Removed getAnAccess() calls for Jackson

artem-smotrakov · artem-smotrakov · commit 24e4b68b9cc1 · 2021-07-09T10:24:14.000+02:00
diff --git a/java/ql/src/semmle/code/java/security/UnsafeDeserialization.qll b/java/ql/src/semmle/code/java/security/UnsafeDeserialization.qll
@@ -85,7 +85,7 @@ class SetPolymorphicTypeValidatorSource extends DataFlow::ExprNode {
         m.getDeclaringType() instanceof MapperBuilder and
         m.hasName("polymorphicTypeValidator")
       ) and
-      this.asExpr() = [q, q.(VarAccess).getVariable().getAnAccess()]
+      this.asExpr() = q
     )
   }
 }
@@ -185,8 +185,7 @@ class EnabledJacksonDefaultTyping extends DataFlow2::Configuration {
   EnabledJacksonDefaultTyping() { this = "EnabledJacksonDefaultTyping" }
 
   override predicate isSource(DataFlow::Node src) {
-    any(EnableJacksonDefaultTyping ma).getQualifier().(VarAccess).getVariable().getAnAccess() =
-      src.asExpr()
+    any(EnableJacksonDefaultTyping ma).getQualifier() = src.asExpr()
   }
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof ObjectMapperReadSink }
@@ -212,7 +211,7 @@ class SafeObjectMapper extends DataFlow2::Configuration {
           .(RefType)
           .hasQualifiedName("com.fasterxml.jackson.databind.json",
             ["JsonMapper$Builder", "JsonMapper"]) and
-      fromNode.asExpr() = [q, q.(VarAccess).getVariable().getAnAccess()] and
+      fromNode.asExpr() = q and
       ma = toNode.asExpr()
     )
   }

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ class SetPolymorphicTypeValidatorSource extends DataFlow::ExprNode {`
`85`	`85`	`m.getDeclaringType() instanceof MapperBuilder and`
`86`	`86`	`m.hasName("polymorphicTypeValidator")`
`87`	`87`	`) and`
`88`		`- this.asExpr() = [q, q.(VarAccess).getVariable().getAnAccess()]`
	`88`	`+ this.asExpr() = q`
`89`	`89`	`)`
`90`	`90`	`}`
`91`	`91`	`}`
`@@ -185,8 +185,7 @@ class EnabledJacksonDefaultTyping extends DataFlow2::Configuration {`
`185`	`185`	`EnabledJacksonDefaultTyping() { this = "EnabledJacksonDefaultTyping" }`
`186`	`186`
`187`	`187`	`override predicate isSource(DataFlow::Node src) {`
`188`		`- any(EnableJacksonDefaultTyping ma).getQualifier().(VarAccess).getVariable().getAnAccess() =`
`189`		`- src.asExpr()`
	`188`	`+ any(EnableJacksonDefaultTyping ma).getQualifier() = src.asExpr()`
`190`	`189`	`}`
`191`	`190`
`192`	`191`	`override predicate isSink(DataFlow::Node sink) { sink instanceof ObjectMapperReadSink }`
`@@ -212,7 +211,7 @@ class SafeObjectMapper extends DataFlow2::Configuration {`
`212`	`211`	`.(RefType)`
`213`	`212`	`.hasQualifiedName("com.fasterxml.jackson.databind.json",`
`214`	`213`	`["JsonMapper$Builder", "JsonMapper"]) and`
`215`		`- fromNode.asExpr() = [q, q.(VarAccess).getVariable().getAnAccess()] and`
	`214`	`+ fromNode.asExpr() = q and`
`216`	`215`	`ma = toNode.asExpr()`
`217`	`216`	`)`
`218`	`217`	`}`