expected

haby0 · haby0 · commit 3dd851fffb39 · 2021-06-17T15:20:03.000+08:00
diff --git a/java/ql/test/query-tests/security/CWE-502/UnsafeDeserialization.expected b/java/ql/test/query-tests/security/CWE-502/UnsafeDeserialization.expected
@@ -1,53 +1,30 @@
 edges
-| A.java:13:31:13:51 | getInputStream(...) : InputStream | A.java:14:50:14:60 | inputStream : InputStream |
 | A.java:13:31:13:51 | getInputStream(...) : InputStream | A.java:15:12:15:13 | in |
-| A.java:14:28:14:61 | new ObjectInputStream(...) : ObjectInputStream | A.java:15:12:15:13 | in |
-| A.java:14:50:14:60 | inputStream : InputStream | A.java:14:28:14:61 | new ObjectInputStream(...) : ObjectInputStream |
-| A.java:19:31:19:51 | getInputStream(...) : InputStream | A.java:20:50:20:60 | inputStream : InputStream |
 | A.java:19:31:19:51 | getInputStream(...) : InputStream | A.java:21:12:21:13 | in |
-| A.java:20:28:20:61 | new ObjectInputStream(...) : ObjectInputStream | A.java:21:12:21:13 | in |
-| A.java:20:50:20:60 | inputStream : InputStream | A.java:20:28:20:61 | new ObjectInputStream(...) : ObjectInputStream |
-| A.java:25:31:25:51 | getInputStream(...) : InputStream | A.java:26:35:26:45 | inputStream : InputStream |
-| A.java:26:20:26:46 | new XMLDecoder(...) : XMLDecoder | A.java:27:12:27:12 | d |
-| A.java:26:35:26:45 | inputStream : InputStream | A.java:26:20:26:46 | new XMLDecoder(...) : XMLDecoder |
-| A.java:32:31:32:51 | getInputStream(...) : InputStream | A.java:33:43:33:53 | inputStream : InputStream |
-| A.java:33:21:33:54 | new InputStreamReader(...) : InputStreamReader | A.java:34:23:34:28 | reader |
-| A.java:33:43:33:53 | inputStream : InputStream | A.java:33:21:33:54 | new InputStreamReader(...) : InputStreamReader |
-| A.java:39:19:39:50 | new Input(...) : Input | A.java:40:28:40:32 | input |
-| A.java:39:19:39:50 | new Input(...) : Input | A.java:41:34:41:38 | input |
-| A.java:39:19:39:50 | new Input(...) : Input | A.java:42:40:42:44 | input |
-| A.java:39:29:39:49 | getInputStream(...) : InputStream | A.java:39:19:39:50 | new Input(...) : Input |
+| A.java:25:31:25:51 | getInputStream(...) : InputStream | A.java:27:12:27:12 | d |
+| A.java:32:31:32:51 | getInputStream(...) : InputStream | A.java:34:23:34:28 | reader |
+| A.java:39:29:39:49 | getInputStream(...) : InputStream | A.java:40:28:40:32 | input |
+| A.java:39:29:39:49 | getInputStream(...) : InputStream | A.java:41:34:41:38 | input |
+| A.java:39:29:39:49 | getInputStream(...) : InputStream | A.java:42:40:42:44 | input |
 | A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:61:26:61:30 | input |
 | A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:62:30:62:34 | input |
-| A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:63:50:63:54 | input : InputStream |
+| A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:63:28:63:55 | new InputStreamReader(...) |
 | A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:64:24:64:28 | input |
-| A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:65:46:65:50 | input : InputStream |
-| A.java:63:50:63:54 | input : InputStream | A.java:63:28:63:55 | new InputStreamReader(...) |
-| A.java:65:46:65:50 | input : InputStream | A.java:65:24:65:51 | new InputStreamReader(...) |
+| A.java:60:25:60:45 | getInputStream(...) : InputStream | A.java:65:24:65:51 | new InputStreamReader(...) |
 | A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:71:26:71:30 | input |
 | A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:72:30:72:34 | input |
-| A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:73:50:73:54 | input : InputStream |
+| A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:73:28:73:55 | new InputStreamReader(...) |
 | A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:74:24:74:28 | input |
-| A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:75:46:75:50 | input : InputStream |
-| A.java:73:50:73:54 | input : InputStream | A.java:73:28:73:55 | new InputStreamReader(...) |
-| A.java:75:46:75:50 | input : InputStream | A.java:75:24:75:51 | new InputStreamReader(...) |
