Module UnsafeDeserializationQuery
Provides classes and predicates for finding deserialization vulnerabilities.
Import path
import semmle.code.java.security.UnsafeDeserializationQuery
Imports
FlowSources | Provides classes representing various flow sources for taint tracking. |
Predicates
getASafeFlexjsonUseCall | Gets a safe usage of the |
isSafeFlexjsonDeserializer | Holds if |
looksLikeResolveClassStep | Holds if |
resolveClassStep | Holds if |
unsafeDeserialization | Holds if |
Classes
UnsafeDeserializationSink | A sink for unsafe deserialization. |
Modules
SafeObjectMapperConfig | Tracks flow from calls that set a type validator to a subsequent Jackson deserialization method call, including across builder method calls. |
UnsafeTypeConfig | Tracks flow from a remote source to a type descriptor (e.g. a |
Aliases
EnableJacksonDefaultTypingFlow | Tracks flow from |
SafeObjectMapperFlow | Tracks flow from calls that set a type validator to a subsequent Jackson deserialization method call, including across builder method calls. |
UnsafeDeserializationFlow | Constructs a global taint tracking computation. |
UnsafeTypeFlow | Tracks flow from a remote source to a type descriptor (e.g. a |