File tree Expand file tree Collapse file tree
java/ql/src/Security/CWE/CWE-502 Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -22,9 +22,9 @@ class UnsafeDeserializationConfig extends TaintTracking::Configuration {
2222
2323 override predicate isSink ( DataFlow:: Node sink ) { sink instanceof UnsafeDeserializationSink }
2424
25- override predicate isAdditionalTaintStep ( DataFlow:: Node prod , DataFlow:: Node succ ) {
25+ override predicate isAdditionalTaintStep ( DataFlow:: Node pred , DataFlow:: Node succ ) {
2626 exists ( ClassInstanceExpr cie |
27- cie .getArgument ( 0 ) = prod .asExpr ( ) and
27+ cie .getArgument ( 0 ) = pred .asExpr ( ) and
2828 cie = succ .asExpr ( ) and
2929 (
3030 cie .getConstructor ( ) .getDeclaringType ( ) instanceof JsonIoJsonReader or
@@ -36,7 +36,7 @@ class UnsafeDeserializationConfig extends TaintTracking::Configuration {
3636 or
3737 exists ( MethodAccess ma |
3838 ma .getMethod ( ) instanceof BurlapInputInitMethod and
39- ma .getArgument ( 0 ) = prod .asExpr ( ) and
39+ ma .getArgument ( 0 ) = pred .asExpr ( ) and
4040 ma .getQualifier ( ) = succ .asExpr ( )
4141 )
4242 }
You can’t perform that action at this time.
0 commit comments