Skip to content

Commit 94234b8

Browse files
author
edvraa
committed
Rename ObjectMethodSink to InstanceMethodSink
1 parent ac29184 commit 94234b8

File tree

2 files changed

+17
-17
lines changed

2 files changed

+17
-17
lines changed

csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
import csharp
1414
import semmle.code.csharp.security.dataflow.UnsafeDeserialization::UnsafeDeserialization
1515

16-
from Call deserializeCall, ObjectMethodSink sink
16+
from Call deserializeCall, InstanceMethodSink sink
1717
where
1818
deserializeCall.getAnArgument() = sink.asExpr() and
1919
not exists(

csharp/ql/src/semmle/code/csharp/security/dataflow/UnsafeDeserialization.qll

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ module UnsafeDeserialization {
1616
/**
1717
* A data flow sink for unsafe deserialization vulnerabilities.
1818
*/
19-
abstract class ObjectMethodSink extends DataFlow::Node { }
19+
abstract class InstanceMethodSink extends DataFlow::Node { }
2020

2121
/**
2222
* A data flow sink for unsafe deserialization vulnerabilities.
@@ -36,7 +36,7 @@ module UnsafeDeserialization {
3636

3737
override predicate isSource(DataFlow::Node source) { source instanceof Source }
3838

39-
override predicate isSink(DataFlow::Node sink) { sink instanceof ObjectMethodSink }
39+
override predicate isSink(DataFlow::Node sink) { sink instanceof InstanceMethodSink }
4040

4141
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
4242
}
@@ -133,7 +133,7 @@ module UnsafeDeserialization {
133133
)
134134
}
135135

136-
abstract class BinaryFormatterSink extends ObjectMethodSink { }
136+
abstract class BinaryFormatterSink extends InstanceMethodSink { }
137137

138138
class BinaryFormatterDeserializeMethodSink extends BinaryFormatterSink {
139139
BinaryFormatterDeserializeMethodSink() {
@@ -151,7 +151,7 @@ module UnsafeDeserialization {
151151
not mc.getArgument(0).hasValue()
152152
}
153153

154-
abstract class SoapFormatterSink extends ObjectMethodSink { }
154+
abstract class SoapFormatterSink extends InstanceMethodSink { }
155155

156156
class SoapFormatterDeserializeMethodSink extends SoapFormatterSink {
157157
SoapFormatterDeserializeMethodSink() {
@@ -169,7 +169,7 @@ module UnsafeDeserialization {
169169
not mc.getArgument(0).hasValue()
170170
}
171171

172-
abstract class ObjectStateFormatterSink extends ObjectMethodSink { }
172+
abstract class ObjectStateFormatterSink extends InstanceMethodSink { }
173173

174174
class ObjectStateFormatterDeserializeMethodSink extends ObjectStateFormatterSink {
175175
ObjectStateFormatterDeserializeMethodSink() {
@@ -192,7 +192,7 @@ module UnsafeDeserialization {
192192
)
193193
}
194194

195-
abstract class NetDataContractSerializerSink extends ObjectMethodSink { }
195+
abstract class NetDataContractSerializerSink extends InstanceMethodSink { }
196196

197197
class NetDataContractSerializerDeserializeMethodSink extends NetDataContractSerializerSink {
198198
NetDataContractSerializerDeserializeMethodSink() {
@@ -210,7 +210,7 @@ module UnsafeDeserialization {
210210
not mc.getArgument(0).hasValue()
211211
}
212212

213-
abstract class DataContractJsonSerializerSink extends ObjectMethodSink { }
213+
abstract class DataContractJsonSerializerSink extends InstanceMethodSink { }
214214

215215
class DataContractJsonSerializerDeserializeMethodSink extends DataContractJsonSerializerSink {
216216
DataContractJsonSerializerDeserializeMethodSink() {
@@ -253,7 +253,7 @@ module UnsafeDeserialization {
253253
)
254254
}
255255