+| A.java:70:25:70:45 | getInputStream(...) : InputStream | A.java:75:24:75:51 | new InputStreamReader(...) |
 | A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:91:26:91:30 | input |
 | A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:92:30:92:34 | input |
-| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:93:50:93:54 | input : InputStream |
+| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:93:28:93:55 | new InputStreamReader(...) |
 | A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:94:24:94:28 | input |
-| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:95:46:95:50 | input : InputStream |
-| A.java:93:50:93:54 | input : InputStream | A.java:93:28:93:55 | new InputStreamReader(...) |
-| A.java:95:46:95:50 | input : InputStream | A.java:95:24:95:51 | new InputStreamReader(...) |
+| A.java:90:25:90:45 | getInputStream(...) : InputStream | A.java:95:24:95:51 | new InputStreamReader(...) |
 | B.java:7:31:7:51 | getInputStream(...) : InputStream | B.java:8:29:8:39 | inputStream |
-| B.java:12:31:12:51 | getInputStream(...) : InputStream | B.java:14:5:14:15 | inputStream : InputStream |
-| B.java:14:5:14:15 | inputStream : InputStream | B.java:14:22:14:26 | bytes [post update] : byte[] |
-| B.java:14:22:14:26 | bytes [post update] : byte[] | B.java:15:23:15:27 | bytes |
-| B.java:19:31:19:51 | getInputStream(...) : InputStream | B.java:21:5:21:15 | inputStream : InputStream |
-| B.java:21:5:21:15 | inputStream : InputStream | B.java:21:22:21:26 | bytes [post update] : byte[] |
-| B.java:21:22:21:26 | bytes [post update] : byte[] | B.java:23:29:23:29 | s |
-| B.java:27:31:27:51 | getInputStream(...) : InputStream | B.java:29:5:29:15 | inputStream : InputStream |
-| B.java:29:5:29:15 | inputStream : InputStream | B.java:29:22:29:26 | bytes [post update] : byte[] |
-| B.java:29:22:29:26 | bytes [post update] : byte[] | B.java:31:23:31:23 | s |
+| B.java:12:31:12:51 | getInputStream(...) : InputStream | B.java:15:23:15:27 | bytes |
+| B.java:19:31:19:51 | getInputStream(...) : InputStream | B.java:23:29:23:29 | s |
+| B.java:27:31:27:51 | getInputStream(...) : InputStream | B.java:31:23:31:23 | s |
 | C.java:23:17:23:44 | getParameter(...) : String | C.java:24:13:24:16 | data |
 | C.java:23:17:23:44 | getParameter(...) : String | C.java:25:19:25:22 | data |
 | C.java:23:17:23:44 | getParameter(...) : String | C.java:26:25:26:28 | data |
@@ -69,26 +46,15 @@ edges
 | C.java:84:27:84:54 | getParameter(...) : String | C.java:87:3:87:13 | burlapInput |
 | C.java:84:27:84:54 | getParameter(...) : String | C.java:91:3:91:14 | burlapInput1 |
 | TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) |
-| TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | TestMessageBodyReader.java:22:40:22:51 | entityStream : InputStream |
-| TestMessageBodyReader.java:22:40:22:51 | entityStream : InputStream | TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) |
 nodes
 | A.java:13:31:13:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
-| A.java:14:28:14:61 | new ObjectInputStream(...) : ObjectInputStream | semmle.label | new ObjectInputStream(...) : ObjectInputStream |
-| A.java:14:50:14:60 | inputStream : InputStream | semmle.label | inputStream : InputStream |
 | A.java:15:12:15:13 | in | semmle.label | in |
 | A.java:19:31:19:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
-| A.java:20:28:20:61 | new ObjectInputStream(...) : ObjectInputStream | semmle.label | new ObjectInputStream(...) : ObjectInputStream |
-| A.java:20:50:20:60 | inputStream : InputStream | semmle.label | inputStream : InputStream |
 | A.java:21:12:21:13 | in | semmle.label | in |
 | A.java:25:31:25:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
-| A.java:26:20:26:46 | new XMLDecoder(...) : XMLDecoder | semmle.label | new XMLDecoder(...) : XMLDecoder |
-| A.java:26:35:26:45 | inputStream : InputStream | semmle.label | inputStream : InputStream |
 | A.java:27:12:27:12 | d | semmle.label | d |
 | A.java:32:31:32:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
-| A.java:33:21:33:54 | new InputStreamReader(...) : InputStreamReader | semmle.label | new InputStreamReader(...) : InputStreamReader |
