CodeQL library for Java/Kotlin
codeql/java-all 4.1.1 (changelog, source)
Search

Predicate looksLikeResolveClassStep

Holds if fromNode to toNode is a dataflow step that looks like resolving a class. A method probably resolves a class if it takes a string, returns a type descriptor, and its name contains “resolve”, “load”, etc.

Any method call that satisfies the rule above is assumed to propagate taint from its string arguments, so methods that accept user-controlled data but sanitize it or use it for some completely different purpose before returning a type descriptor could result in false positives.

Import path

import semmle.code.java.security.UnsafeDeserializationQuery
predicate looksLikeResolveClassStep(Node fromNode, Node toNode)