@@ -25,57 +25,57 @@ class XMLDecoderReadObjectMethod extends Method {
2525 }
2626}
2727
28- class ObjectMapperReadMethod extends Method {
28+ private class ObjectMapperReadMethod extends Method {
2929 ObjectMapperReadMethod ( ) {
3030 this .getDeclaringType ( ) instanceof ObjectMapper and
3131 this .hasName ( [ "readValue" , "readValues" , "treeToValue" ] )
3232 }
3333}
3434
35- class ObjectMapper extends RefType {
35+ private class ObjectMapper extends RefType {
3636 ObjectMapper ( ) {
3737 getASupertype * ( ) .hasQualifiedName ( "com.fasterxml.jackson.databind" , "ObjectMapper" )
3838 }
3939}
4040
41- class MapperBuilder extends RefType {
41+ private class MapperBuilder extends RefType {
4242 MapperBuilder ( ) {
4343 hasQualifiedName ( "com.fasterxml.jackson.databind.cfg" , "MapperBuilder<JsonMapper,Builder>" )
4444 }
4545}
4646
47- class JsonFactory extends RefType {
47+ private class JsonFactory extends RefType {
4848 JsonFactory ( ) { hasQualifiedName ( "com.fasterxml.jackson.core" , "JsonFactory" ) }
4949}
5050
51- class JsonParser extends RefType {
51+ private class JsonParser extends RefType {
5252 JsonParser ( ) { hasQualifiedName ( "com.fasterxml.jackson.core" , "JsonParser" ) }
5353}
5454
55- class JacksonType extends RefType {
56- JacksonType ( ) {
55+ private class JacksonTypeDescriptorType extends RefType {
56+ JacksonTypeDescriptorType ( ) {
5757 this instanceof TypeClass or
5858 hasQualifiedName ( "com.fasterxml.jackson.databind" , "JavaType" ) or
5959 hasQualifiedName ( "com.fasterxml.jackson.core.type" , "TypeReference" )
6060 }
6161}
6262
63- class EnableJacksonDefaultTyping extends MethodAccess {
63+ private class EnableJacksonDefaultTyping extends MethodAccess {
6464 EnableJacksonDefaultTyping ( ) {
6565 this .getMethod ( ) .getDeclaringType ( ) instanceof ObjectMapper and
6666 this .getMethod ( ) .hasName ( "enableDefaultTyping" )
6767 }
6868}
6969
70- class ObjectMapperReadSink extends DataFlow:: ExprNode {
70+ private class ObjectMapperReadSink extends DataFlow:: ExprNode {
7171 ObjectMapperReadSink ( ) {
7272 exists ( MethodAccess ma | ma .getQualifier ( ) = this .asExpr ( ) |
7373 ma .getMethod ( ) instanceof ObjectMapperReadMethod
7474 )
7575 }
7676}
7777
78- class SetPolymorphicTypeValidatorSource extends DataFlow:: ExprNode {
78+ private class SetPolymorphicTypeValidatorSource extends DataFlow:: ExprNode {
7979 SetPolymorphicTypeValidatorSource ( ) {
8080 exists ( MethodAccess ma , Method m , Expr q | m = ma .getMethod ( ) and q = ma .getQualifier ( ) |
8181 (
@@ -181,8 +181,8 @@ class SafeKryo extends DataFlow2::Configuration {
181181 }
182182}
183183
184- class EnabledJacksonDefaultTyping extends DataFlow2:: Configuration {
185- EnabledJacksonDefaultTyping ( ) { this = "EnabledJacksonDefaultTyping " }
184+ private class EnableJacksonDefaultTypingConfig extends DataFlow2:: Configuration {
185+ EnableJacksonDefaultTypingConfig ( ) { this = "EnableJacksonDefaultTypingConfig " }
186186
187187 override predicate isSource ( DataFlow:: Node src ) {
188188 any ( EnableJacksonDefaultTyping ma ) .getQualifier ( ) = src .asExpr ( )
@@ -191,8 +191,8 @@ class EnabledJacksonDefaultTyping extends DataFlow2::Configuration {
191191 override predicate isSink ( DataFlow:: Node sink ) { sink instanceof ObjectMapperReadSink }
192192}
193193
194- class SafeObjectMapper extends DataFlow2:: Configuration {
195- SafeObjectMapper ( ) { this = "SafeObjectMapper " }
194+ private class SafeObjectMapperConfig extends DataFlow2:: Configuration {
195+ SafeObjectMapperConfig ( ) { this = "SafeObjectMapperConfig " }
196196
197197 override predicate isSource ( DataFlow:: Node src ) {
198198 src instanceof SetPolymorphicTypeValidatorSource
@@ -205,27 +205,27 @@ class SafeObjectMapper extends DataFlow2::Configuration {
205205 * that configures or creates an `ObjectMapper` via a builder.
