CodeQL library for Java/Kotlin
codeql/java-all 4.2.1 (changelog, source)
Search

Predicate unsafeDeserialization

Holds if ma is a call that deserializes data from sink.

Import path

import semmle.code.java.security.UnsafeDeserializationQuery
predicate unsafeDeserialization(MethodCall ma, Expr sink)