Skip to content

Commit 363ad5b

Browse files
haby0haby0
committed
Fix error
1 parent 3dd851f commit 363ad5b

File tree

1 file changed

+79
-14
lines changed

1 file changed

+79
-14
lines changed

java/ql/test/query-tests/security/CWE-502/UnsafeDeserialization.expected

Lines changed: 79 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,30 +1,53 @@
11
edges
2+
| A.java:13:31:13:51 | getInputStream(...) : InputStream | A.java:14:50:14:60 | inputStream : InputStream |
23
| A.java:13:31:13:51 | getInputStream(...) : InputStream | A.java:15:12:15:13 | in |
4+
| A.java:14:28:14:61 | new ObjectInputStream(...) : ObjectInputStream | A.java:15:12:15:13 | in |
5+
| A.java:14:50:14:60 | inputStream : InputStream | A.java:14:28:14:61 | new ObjectInputStream(...) : ObjectInputStream |
6+
| A.java:19:31:19:51 | getInputStream(...) : InputStream | A.java:20:50:20:60 | inputStream : InputStream |
37
| A.java:19:31:19:51 | getInputStream(...) : InputStream | A.java:21:12:21:13 | in |
4-
| A.java:25:31:25:51 | getInputStream(...) : InputStream | A.java:27:12:27:12 | d |
5-
| A.java:32:31:32:51 | getInputStream(...) : InputStream | A.java:34:23:34:28 | reader |
6-
| A.java:39:29:39:49 | getInputStream(...) : InputStream | A.java:40:28:40:32 | input |
7-
| A.java:39:29:39:49 | getInputStream(...) : InputStream | A.java:41:34:41:38 | input |
8-
| A.java:39:29:39:49 | getInputStream(...) : InputStream | A.java:42:40:42:44 | input |
8+
| A.java:20:28:20:61 | new ObjectInputStream(...) : ObjectInputStream | A.java:21:12:21:13 | in |
9+
| A.java:20:50:20:60 | inputStream : InputStream | A.java:20:28:20:61 | new ObjectInputStream(...) : ObjectInputStream |
10+
| A.java:25:31:25:51 | getInputStream(...) : InputStream | A.java:26:35:26:45 | inputStream : InputStream |
11+
| A.java:26:20:26:46 | new XMLDecoder(...) : XMLDecoder | A.java:27:12:27:12 | d |
12+
| A.java:26:35:26:45 | inputStream : InputStream | A.java:26:20:26:46 | new XMLDecoder(...) : XMLDecoder |
13+
| A.java:32:31:32:51 | getInputStream(...) : InputStream | A.java:33:43:33:53 | inputStream : InputStream |
14+
| A.java:33:21:33:54 | new InputStreamReader(...) : InputStreamReader | A.java:34:23:34:28 | reader |
15+
| A.java:33:43:33:53 | inputStream : InputStream | A.java:33:21:33:54 | new InputStreamReader(...) : InputStreamReader |
16+
| A.java:39:19:39:50 | new Input(...) : Input | A.java:40:28:40:32 | input |
17+
| A.java:39:19:39:50 | new Input(...) : Input | A.java:41:34:41:38 | input |
18+
| A.java:39:19:39:50 | new Input(...) : Input | A.java:42:40:42:44 | input |
19+
| A.java:39:29:39:49 | getInputStream(...) : InputStream | A.java:39:19:39:50 | new Input(...) : Input |
920
| A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:61:26:61:30 | input |
1021
| A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:62:30:62:34 | input |
11-
| A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:63:28:63:55 | new InputStreamReader(...) |
22+
| A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:63:50:63:54 | input : InputStream |
1223
| A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:64:24:64:28 | input |
13-
| A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:65:24:65:51 | new InputStreamReader(...) |
24+
| A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:65:46:65:50 | input : InputStream |
25+
| A.java:63:50:63:54 | input : InputStream | A.java:63:28:63:55 | new InputStreamReader(...) |
26+
| A.java:65:46:65:50 | input : InputStream | A.java:65:24:65:51 | new InputStreamReader(...) |
1427
| A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:71:26:71:30 | input |
1528
| A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:72:30:72:34 | input |
16-
| A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:73:28:73:55 | new InputStreamReader(...) |
29+
| A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:73:50:73:54 | input : InputStream |
1730
| A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:74:24:74:28 | input |
18-
| A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:75:24:75:51 | new InputStreamReader(...) |
31+
| A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:75:46:75:50 | input : InputStream |
