Module UnsafeTypeConfig

Tracks flow from a remote source to a type descriptor (e.g. a java.lang.Class instance) passed to a deserialization method.

If this is user-controlled, arbitrary code could be executed while instantiating the user-specified type.

Import path

import semmle.code.java.security.UnsafeDeserializationQuery

isAdditionalFlowStep	Holds if `fromNode` to `toNode` is a dataflow step that resolves a class or at least looks like resolving a class.
isSink	Holds if `sink` is a relevant data flow sink.
isSource	Holds if `source` is a relevant data flow source.