hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.1
codeql/java/ql/test/query-tests/security/CWE-502/ParcelableEntity.java
Nora Dimitrijević 4412335223 Java: convert UnsafeDeserialization test to .qlref
2025-06-24 16:42:14 +02:00

46 lines
1.2 KiB
Java
Raw Permalink Blame History

package com.example.app;
import android.os.Parcel;
import android.os.Parcelable;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
public class ParcelableEntity implements Parcelable {
private static final Gson GSON = new GsonBuilder().create();
public ParcelableEntity(Object obj) {
this.obj = obj;
}
private Object obj;
@Override
public void writeToParcel(Parcel parcel, int i) {
parcel.writeString(obj.getClass().getName());
parcel.writeString(GSON.toJson(obj));
}
@Override
public int describeContents() { return 0; }
public static final Parcelable.Creator CREATOR = new Creator<ParcelableEntity>() {
@Override
public ParcelableEntity createFromParcel(Parcel parcel) {
try {
Class clazz = Class.forName(parcel.readString());
Object obj = GSON.fromJson(parcel.readString(), clazz); // $ Alert
return new ParcelableEntity(obj);
}
catch (ClassNotFoundException e) {
throw new RuntimeException(e);
}
}
@Override
public ParcelableEntity[] newArray(int size) {
return new ParcelableEntity[size];
}
};
}
Reference in New Issue View Git Blame Copy Permalink