Skip to content

Commit 50497eb

Browse files
artem-smotrakovartem-smotrakov
committed
Make imports as private as possible
1 parent 158a75e commit 50497eb

File tree

2 files changed

+18
-18
lines changed

2 files changed

+18
-18
lines changed

java/ql/src/semmle/code/java/frameworks/Jackson.qll

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,8 @@
33
*/
44

55
import java
6-
import semmle.code.java.Reflection
7-
import semmle.code.java.dataflow.FlowSources
8-
import semmle.code.java.dataflow.TaintTracking2
6+
private import semmle.code.java.Reflection
7+
private import semmle.code.java.dataflow.DataFlow
98

109
private class ObjectMapper extends RefType {
1110
ObjectMapper() {
@@ -28,7 +27,7 @@ private class JsonParser extends RefType {
2827
JsonParser() { hasQualifiedName("com.fasterxml.jackson.core", "JsonParser") }
2928
}
3029

31-
/** Type descriptors in Jackson libraries. */
30+
/** A type descriptor in Jackson libraries. */
3231
class JacksonTypeDescriptorType extends RefType {
3332
JacksonTypeDescriptorType() {
3433
this instanceof TypeClass or
@@ -37,7 +36,7 @@ class JacksonTypeDescriptorType extends RefType {
3736
}
3837
}
3938

40-
/** Methods in `ObjectMapper` that deserialize data. */
39+
/** A method in `ObjectMapper` that deserialize data. */
4140
class ObjectMapperReadMethod extends Method {
4241
ObjectMapperReadMethod() {
4342
this.getDeclaringType() instanceof ObjectMapper and

java/ql/src/semmle/code/java/security/UnsafeDeserializationQuery.qll

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -3,18 +3,19 @@
33
*/
44

55
import semmle.code.java.dataflow.FlowSources
6-
import semmle.code.java.frameworks.Kryo
7-
import semmle.code.java.frameworks.XStream
8-
import semmle.code.java.frameworks.SnakeYaml
9-
import semmle.code.java.frameworks.FastJson
10-
import semmle.code.java.frameworks.JYaml
11-
import semmle.code.java.frameworks.JsonIo
12-
import semmle.code.java.frameworks.YamlBeans
13-
import semmle.code.java.frameworks.HessianBurlap
14-
import semmle.code.java.frameworks.Castor
15-
import semmle.code.java.frameworks.Jackson
16-
import semmle.code.java.frameworks.apache.Lang
17-
import semmle.code.java.Reflection
6+
private import semmle.code.java.dataflow.TaintTracking2
7+
private import semmle.code.java.frameworks.Kryo
8+
private import semmle.code.java.frameworks.XStream
9+
private import semmle.code.java.frameworks.SnakeYaml
10+
private import semmle.code.java.frameworks.FastJson
11+
private import semmle.code.java.frameworks.JYaml
12+
private import semmle.code.java.frameworks.JsonIo
13+
private import semmle.code.java.frameworks.YamlBeans
14+
private import semmle.code.java.frameworks.HessianBurlap
15+
private import semmle.code.java.frameworks.Castor
16+
private import semmle.code.java.frameworks.Jackson
17+
private import semmle.code.java.frameworks.apache.Lang
18+
private import semmle.code.java.Reflection
1819

1920
private class ObjectInputStreamReadObjectMethod extends Method {
2021
ObjectInputStreamReadObjectMethod() {
@@ -190,7 +191,7 @@ predicate unsafeDeserialization(MethodAccess ma, Expr sink) {
190191
class UnsafeDeserializationSink extends DataFlow::ExprNode {
191192
UnsafeDeserializationSink() { unsafeDeserialization(_, this.getExpr()) }
192193

193-
/** Get a call that triggers unsafe deserialization. */
194+
/** Returns a call that triggers unsafe deserialization. */
194195
MethodAccess getMethodAccess() { unsafeDeserialization(result, this.getExpr()) }
195196
}
196197

0 commit comments

Comments
 (0)