CodeQL library for Java
codeql/java-all 0.6.1 ( changelog , source )
Index
Search

Predicate createJacksonJsonParserStep

Holds if fromNode to toNode is a dataflow step that creates a Jackson parser.

For example, a createParser(userString) call yields a JsonParser, which becomes dangerous if passed to an unsafely-configured ObjectMapper’s readValue method.

Import path

import semmle.code.java.frameworks.Jackson
predicate createJacksonJsonParserStep ( Node fromNode , Node toNode )