Update java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll

JLLeitschuh · atorralba · web-flow · commit 48b50f93c27c · 2021-05-12T08:58:01.000-04:00
Co-authored-by: Tony Torralba &lt;atorralba@users.noreply.github.com&gt;
diff --git a/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll b/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
@@ -53,7 +53,10 @@ private class JacksonWriteValueMethod extends Method, TaintPreservingCallable {
 
 private class JacksonReadValueMethod extends Method, TaintPreservingCallable {
   JacksonReadValueMethod() {
-    getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectReader") and
+    (
+      getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectReader") or
+      getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectMapper")
+    ) and
     hasName(["readValue", "readValues"])
   }
 
