@@ -67,23 +67,6 @@ private class JacksonReadValueMethod extends Method, TaintPreservingCallable {
6767 override predicate returnsTaintFrom ( int arg ) { arg = 0 }
6868}
6969
70- /**
71- * A method used for creating a `JsonParser` object using Jackson. The first parameter is the object to
72- * create the `JsonParser` from.
73- */
74- private class JacksonCreateParserMethod extends Method , TaintPreservingCallable {
75- JacksonCreateParserMethod ( ) {
76- (
77- getDeclaringType ( ) .hasQualifiedName ( "com.fasterxml.jackson.core" , "JsonFactory" ) or
78- getDeclaringType ( ) .hasQualifiedName ( "com.fasterxml.jackson.databind" , "ObjectMapper" ) or
79- getDeclaringType ( ) .hasQualifiedName ( "com.fasterxml.jackson.databind" , "ObjectReader" )
80- ) and
81- hasName ( "createParser" )
82- }
83-
84- override predicate returnsTaintFrom ( int arg ) { arg = 0 }
85- }
86-
8770/** A type whose values are explicitly serialized in a call to a Jackson method. */
8871private class ExplicitlyWrittenJacksonSerializableType extends JacksonSerializableType {
8972 ExplicitlyWrittenJacksonSerializableType ( ) {
@@ -302,7 +285,10 @@ private class JacksonModel extends SummaryModelCsv {
302285 [
303286 "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;Argument[0];ReturnValue;taint" ,
304287 "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;MapValue of Argument[0];ReturnValue;taint" ,
305- "com.fasterxml.jackson.databind;ObjectMapper;true;convertValue;;;Argument[0];ReturnValue;taint"
288+ "com.fasterxml.jackson.databind;ObjectMapper;true;convertValue;;;Argument[0];ReturnValue;taint" ,
289+ "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" ,
290+ "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" ,
291+ "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint"
306292 ]
307293 }
308294}
0 commit comments