Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e5f11d0

Browse files
egregius313egregius313
committed
Refactor CWE-502/UnsafeDeserialization
1 parent 434b1b3 commit e5f11d0

4 files changed

Lines changed: 257 additions & 117 deletions

File tree

java/ql/lib/semmle/code/java/frameworks/JsonIo.qll

Lines changed: 33 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,8 +42,12 @@ class JsonIoUseMapsSetter extends MethodAccess {
4242
}
4343
}
4444

45-
/** A data flow configuration tracing flow from JsonIo safe settings. */
46-
class SafeJsonIoConfig extends DataFlow2::Configuration {
45+
/**
46+
* DEPRECATED: Use `SafeJsonIoFlow` instead.
47+
*
48+
* A data flow configuration tracing flow from JsonIo safe settings.
49+
*/
50+
deprecated class SafeJsonIoConfig extends DataFlow2::Configuration {
4751
SafeJsonIoConfig() { this = "UnsafeDeserialization::SafeJsonIoConfig" }
4852

4953
override predicate isSource(DataFlow::Node src) {
@@ -65,3 +69,30 @@ class SafeJsonIoConfig extends DataFlow2::Configuration {
6569
)
6670
}
6771
}
72+
73+
/**
74+
* A data flow configuration tracing flow from JsonIo safe settings.
75+
*/
76+
module SafeJsonIoConfig implements DataFlow::ConfigSig {
77+
predicate isSource(DataFlow::Node src) {
78+
exists(MethodAccess ma |
79+
ma instanceof JsonIoUseMapsSetter and
80+
src.asExpr() = ma.getQualifier()
81+
)
82+
}
83+
84+
predicate isSink(DataFlow::Node sink) {
85+
exists(MethodAccess ma |
86+
ma.getMethod() instanceof JsonIoJsonToJavaMethod and
87+
sink.asExpr() = ma.getArgument(1)
88+
)
89+
or
90+
exists(ClassInstanceExpr cie |
91+
cie.getConstructor().getDeclaringType() instanceof JsonIoJsonReader and
92+
sink.asExpr() = cie.getArgument(1)
93+
)
94+
}
95+
}
96+
97+
/** Tracks flow from JsonIo safe settings. */
98+
module SafeJsonIoFlow = DataFlow::Global<SafeJsonIoConfig>;

0 commit comments

Comments
 (0)