CodeQL library for Java
codeql/java-all 0.3.2 (changelog, source)
Search

Predicate hasArgumentWithUnsafeJacksonAnnotation

Holds if call is a method call to a Jackson deserialization method such as ObjectMapper.readValue(String, Class), and the target deserialized class has a field with a JsonTypeInfo annotation that enables polymorphic typing.

Import path

import semmle.code.java.frameworks.Jackson
predicate hasArgumentWithUnsafeJacksonAnnotation(MethodAccess call)