Java: add missing QLDoc for JacksonSerializability.qll

yo-h · yo-h · commit 6c8a016ca609 · 2020-05-11T20:01:45.000-04:00
diff --git a/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll b/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
@@ -9,6 +9,9 @@ import semmle.code.java.Reflection
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.DataFlow5
 
+/**
+ * A `@com.fasterxml.jackson.annotation.JsonIgnore` annoation.
+ */
 class JacksonJSONIgnoreAnnotation extends NonReflectiveAnnotation {
   JacksonJSONIgnoreAnnotation() {
     exists(AnnotationType anntp | anntp = this.getType() |
@@ -17,6 +20,7 @@ class JacksonJSONIgnoreAnnotation extends NonReflectiveAnnotation {
   }
 }
 
+/** A type whose values may be serialized using the Jackson JSON framework. */
 abstract class JacksonSerializableType extends Type { }
 
 /**
@@ -34,6 +38,7 @@ library class JacksonWriteValueMethod extends Method {
   }
 }
 
+/** A type whose values are explicitly serialized in a call to a Jackson method. */
 library class ExplicitlyWrittenJacksonSerializableType extends JacksonSerializableType {
   ExplicitlyWrittenJacksonSerializableType() {
     exists(MethodAccess ma |
@@ -45,12 +50,14 @@ library class ExplicitlyWrittenJacksonSerializableType extends JacksonSerializab
   }
 }
 
+/** A type used in a `JacksonSerializableField` declaration. */
 library class FieldReferencedJacksonSerializableType extends JacksonSerializableType {
   FieldReferencedJacksonSerializableType() {
     exists(JacksonSerializableField f | usesType(f.getType(), this))
   }
 }
 
+/** A type whose values may be deserialized by the Jackson JSON framework. */
 abstract class JacksonDeserializableType extends Type { }
 
 private class TypeLiteralToJacksonDatabindFlowConfiguration extends DataFlow5::Configuration {
@@ -76,6 +83,7 @@ private class TypeLiteralToJacksonDatabindFlowConfiguration extends DataFlow5::C
   TypeLiteral getSourceWithFlowToJacksonDatabind() { hasFlow(DataFlow::exprNode(result), _) }
 }
 
+/** A type whose values are explicitly deserialized in a call to a Jackson method. */
 library class ExplicitlyReadJacksonDeserializableType extends JacksonDeserializableType {
   ExplicitlyReadJacksonDeserializableType() {
     exists(TypeLiteralToJacksonDatabindFlowConfiguration conf |
@@ -84,12 +92,14 @@ library class ExplicitlyReadJacksonDeserializableType extends JacksonDeserializa
   }
 }
 
+/** A type used in a `JacksonDeserializableField` declaration. */
 library class FieldReferencedJacksonDeSerializableType extends JacksonDeserializableType {
   FieldReferencedJacksonDeSerializableType() {
     exists(JacksonDeserializableField f | usesType(f.getType(), this))
   }
 }
 
+/** A field that may be serialized using the Jackson JSON framework. */
 class JacksonSerializableField extends SerializableField {
   JacksonSerializableField() {
     exists(JacksonSerializableType superType |
@@ -101,6 +111,7 @@ class JacksonSerializableField extends SerializableField {
   }
 }
 
+/** A field that may be deserialized using the Jackson JSON framework. */
 class JacksonDeserializableField extends DeserializableField {
   JacksonDeserializableField() {
     exists(JacksonDeserializableType superType |
@@ -183,6 +194,7 @@ class JacksonMixinType extends ClassOrInterface {
   }
 }
 
+/** A callable used as a Jackson mixin callable. */
 class JacksonMixedInCallable extends Callable {
   JacksonMixedInCallable() {
     exists(JacksonMixinType mixinType | this = mixinType.getAMixedInCallable())

