Update java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll

atorralba · web-flow · commit 55280e523a7c · 2023-06-26T11:14:31.000+02:00
diff --git a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
@@ -29,7 +29,7 @@ private class ObjectInputStreamReadObjectMethod extends Method {
 }
 
 /**
- * A type coming from `ObjectInputStream` that makes it safe to deserialize untrusted data.
+ * A type extending `ObjectInputStream` that makes it safe to deserialize untrusted data.
  *
  * * See https://commons.apache.org/proper/commons-io/javadocs/api-2.5/org/apache/commons/io/serialization/ValidatingObjectInputStream.html
  * * See https://github.com/ikkisoft/SerialKiller

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ private class ObjectInputStreamReadObjectMethod extends Method {`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`/**`
`32`		- * A type coming from `ObjectInputStream` that makes it safe to deserialize untrusted data.
	`32`	+ * A type extending `ObjectInputStream` that makes it safe to deserialize untrusted data.
`33`	`33`	`*`
`34`	`34`	`* * See https://commons.apache.org/proper/commons-io/javadocs/api-2.5/org/apache/commons/io/serialization/ValidatingObjectInputStream.html`
`35`	`35`	`* * See https://github.com/ikkisoft/SerialKiller`