Apply suggestions from code review

artem-smotrakov · smowton · artem-smotrakov · commit e02530749b45 · 2021-07-19T11:52:12.000+02:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/src/semmle/code/java/frameworks/JacksonQuery.qll b/java/ql/src/semmle/code/java/frameworks/JacksonQuery.qll
@@ -5,7 +5,6 @@
 import java
 import semmle.code.java.Reflection
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.TaintTracking2
 
 private class ObjectMapper extends RefType {
diff --git a/java/ql/src/semmle/code/java/security/UnsafeDeserializationQuery.qll b/java/ql/src/semmle/code/java/security/UnsafeDeserializationQuery.qll
@@ -1,5 +1,4 @@
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 import semmle.code.java.frameworks.Kryo
 import semmle.code.java.frameworks.XStream
 import semmle.code.java.frameworks.SnakeYaml
diff --git a/java/ql/test/query-tests/security/CWE-502/UnsafeDeserialization.ql b/java/ql/test/query-tests/security/CWE-502/UnsafeDeserialization.ql
@@ -9,8 +9,8 @@ class UnsafeDeserializationTest extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "unsafeDeserialization" and
-    exists(DataFlow::Node src, DataFlow::Node sink, UnsafeDeserializationConfig conf |
-      conf.hasFlow(src, sink)
+    exists(DataFlow::Node sink, UnsafeDeserializationConfig conf |
+      conf.hasFlowTo(sink)
     |
       sink.getLocation() = location and
       element = sink.toString() and

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`	`1`	`import semmle.code.java.dataflow.FlowSources`
`2`		`-import semmle.code.java.dataflow.TaintTracking2`
`3`	`2`	`import semmle.code.java.frameworks.Kryo`
`4`	`3`	`import semmle.code.java.frameworks.XStream`
`5`	`4`	`import semmle.code.java.frameworks.SnakeYaml`