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,9 @@ import semmle.code.java.Reflection`
`9`	`9`	`import semmle.code.java.dataflow.DataFlow`
`10`	`10`	`import semmle.code.java.dataflow.DataFlow5`
`11`	`11`
	`12`	`+/**`
	`13`	+ * A `@com.fasterxml.jackson.annotation.JsonIgnore` annoation.
	`14`	`+ */`
`12`	`15`	`class JacksonJSONIgnoreAnnotation extends NonReflectiveAnnotation {`
`13`	`16`	`JacksonJSONIgnoreAnnotation() {`
`14`	`17`	`exists(AnnotationType anntp \| anntp = this.getType() \|`
`@@ -17,6 +20,7 @@ class JacksonJSONIgnoreAnnotation extends NonReflectiveAnnotation {`
`17`	`20`	`}`
`18`	`21`	`}`
`19`	`22`
	`23`	`+/** A type whose values may be serialized using the Jackson JSON framework. */`
`20`	`24`	`abstract class JacksonSerializableType extends Type { }`
`21`	`25`
`22`	`26`	`/**`
`@@ -34,6 +38,7 @@ library class JacksonWriteValueMethod extends Method {`
`34`	`38`	`}`
`35`	`39`	`}`
`36`	`40`
	`41`	`+/** A type whose values are explicitly serialized in a call to a Jackson method. */`
`37`	`42`	`library class ExplicitlyWrittenJacksonSerializableType extends JacksonSerializableType {`
`38`	`43`	`ExplicitlyWrittenJacksonSerializableType() {`
`39`	`44`	`exists(MethodAccess ma \|`
`@@ -45,12 +50,14 @@ library class ExplicitlyWrittenJacksonSerializableType extends JacksonSerializab`
`45`	`50`	`}`
`46`	`51`	`}`
`47`	`52`
	`53`	+/** A type used in a `JacksonSerializableField` declaration. */
`48`	`54`	`library class FieldReferencedJacksonSerializableType extends JacksonSerializableType {`
`49`	`55`	`FieldReferencedJacksonSerializableType() {`
`50`	`56`	`exists(JacksonSerializableField f \| usesType(f.getType(), this))`
`51`	`57`	`}`
`52`	`58`	`}`
`53`	`59`
	`60`	`+/** A type whose values may be deserialized by the Jackson JSON framework. */`
`54`	`61`	`abstract class JacksonDeserializableType extends Type { }`
`55`	`62`
`56`	`63`	`private class TypeLiteralToJacksonDatabindFlowConfiguration extends DataFlow5::Configuration {`
`@@ -76,6 +83,7 @@ private class TypeLiteralToJacksonDatabindFlowConfiguration extends DataFlow5::C`
`76`	`83`	`TypeLiteral getSourceWithFlowToJacksonDatabind() { hasFlow(DataFlow::exprNode(result), _) }`
`77`	`84`	`}`
`78`	`85`
	`86`	`+/** A type whose values are explicitly deserialized in a call to a Jackson method. */`
`79`	`87`	`library class ExplicitlyReadJacksonDeserializableType extends JacksonDeserializableType {`
`80`	`88`	`ExplicitlyReadJacksonDeserializableType() {`
`81`	`89`	`exists(TypeLiteralToJacksonDatabindFlowConfiguration conf \|`
`@@ -84,12 +92,14 @@ library class ExplicitlyReadJacksonDeserializableType extends JacksonDeserializa`
`84`	`92`	`}`
`85`	`93`	`}`
`86`	`94`
	`95`	+/** A type used in a `JacksonDeserializableField` declaration. */
`87`	`96`	`library class FieldReferencedJacksonDeSerializableType extends JacksonDeserializableType {`
`88`	`97`	`FieldReferencedJacksonDeSerializableType() {`
`89`	`98`	`exists(JacksonDeserializableField f \| usesType(f.getType(), this))`
`90`	`99`	`}`
`91`	`100`	`}`
`92`	`101`
	`102`	`+/** A field that may be serialized using the Jackson JSON framework. */`
`93`	`103`	`class JacksonSerializableField extends SerializableField {`
`94`	`104`	`JacksonSerializableField() {`
`95`	`105`	`exists(JacksonSerializableType superType \|`
`@@ -101,6 +111,7 @@ class JacksonSerializableField extends SerializableField {`
`101`	`111`	`}`
`102`	`112`	`}`
`103`	`113`
	`114`	`+/** A field that may be deserialized using the Jackson JSON framework. */`
`104`	`115`	`class JacksonDeserializableField extends DeserializableField {`
`105`	`116`	`JacksonDeserializableField() {`
`106`	`117`	`exists(JacksonDeserializableType superType \|`
`@@ -183,6 +194,7 @@ class JacksonMixinType extends ClassOrInterface {`
`183`	`194`	`}`
`184`	`195`	`}`
`185`	`196`
	`197`	`+/** A callable used as a Jackson mixin callable. */`
`186`	`198`	`class JacksonMixedInCallable extends Callable {`
`187`	`199`	`JacksonMixedInCallable() {`
`188`	`200`	`exists(JacksonMixinType mixinType \| this = mixinType.getAMixedInCallable())`