Merge pull request #7279 from hvitved/csharp/json-net-fix-summaries

hvitved · web-flow · commit aad55ffbd656 · 2021-12-01T13:15:10.000+01:00
C#: Fix `Newtonsoft.Json.JsonSerializer.{Deserialize,Serialize}` summaries
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/JsonNET.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/JsonNET.qll
@@ -153,14 +153,14 @@ module JsonNET {
       // Serialize
       c = this.getSerializeMethod() and
       preservesValue = false and
-      source = any(CallableFlowSourceArg arg | arg.getArgumentIndex() = 0) and
-      sink = any(CallableFlowSinkArg arg | arg.getArgumentIndex() = 1)
+      source = any(CallableFlowSourceArg arg | arg.getArgumentIndex() = 1) and
+      sink = any(CallableFlowSinkArg arg | arg.getArgumentIndex() = 0)
       or
       // Deserialize
       c = this.getDeserializeMethod() and
       preservesValue = false and
       source = any(CallableFlowSourceArg arg | arg.getArgumentIndex() = 0) and
-      sink = any(CallableFlowSinkArg arg | arg.getArgumentIndex() = 1)
+      sink instanceof CallableFlowSinkReturn
     }
   }
 