32+
| A.java:73:50:73:54 | input : InputStream | A.java:73:28:73:55 | new InputStreamReader(...) |
33+
| A.java:75:46:75:50 | input : InputStream | A.java:75:24:75:51 | new InputStreamReader(...) |
1934
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:91:26:91:30 | input |
2035
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:92:30:92:34 | input |
21-
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:93:28:93:55 | new InputStreamReader(...) |
36+
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:93:50:93:54 | input : InputStream |
2237
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:94:24:94:28 | input |
23-
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:95:24:95:51 | new InputStreamReader(...) |
38+
| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:95:46:95:50 | input : InputStream |
39+
| A.java:93:50:93:54 | input : InputStream | A.java:93:28:93:55 | new InputStreamReader(...) |
40+
| A.java:95:46:95:50 | input : InputStream | A.java:95:24:95:51 | new InputStreamReader(...) |
2441
| B.java:7:31:7:51 | getInputStream(...) : InputStream | B.java:8:29:8:39 | inputStream |
25-
| B.java:12:31:12:51 | getInputStream(...) : InputStream | B.java:15:23:15:27 | bytes |
26-
| B.java:19:31:19:51 | getInputStream(...) : InputStream | B.java:23:29:23:29 | s |
27-
| B.java:27:31:27:51 | getInputStream(...) : InputStream | B.java:31:23:31:23 | s |
42+
| B.java:12:31:12:51 | getInputStream(...) : InputStream | B.java:14:5:14:15 | inputStream : InputStream |
43+
| B.java:14:5:14:15 | inputStream : InputStream | B.java:14:22:14:26 | bytes [post update] : byte[] |
44+
| B.java:14:22:14:26 | bytes [post update] : byte[] | B.java:15:23:15:27 | bytes |
45+
| B.java:19:31:19:51 | getInputStream(...) : InputStream | B.java:21:5:21:15 | inputStream : InputStream |
46+
| B.java:21:5:21:15 | inputStream : InputStream | B.java:21:22:21:26 | bytes [post update] : byte[] |
47+
| B.java:21:22:21:26 | bytes [post update] : byte[] | B.java:23:29:23:29 | s |
48+
| B.java:27:31:27:51 | getInputStream(...) : InputStream | B.java:29:5:29:15 | inputStream : InputStream |
49+
| B.java:29:5:29:15 | inputStream : InputStream | B.java:29:22:29:26 | bytes [post update] : byte[] |
50+
| B.java:29:22:29:26 | bytes [post update] : byte[] | B.java:31:23:31:23 | s |
2851
| C.java:23:17:23:44 | getParameter(...) : String | C.java:24:13:24:16 | data |
2952
| C.java:23:17:23:44 | getParameter(...) : String | C.java:25:19:25:22 | data |
3053
| C.java:23:17:23:44 | getParameter(...) : String | C.java:26:25:26:28 | data |
@@ -38,23 +61,46 @@ edges
3861
| C.java:51:17:51:44 | getParameter(...) : String | C.java:53:3:53:3 | r |
3962
| C.java:51:17:51:44 | getParameter(...) : String | C.java:54:3:54:3 | r |
4063
| C.java:51:17:51:44 | getParameter(...) : String | C.java:55:3:55:3 | r |
64+
| C.java:60:18:60:45 | getParameter(...) : String | C.java:61:55:61:59 | bytes : byte[] |
4165
| C.java:60:18:60:45 | getParameter(...) : String | C.java:63:3:63:14 | hessianInput |
4266
| C.java:60:18:60:45 | getParameter(...) : String | C.java:64:3:64:14 | hessianInput |
67+
| C.java:61:30:61:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | C.java:63:3:63:14 | hessianInput |
68+
| C.java:61:30:61:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | C.java:64:3:64:14 | hessianInput |
69+
| C.java:61:55:61:59 | bytes : byte[] | C.java:61:30:61:60 | new ByteArrayInputStream(...) : ByteArrayInputStream |
70+
| C.java:69:18:69:45 | getParameter(...) : String | C.java:70:55:70:59 | bytes : byte[] |
4371
| C.java:69:18:69:45 | getParameter(...) : String | C.java:72:3:72:14 | hessianInput |
4472
| C.java:69:18:69:45 | getParameter(...) : String | C.java:73:3:73:14 | hessianInput |
73+
| C.java:70:30:70:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | C.java:72:3:72:14 | hessianInput |
74+
| C.java:70:30:70:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | C.java:73:3:73:14 | hessianInput |
75+
| C.java:70:55:70:59 | bytes : byte[] | C.java:70:30:70:60 | new ByteArrayInputStream(...) : ByteArrayInputStream |
4576
| C.java:79:43:79:70 | getParameter(...) : String | C.java:79:26:79:71 | new StringReader(...) |
