Predicate looksLikeResolveClassStep
Holds if fromNode
to toNode
is a dataflow step that looks like resolving a class.
A method probably resolves a class if it takes a string, returns a type descriptor,
and its name contains “resolve”, “load”, etc.
Any method call that satisfies the rule above is assumed to propagate taint from its string arguments, so methods that accept user-controlled data but sanitize it or use it for some completely different purpose before returning a type descriptor could result in false positives.
Import path
import semmle.code.java.security.UnsafeDeserializationQuery
predicate looksLikeResolveClassStep(Node fromNode, Node toNode)