Module SafeObjectMapperConfig
Tracks flow from calls that set a type validator to a subsequent Jackson deserialization method call, including across builder method calls.
Such a Jackson deserialization method call is safe because validation will likely prevent instantiating unexpected types.
Import path
import semmle.code.java.security.UnsafeDeserializationQuery
Predicates
isAdditionalFlowStep | Holds if |
isSink | Holds if |
isSource | Holds if |