CodeQL library for Java/Kotlin
codeql/java-all 0.8.3 (changelog, source)
Index
Search

Module Jackson

Provides classes and predicates for working with the Jackson serialization framework.

Import path

import semmle.code.java.frameworks.Jackson

Imports

java

Provides all default Java QL imports.

Predicates

createJacksonJsonParserStep

Holds if fromNode to toNode is a dataflow step that creates a Jackson parser.

createJacksonTreeNodeStep

Holds if fromNode to toNode is a dataflow step that creates a Jackson TreeNode.

hasArgumentWithUnsafeJacksonAnnotation

Holds if call is a method call to a Jackson deserialization method such as ObjectMapper.readValue(String, Class), and the target deserialized class has a field with a JsonTypeInfo annotation that enables polymorphic typing.

Classes

EnableJacksonDefaultTyping

A call that enables the default typing in ObjectMapper.

JacksonTypeDescriptorType

A type descriptor in Jackson libraries. For example, java.lang.Class.

MapperBuilder

A builder for building Jackson’s JsonMapper.

ObjectMapperReadMethod

A method in ObjectMapper that deserialize data.

ObjectMapperReadQualifier

A qualifier of a call to one of the methods in ObjectMapper that deserialize data.

SetPolymorphicTypeValidatorSource

A source that sets a type validator.