Import UnsafeDeserializationQuery in unsafeDeserialization.ql

artem-smotrakov · artem-smotrakov · commit 158a75e5a13d · 2021-07-20T10:14:50.000+02:00
diff --git a/java/ql/src/semmle/code/java/security/UnsafeDeserializationQuery.qll b/java/ql/src/semmle/code/java/security/UnsafeDeserializationQuery.qll
@@ -121,7 +121,10 @@ private class SafeKryo extends DataFlow2::Configuration {
   }
 }
 
-private predicate unsafeDeserialization(MethodAccess ma, Expr sink) {
+/**
+ * Holds if `ma` is a call that triggers deserialization with tainted data from `sink`.
+ */
+predicate unsafeDeserialization(MethodAccess ma, Expr sink) {
   exists(Method m | m = ma.getMethod() |
     m instanceof ObjectInputStreamReadObjectMethod and
     sink = ma.getQualifier() and
diff --git a/java/ql/test/library-tests/UnsafeDeserialization/unsafeDeserialization.ql b/java/ql/test/library-tests/UnsafeDeserialization/unsafeDeserialization.ql
@@ -1,5 +1,5 @@
 import default
-import semmle.code.java.security.UnsafeDeserialization
+import semmle.code.java.security.UnsafeDeserializationQuery
 
 from Method m, MethodAccess ma
 where ma.getMethod() = m and unsafeDeserialization(ma, _)

Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,10 @@ private class SafeKryo extends DataFlow2::Configuration {`
`121`	`121`	`}`
`122`	`122`	`}`
`123`	`123`
`124`		`-private predicate unsafeDeserialization(MethodAccess ma, Expr sink) {`
	`124`	`+/**`
	`125`	+ * Holds if `ma` is a call that triggers deserialization with tainted data from `sink`.
	`126`	`+ */`
	`127`	`+predicate unsafeDeserialization(MethodAccess ma, Expr sink) {`
`125`	`128`	`exists(Method m \| m = ma.getMethod() \|`
`126`	`129`	`m instanceof ObjectInputStreamReadObjectMethod and`
`127`	`130`	`sink = ma.getQualifier() and`