Module UnsafeDeserializationQuery
Provides classes and predicates for finding deserialization vulnerabilities.
Import path
import semmle.code.java.security.UnsafeDeserializationQuery
Imports
FlowSources |
Provides classes representing various flow sources for taint tracking. |
Predicates
getASafeFlexjsonUseCall |
Gets a safe usage of the |
isSafeFlexjsonDeserializer |
Holds if |
looksLikeResolveClassStep |
Holds if |
resolveClassStep |
Holds if |
unsafeDeserialization |
Holds if |
Classes
EnableJacksonDefaultTypingConfig |
Tracks flow from |
SafeObjectMapperConfig |
Tracks flow from calls that set a type validator to a subsequent Jackson deserialization method call, including across builder method calls. |
UnsafeDeserializationConfig |
Tracks flows from remote user input to a deserialization sink. |
UnsafeDeserializationSink |
A sink for unsafe deserialization. |
UnsafeTypeConfig |
Tracks flow from a remote source to a type descriptor (e.g. a |