256-
abstract class JavaScriptSerializerSink extends ObjectMethodSink { }
256+
abstract class JavaScriptSerializerSink extends InstanceMethodSink { }
257257

258258
class JavaScriptSerializerDeserializeMethodSink extends JavaScriptSerializerSink {
259259
JavaScriptSerializerDeserializeMethodSink() {
@@ -291,7 +291,7 @@ module UnsafeDeserialization {
291291
not mc.targetIsLocalInstance()
292292
}
293293

294-
abstract class XmlObjectSerializerSink extends ObjectMethodSink { }
294+
abstract class XmlObjectSerializerSink extends InstanceMethodSink { }
295295

296296
class XmlObjectSerializerDeserializeMethodSink extends XmlObjectSerializerSink {
297297
XmlObjectSerializerDeserializeMethodSink() {
@@ -333,7 +333,7 @@ module UnsafeDeserialization {
333333
not mc.getArgument(0).hasValue()
334334
}
335335

336-
abstract class XmlSerializerSink extends ObjectMethodSink { }
336+
abstract class XmlSerializerSink extends InstanceMethodSink { }
337337

338338
class XmlSerializerDeserializeMethodSink extends XmlSerializerSink {
339339
XmlSerializerDeserializeMethodSink() {
@@ -374,7 +374,7 @@ module UnsafeDeserialization {
374374
not mc.getArgument(0).hasValue()
375375
}
376376

377-
abstract class DataContractSerializerSink extends ObjectMethodSink { }
377+
abstract class DataContractSerializerSink extends InstanceMethodSink { }
378378

379379
class DataContractSerializerDeserializeMethodSink extends DataContractSerializerSink {
380380
DataContractSerializerDeserializeMethodSink() {
@@ -412,7 +412,7 @@ module UnsafeDeserialization {
412412
not mc.getArgument(0).hasValue()
413413
}
414414

415-
abstract class XmlMessageFormatterSink extends ObjectMethodSink { }
415+
abstract class XmlMessageFormatterSink extends InstanceMethodSink { }
416416

417417
class XmlMessageFormatterDeserializeMethodSink extends XmlMessageFormatterSink {
418418
XmlMessageFormatterDeserializeMethodSink() {
@@ -450,7 +450,7 @@ module UnsafeDeserialization {
450450
not mc.getArgument(0).hasValue()
451451
}
452452

453-
abstract class LosFormatterSink extends ObjectMethodSink { }
453+
abstract class LosFormatterSink extends InstanceMethodSink { }
454454

455455
class LosFormatterDeserializeMethodSink extends LosFormatterSink {
456456
LosFormatterDeserializeMethodSink() {
@@ -486,7 +486,7 @@ module UnsafeDeserialization {
486486
not mc.getArgument(0).hasValue()
487487
}
488488

489-
abstract class ActivitySink extends ObjectMethodSink { }
489+
abstract class ActivitySink extends InstanceMethodSink { }
490490

491491
class ActivityDeserializeMethodSink extends ActivitySink {
492492
ActivityDeserializeMethodSink() {
@@ -522,7 +522,7 @@ module UnsafeDeserialization {
522522
not mc.getArgument(0).hasValue()
523523
}
524524

525-
abstract class BinaryMessageFormatterSink extends ObjectMethodSink { }
525+
abstract class BinaryMessageFormatterSink extends InstanceMethodSink { }
526526

527527
class BinaryMessageFormatterDeserializeMethodSink extends BinaryMessageFormatterSink {
528528
BinaryMessageFormatterDeserializeMethodSink() {
@@ -568,7 +568,7 @@ module UnsafeDeserialization {
568568
not mc.getArgument(0).hasValue()
569569
}
570570

571-
abstract class ProxyObjectSink extends ObjectMethodSink { }
571+
abstract class ProxyObjectSink extends InstanceMethodSink { }
572572

573573
class ProxyObjectDeserializeMethodSink extends ProxyObjectSink {
574574
ProxyObjectDeserializeMethodSink() {

0 commit comments

Comments
 (0)