-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathcom.fasterxml.jackson.databind.model.yml
More file actions
19 lines (19 loc) · 1.63 KB
/
com.fasterxml.jackson.databind.model.yml
File metadata and controls
19 lines (19 loc) · 1.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
extensions:
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["com.fasterxml.jackson.databind", "ObjectMapper", True, "convertValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["com.fasterxml.jackson.databind", "ObjectMapper", False, "createParser", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["com.fasterxml.jackson.databind", "ObjectMapper", True, "readTree", "(URL)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] # result is remote, but only user-controlled if the URL is
- ["com.fasterxml.jackson.databind", "ObjectMapper", True, "readValue", "(InputStream,Class)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["com.fasterxml.jackson.databind", "ObjectMapper", True, "valueToTree", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["com.fasterxml.jackson.databind", "ObjectMapper", True, "valueToTree", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
- ["com.fasterxml.jackson.databind", "ObjectMapper", True, "valueToTree", "", "", "Argument[0].MapValue.Element", "ReturnValue", "taint", "manual"]
- ["com.fasterxml.jackson.databind", "ObjectReader", False, "createParser", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["com.fasterxml.jackson.databind", "ObjectMapper", True, "readValue", "(File,Class)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["com.fasterxml.jackson.databind", "ObjectMapper", True, "writeValue", "(File,Object)", "", "Argument[0]", "path-injection", "ai-manual"]