is : ByteArrayInputStream |
| C.java:87:3:87:13 | burlapInput | semmle.label | burlapInput |
| C.java:90:3:90:14 | burlapInput1 : BurlapInput | semmle.label | burlapInput1 : BurlapInput |
| C.java:90:21:90:22 | is : ByteArrayInputStream | semmle.label | is : ByteArrayInputStream |
| C.java:91:3:91:14 | burlapInput1 | semmle.label | burlapInput1 |
| FlexjsonServlet.java:36:53:36:67 | getReader(...) | semmle.label | getReader(...) |
| FlexjsonServlet.java:44:53:44:67 | getReader(...) | semmle.label | getReader(...) |
| FlexjsonServlet.java:52:53:52:67 | getReader(...) | semmle.label | getReader(...) |
| FlexjsonServlet.java:67:23:67:46 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| FlexjsonServlet.java:68:127:68:130 | json | semmle.label | json |
| FlexjsonServlet.java:79:23:79:46 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| FlexjsonServlet.java:80:93:80:96 | json | semmle.label | json |
| FlexjsonServlet.java:119:23:119:46 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| FlexjsonServlet.java:124:50:124:53 | json | semmle.label | json |
| GsonActivity.java:15:54:15:64 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
| GsonServlet.java:39:23:39:46 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GsonServlet.java:44:40:44:43 | json | semmle.label | json |
| GsonServlet.java:53:23:53:46 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GsonServlet.java:60:40:60:43 | json | semmle.label | json |
| JabsorbServlet.java:89:23:89:46 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JabsorbServlet.java:93:33:93:52 | new JSONObject(...) : JSONObject | semmle.label | new JSONObject(...) : JSONObject |
| JabsorbServlet.java:93:48:93:51 | json : String | semmle.label | json : String |
| JabsorbServlet.java:102:83:102:92 | jsonObject | semmle.label | jsonObject |
| JabsorbServlet.java:110:23:110:46 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JabsorbServlet.java:116:52:116:55 | json | semmle.label | json |
| JacksonTest.java:20:25:20:47 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| JacksonTest.java:20:54:20:58 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
| JacksonTest.java:21:35:21:57 | new String(...) : String | semmle.label | new String(...) : String |
| JacksonTest.java:21:46:21:50 | bytes : byte[] | semmle.label | bytes : byte[] |
| JacksonTest.java:22:28:22:35 | jexlExpr : String | semmle.label | jexlExpr : String |
| JacksonTest.java:74:32:74:37 | string : String | semmle.label | string : String |
| JacksonTest.java:76:30:76:35 | string | semmle.label | string |
| JacksonTest.java:83:32:83:37 | string : String | semmle.label | string : String |
| JacksonTest.java:85:30:85:35 | string | semmle.label | string |
| JacksonTest.java:92:32:92:37 | string : String | semmle.label | string : String |
| JacksonTest.java:94:30:94:35 | string | semmle.label | string |
| JacksonTest.java:139:32:139:37 | string : String | semmle.label | string : String |
| JacksonTest.java:142:30:142:35 | string | semmle.label | string |
| JacksonTest.java:148:32:148:37 | string : String | semmle.label | string : String |
| JacksonTest.java:151:31:151:68 | createParser(...) | semmle.label | createParser(...) |
| JacksonTest.java:151:62:151:67 | string : String | semmle.label | string : String |
| JacksonTest.java:157:32:157:37 | string : String | semmle.label | string : String |
| JacksonTest.java:160:32:160:54 | readTree(...) | semmle.label | readTree(...) |
| JacksonTest.java:160:48:160:53 | string : String | semmle.label | string : String |
| JacksonTest.java:166:32:166:36 | input : String | semmle.label | input : String |
| JacksonTest.java:167:30:167:34 | input : String | semmle.label | input : String |
| JacksonTest.java:167:30:167:45 | split(...) : String[] | semmle.label | split(...) : String[] |
| JacksonTest.java:172:30:172:33 | data | semmle.label | data |
| JacksonTest.java:178:32:178:36 | input : String | semmle.label | input : String |
| JacksonTest.java:179:30:179:34 | input : String | semmle.label | input : String |
| JacksonTest.java:179:30:179:45 | split(...) : String[] | semmle.label | split(...) : String[] |
| JacksonTest.java:183:30:183:33 | data | semmle.label | data |
| JoddJsonServlet.java:32:23:32:46 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JoddJsonServlet.java:45:37:45:40 | json | semmle.label | json |
| JoddJsonServlet.java:47:56:47:59 | json | semmle.label | json |
| JoddJsonServlet.java:49:67:49:70 | json | semmle.label | json |
| JoddJsonServlet.java:51:61:51:64 | json | semmle.label | json |
| JoddJsonServlet.java:58:23:58:46 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JoddJsonServlet.java:63:39:63:42 | json | semmle.label | json |
| ObjectMessageTest.java:6:27:6:41 | message : Message | semmle.label | message : Message |
| ObjectMessageTest.java:7:26:7:32 | message | semmle.label | message |
| ParcelableEntity.java:29:50:29:62 | parcel : Parcel | semmle.label | parcel : Parcel |
| ParcelableEntity.java:32:44:32:49 | parcel : Parcel | semmle.label | parcel : Parcel |
| ParcelableEntity.java:32:44:32:62 | readString(...) | semmle.label | readString(...) |
| TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | semmle.label | entityStream : InputStream |
| TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) | semmle.label | new ObjectInputStream(...) |
| TestMessageBodyReader.java:22:40:22:51 | entityStream : InputStream | semmle.label | entityStream : InputStream |
subpaths