77+
| C.java:84:27:84:54 | getParameter(...) : String | C.java:85:54:85:67 | serializedData : byte[] |
4678
| C.java:84:27:84:54 | getParameter(...) : String | C.java:87:3:87:13 | burlapInput |
4779
| C.java:84:27:84:54 | getParameter(...) : String | C.java:91:3:91:14 | burlapInput1 |
80+
| C.java:85:29:85:68 | new ByteArrayInputStream(...) : ByteArrayInputStream | C.java:87:3:87:13 | burlapInput |
81+
| C.java:85:29:85:68 | new ByteArrayInputStream(...) : ByteArrayInputStream | C.java:91:3:91:14 | burlapInput1 |
82+
| C.java:85:54:85:67 | serializedData : byte[] | C.java:85:29:85:68 | new ByteArrayInputStream(...) : ByteArrayInputStream |
4883
| TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) |
84+
| TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | TestMessageBodyReader.java:22:40:22:51 | entityStream : InputStream |
85+
| TestMessageBodyReader.java:22:40:22:51 | entityStream : InputStream | TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) |
4986
nodes
5087
| A.java:13:31:13:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
88+
| A.java:14:28:14:61 | new ObjectInputStream(...) : ObjectInputStream | semmle.label | new ObjectInputStream(...) : ObjectInputStream |
89+
| A.java:14:50:14:60 | inputStream : InputStream | semmle.label | inputStream : InputStream |
5190
| A.java:15:12:15:13 | in | semmle.label | in |
5291
| A.java:19:31:19:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
92+
| A.java:20:28:20:61 | new ObjectInputStream(...) : ObjectInputStream | semmle.label | new ObjectInputStream(...) : ObjectInputStream |
93+
| A.java:20:50:20:60 | inputStream : InputStream | semmle.label | inputStream : InputStream |
5394
| A.java:21:12:21:13 | in | semmle.label | in |
5495
| A.java:25:31:25:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
96+
| A.java:26:20:26:46 | new XMLDecoder(...) : XMLDecoder | semmle.label | new XMLDecoder(...) : XMLDecoder |
97+
| A.java:26:35:26:45 | inputStream : InputStream | semmle.label | inputStream : InputStream |
5598
| A.java:27:12:27:12 | d | semmle.label | d |
5699
| A.java:32:31:32:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
100+
| A.java:33:21:33:54 | new InputStreamReader(...) : InputStreamReader | semmle.label | new InputStreamReader(...) : InputStreamReader |
101+
| A.java:33:43:33:53 | inputStream : InputStream | semmle.label | inputStream : InputStream |
57102
| A.java:34:23:34:28 | reader | semmle.label | reader |
103+
| A.java:39:19:39:50 | new Input(...) : Input | semmle.label | new Input(...) : Input |
58104
| A.java:39:29:39:49 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
59105
| A.java:40:28:40:32 | input | semmle.label | input |
60106
| A.java:41:34:41:38 | input | semmle.label | input |
@@ -63,27 +109,39 @@ nodes
63109
| A.java:61:26:61:30 | input | semmle.label | input |
64110
| A.java:62:30:62:34 | input | semmle.label | input |
65111
| A.java:63:28:63:55 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
112+
| A.java:63:50:63:54 | input : InputStream | semmle.label | input : InputStream |
66113
| A.java:64:24:64:28 | input | semmle.label | input |
67114
| A.java:65:24:65:51 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
115+
| A.java:65:46:65:50 | input : InputStream | semmle.label | input : InputStream |
68116
| A.java:70:25:70:45 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
69117
| A.java:71:26:71:30 | input | semmle.label | input |
70118
| A.java:72:30:72:34 | input | semmle.label | input |
71119
| A.java:73:28:73:55 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
120+
| A.java:73:50:73:54 | input : InputStream | semmle.label | input : InputStream |
72121
| A.java:74:24:74:28 | input | semmle.label | input |
73122
| A.java:75:24:75:51 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
123+
| A.java:75:46:75:50 | input : InputStream | semmle.label | input : InputStream |
74124
| A.java:90:25:90:45 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
75125
| A.java:91:26:91:30 | input | semmle.label | input |
76126
| A.java:92:30:92:34 | input | semmle.label | input |
77127
