File tree Expand file tree Collapse file tree 1 file changed +7
-1
lines changed
java/ql/lib/semmle/code/java/security Expand file tree Collapse file tree 1 file changed +7
-1
lines changed Original file line number Diff line number Diff line change @@ -145,6 +145,10 @@ private class DefaultUnsafeDeserializationSink extends DataFlow::Node {
145145 DefaultUnsafeDeserializationSink ( ) { sinkNode ( this , "unsafe-deserialization" ) }
146146}
147147
148+ private class ExternalUnsafeDeserializationSanitizer extends DataFlow:: Node {
149+ ExternalUnsafeDeserializationSanitizer ( ) { barrierNode ( this , "unsafe-deserialization" ) }
150+ }
151+
148152/**
149153 * Holds if `ma` is a call that deserializes data from `sink`.
150154 *
@@ -308,7 +312,9 @@ private module UnsafeDeserializationConfig implements DataFlow::ConfigSig {
308312 isUnsafeDeserializationTaintStep ( pred , succ )
309313 }
310314
311- predicate isBarrier ( DataFlow:: Node node ) { isUnsafeDeserializationSanitizer ( node ) }
315+ predicate isBarrier ( DataFlow:: Node node ) {
316+ isUnsafeDeserializationSanitizer ( node ) or node instanceof ExternalUnsafeDeserializationSanitizer
317+ }
312318
313319 predicate observeDiffInformedIncrementalMode ( ) { any ( ) }
314320
You can’t perform that action at this time.
0 commit comments