zbazztian · SummerSec · Mar 26, 2022 · Mar 26, 2022 · Mar 26, 2022 · Mar 26, 2022
diff --git a/java-debug-pack/source-and-sink-counts/java__non_https_url/query.ql b/java-debug-pack/source-and-sink-counts/java__non_https_url/query.ql
@@ -44,7 +44,7 @@ class HTTPStringToURLOpenMethodFlowConfig extends TaintTracking::Configuration {
 
   override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
     exists(UrlConstructorCall u |
-      node1.asExpr() = u.protocolArg() and
+      node1.asExpr() = u.getProtocolArg() and
       node2.asExpr() = u
     )
   }

diff --git a/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql b/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql
@@ -2,16 +2,10 @@
 
 import java
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.security.UnsafeDeserialization
+import semmle.code.java.security.UnsafeDeserializationQuery
 
 
-class UnsafeDeserializationConfig extends TaintTracking::Configuration {
-  UnsafeDeserializationConfig() { this = "UnsafeDeserializationConfig" }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeDeserializationSink }
-}
 
 from string type, int amount
 where exists(string qid | qid = "java/unsafe-deserialization" and (

diff --git a/java-debug-pack/sources-and-sinks/java__non_https_url/query.ql b/java-debug-pack/sources-and-sinks/java__non_https_url/query.ql
@@ -51,7 +51,7 @@ class HTTPStringToURLOpenMethodFlowConfig extends TaintTracking::Configuration {
 
   override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
     exists(UrlConstructorCall u |
-      node1.asExpr() = u.protocolArg() and
+      node1.asExpr() = u.getProtocolArg() and
       node2.asExpr() = u
     )
   }

diff --git a/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql b/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql
@@ -9,16 +9,10 @@
 
 import java
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.security.UnsafeDeserialization
+import semmle.code.java.security.UnsafeDeserializationQuery
 
 
-class UnsafeDeserializationConfig extends TaintTracking::Configuration {
-  UnsafeDeserializationConfig() { this = "UnsafeDeserializationConfig" }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeDeserializationSink }
-}
 
 from DataFlow::Node n, string type
 where exists(string qid | qid = "java/unsafe-deserialization" and (

diff --git a/process.py b/process.py
@@ -75,6 +75,7 @@ def get(array, i, default):
 def codeql(*args):
   args = [codeql_executable] + list(args)
   print(' '.join(args), flush=True)
+  output = None
   try:
     output = subprocess.run(
       args,
@@ -85,7 +86,8 @@ def codeql(*args):
   except subprocess.CalledProcessError as cpe:
     print('Command failed with exit code: ' + str(cpe.returncode))
     print('stdout:')
-    print(cpe.output.decode())
+    output = cpe.output
+    print(output.decode())
     print('stderr:')
     print(cpe.stderr.decode(), flush=True)
     raise