206206 */
207207 override predicate isAdditionalFlowStep ( DataFlow:: Node fromNode , DataFlow:: Node toNode ) {
208- exists ( MethodAccess ma , Method m , Expr q | m = ma .getMethod ( ) and q = ma . getQualifier ( ) |
208+ exists ( MethodAccess ma , Method m | m = ma .getMethod ( ) |
209209 m .getDeclaringType ( ) instanceof MapperBuilder and
210210 m .getReturnType ( )
211211 .( RefType )
212212 .hasQualifiedName ( "com.fasterxml.jackson.databind.json" ,
213213 [ "JsonMapper$Builder" , "JsonMapper" ] ) and
214- fromNode .asExpr ( ) = q and
214+ fromNode .asExpr ( ) = ma . getQualifier ( ) and
215215 ma = toNode .asExpr ( )
216216 )
217217 }
218218}
219219
220- class UnsafeType extends TaintTracking2:: Configuration {
221- UnsafeType ( ) { this = "UnsafeType " }
220+ private class UnsafeTypeConfig extends TaintTracking2:: Configuration {
221+ UnsafeTypeConfig ( ) { this = "UnsafeTypeConfig " }
222222
223223 override predicate isSource ( DataFlow:: Node src ) { src instanceof RemoteFlowSource }
224224
225225 override predicate isSink ( DataFlow:: Node sink ) {
226226 exists ( MethodAccess ma , int i , Expr arg | i > 0 and ma .getArgument ( i ) = arg |
227227 ma .getMethod ( ) instanceof ObjectMapperReadMethod and
228- arg .getType ( ) instanceof JacksonType and
228+ arg .getType ( ) instanceof JacksonTypeDescriptorType and
229229 arg = sink .asExpr ( )
230230 )
231231 }
@@ -235,7 +235,7 @@ class UnsafeType extends TaintTracking2::Configuration {
235235 */
236236 override predicate isAdditionalTaintStep ( DataFlow:: Node fromNode , DataFlow:: Node toNode ) {
237237 exists ( MethodAccess ma , RefType returnType | returnType = ma .getMethod ( ) .getReturnType ( ) |
238- returnType instanceof JacksonType and
238+ returnType instanceof JacksonTypeDescriptorType and
239239 ma .getAnArgument ( ) = fromNode .asExpr ( ) and
240240 ma = toNode .asExpr ( )
241241 )
@@ -277,7 +277,7 @@ predicate createJacksonTreeNodeStep(DataFlow::Node fromNode, DataFlow::Node toNo
277277 * Holds if `type` or one of its supertypes has a field with `JsonTypeInfo` annotation
278278 * that enables polymorphic type handling.
279279 */
280- predicate hasJsonTypeInfoAnnotation ( RefType type ) {
280+ private predicate hasJsonTypeInfoAnnotation ( RefType type ) {
281281 hasFieldWithJsonTypeAnnotation ( type .getASupertype * ( ) ) or
282282 hasFieldWithJsonTypeAnnotation ( type .getAField ( ) .getType ( ) )
283283}
@@ -286,7 +286,7 @@ predicate hasJsonTypeInfoAnnotation(RefType type) {
286286 * Holds if `type` has a field with `JsonTypeInfo` annotation
287287 * that enables polymorphic type handling.
288288 */
289- predicate hasFieldWithJsonTypeAnnotation ( RefType type ) {
289+ private predicate hasFieldWithJsonTypeAnnotation ( RefType type ) {
290290 exists ( Annotation a |
291291 type .getAField ( ) .getAnAnnotation ( ) = a and
292292 a .getType ( ) .hasQualifiedName ( "com.fasterxml.jackson.annotation" , "JsonTypeInfo" ) and
@@ -346,15 +346,15 @@ predicate unsafeDeserialization(MethodAccess ma, Expr sink) {
346346 ma .getMethod ( ) instanceof ObjectMapperReadMethod and
347347 sink = ma .getArgument ( 0 ) and
348348 (
349- exists ( UnsafeType config | config .hasFlowToExpr ( ma .getAnArgument ( ) ) )
349+ exists ( UnsafeTypeConfig config | config .hasFlowToExpr ( ma .getAnArgument ( ) ) )
350350 or
351- exists ( EnabledJacksonDefaultTyping config | config .hasFlowToExpr ( ma .getQualifier ( ) ) )
351+ exists ( EnableJacksonDefaultTypingConfig config | config .hasFlowToExpr ( ma .getQualifier ( ) ) )
352352 or
353353 exists ( RefType argType , int i | i > 0 and argType = ma .getArgument ( i ) .getType ( ) |
354354 hasJsonTypeInfoAnnotation ( argType .( ParameterizedType ) .getATypeArgument ( ) )
355355 )
356356 ) and
357- not exists ( SafeObjectMapper config | config .hasFlowToExpr ( ma .getQualifier ( ) ) )
357+ not exists ( SafeObjectMapperConfig config | config .hasFlowToExpr ( ma .getQualifier ( ) ) )
358358 )
359359}
360360
0 commit comments