-| A.java:33:43:33:53 | inputStream : InputStream | semmle.label | inputStream : InputStream |
 | A.java:34:23:34:28 | reader | semmle.label | reader |
-| A.java:39:19:39:50 | new Input(...) : Input | semmle.label | new Input(...) : Input |
 | A.java:39:29:39:49 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
 | A.java:40:28:40:32 | input | semmle.label | input |
 | A.java:41:34:41:38 | input | semmle.label | input |
@@ -97,39 +63,27 @@ nodes
 | A.java:61:26:61:30 | input | semmle.label | input |
 | A.java:62:30:62:34 | input | semmle.label | input |
 | A.java:63:28:63:55 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
-| A.java:63:50:63:54 | input : InputStream | semmle.label | input : InputStream |
 | A.java:64:24:64:28 | input | semmle.label | input |
 | A.java:65:24:65:51 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
-| A.java:65:46:65:50 | input : InputStream | semmle.label | input : InputStream |
 | A.java:70:25:70:45 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
 | A.java:71:26:71:30 | input | semmle.label | input |
 | A.java:72:30:72:34 | input | semmle.label | input |
 | A.java:73:28:73:55 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
-| A.java:73:50:73:54 | input : InputStream | semmle.label | input : InputStream |
 | A.java:74:24:74:28 | input | semmle.label | input |
 | A.java:75:24:75:51 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
-| A.java:75:46:75:50 | input : InputStream | semmle.label | input : InputStream |
 | A.java:90:25:90:45 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
 | A.java:91:26:91:30 | input | semmle.label | input |
 | A.java:92:30:92:34 | input | semmle.label | input |
 | A.java:93:28:93:55 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
-| A.java:93:50:93:54 | input : InputStream | semmle.label | input : InputStream |
 | A.java:94:24:94:28 | input | semmle.label | input |
 | A.java:95:24:95:51 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) |
-| A.java:95:46:95:50 | input : InputStream | semmle.label | input : InputStream |
 | B.java:7:31:7:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
 | B.java:8:29:8:39 | inputStream | semmle.label | inputStream |
 | B.java:12:31:12:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
-| B.java:14:5:14:15 | inputStream : InputStream | semmle.label | inputStream : InputStream |
-| B.java:14:22:14:26 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
 | B.java:15:23:15:27 | bytes | semmle.label | bytes |
 | B.java:19:31:19:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
-| B.java:21:5:21:15 | inputStream : InputStream | semmle.label | inputStream : InputStream |
-| B.java:21:22:21:26 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
 | B.java:23:29:23:29 | s | semmle.label | s |
 | B.java:27:31:27:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
-| B.java:29:5:29:15 | inputStream : InputStream | semmle.label | inputStream : InputStream |
-| B.java:29:22:29:26 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
 | B.java:31:23:31:23 | s | semmle.label | s |
 | C.java:23:17:23:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
 | C.java:24:13:24:16 | data | semmle.label | data |
@@ -160,7 +114,6 @@ nodes
 | C.java:91:3:91:14 | burlapInput1 | semmle.label | burlapInput1 |
 | TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | semmle.label | entityStream : InputStream |
 | TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) | semmle.label | new ObjectInputStream(...) |
-| TestMessageBodyReader.java:22:40:22:51 | entityStream : InputStream | semmle.label | entityStream : InputStream |
 #select
 | A.java:15:12:15:26 | readObject(...) | A.java:13:31:13:51 | getInputStream(...) : InputStream | A.java:15:12:15:13 | in | Unsafe deserialization of $@. | A.java:13:31:13:51 | getInputStream(...) | user input |
 | A.java:21:12:21:28 | readUnshared(...) | A.java:19:31:19:51 | getInputStream(...) : InputStream | A.java:21:12:21:13 | in | Unsafe deserialization of $@. | A.java:19:31:19:51 | getInputStream(...) | user input |
