CodeQL library for Java/Kotlin
codeql/java-all 0.8.3 (changelog, source)
Index
Search

Predicate createJacksonJsonParserStep

Holds if fromNode to toNode is a dataflow step that creates a Jackson parser.

For example, a createParser(userString) call yields a JsonParser, which becomes dangerous if passed to an unsafely-configured ObjectMapper’s readValue method.

Import path

import semmle.code.java.frameworks.Jackson
predicate createJacksonJsonParserStep(Node fromNode, Node toNode)