| A.java:93:28:93:55 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
128+
| A.java:93:50:93:54 | input : InputStream | semmle.label | input : InputStream |
78129
| A.java:94:24:94:28 | input | semmle.label | input |
79130
| A.java:95:24:95:51 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
131+
| A.java:95:46:95:50 | input : InputStream | semmle.label | input : InputStream |
80132
| B.java:7:31:7:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
81133
| B.java:8:29:8:39 | inputStream | semmle.label | inputStream |
82134
| B.java:12:31:12:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
135+
| B.java:14:5:14:15 | inputStream : InputStream | semmle.label | inputStream : InputStream |
136+
| B.java:14:22:14:26 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
83137
| B.java:15:23:15:27 | bytes | semmle.label | bytes |
84138
| B.java:19:31:19:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
139+
| B.java:21:5:21:15 | inputStream : InputStream | semmle.label | inputStream : InputStream |
140+
| B.java:21:22:21:26 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
85141
| B.java:23:29:23:29 | s | semmle.label | s |
86142
| B.java:27:31:27:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
143+
| B.java:29:5:29:15 | inputStream : InputStream | semmle.label | inputStream : InputStream |
144+
| B.java:29:22:29:26 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
87145
| B.java:31:23:31:23 | s | semmle.label | s |
88146
| C.java:23:17:23:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
89147
| C.java:24:13:24:16 | data | semmle.label | data |
@@ -102,18 +160,25 @@ nodes
102160
| C.java:54:3:54:3 | r | semmle.label | r |
103161
| C.java:55:3:55:3 | r | semmle.label | r |
104162
| C.java:60:18:60:45 | getParameter(...) : String | semmle.label | getParameter(...) : String |
163+
| C.java:61:30:61:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | semmle.label | new ByteArrayInputStream(...) : ByteArrayInputStream |
164+
| C.java:61:55:61:59 | bytes : byte[] | semmle.label | bytes : byte[] |
105165
| C.java:63:3:63:14 | hessianInput | semmle.label | hessianInput |
106166
| C.java:64:3:64:14 | hessianInput | semmle.label | hessianInput |
107167
| C.java:69:18:69:45 | getParameter(...) : String | semmle.label | getParameter(...) : String |
168+
| C.java:70:30:70:60 | new ByteArrayInputStream(...) : ByteArrayInputStream | semmle.label | new ByteArrayInputStream(...) : ByteArrayInputStream |
169+
| C.java:70:55:70:59 | bytes : byte[] | semmle.label | bytes : byte[] |
108170
| C.java:72:3:72:14 | hessianInput | semmle.label | hessianInput |
109171
| C.java:73:3:73:14 | hessianInput | semmle.label | hessianInput |
110172
| C.java:79:26:79:71 | new StringReader(...) | semmle.label | new StringReader(...) |
111173
| C.java:79:43:79:70 | getParameter(...) : String | semmle.label | getParameter(...) : String |
112174
| C.java:84:27:84:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
175+
| C.java:85:29:85:68 | new ByteArrayInputStream(...) : ByteArrayInputStream | semmle.label | new ByteArrayInputStream(...) : ByteArrayInputStream |
176+
| C.java:85:54:85:67 | serializedData : byte[] | semmle.label | serializedData : byte[] |
113177
| C.java:87:3:87:13 | burlapInput | semmle.label | burlapInput |
114178
| C.java:91:3:91:14 | burlapInput1 | semmle.label | burlapInput1 |
115179
| TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | semmle.label | entityStream : InputStream |
116180
| TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) | semmle.label | new ObjectInputStream(...) |
181+
| TestMessageBodyReader.java:22:40:22:51 | entityStream : InputStream | semmle.label | entityStream : InputStream |
117182
#select
118183
| A.java:15:12:15:26 | readObject(...) | A.java:13:31:13:51 | getInputStream(...) : InputStream | A.java:15:12:15:13 | in | Unsafe deserialization of $@. | A.java:13:31:13:51 | getInputStream(...) | user input |
119184
| A.java:21:12:21:28 | readUnshared(...) | A.java:19:31:19:51 | getInputStream(...) : InputStream | A.java:21:12:21:13 | in | Unsafe deserialization of $@. | A.java:19:31:19:51 | getInputStream(...) | user input |

0 commit comments

Comments
 (0)