Hardening suggestions for codemodder-java / ISS-2215/convert-remediat…

…ors (#461) I've reviewed the recently opened PR ([460 - Converted some remediators to new API](#460)) and have identified some area(s) that could benefit from additional hardening measures. These changes should help prevent potential security vulnerabilities and improve overall code quality. Thank you for your consideration! 🧚🤖 Powered by Pixeebot [Feedback](https://ask.pixee.ai/feedback) | [Community](https://pixee-community.slack.com/signup#/domain-signup) | [Docs](https://docs.pixee.ai/) ![](https://d1zaessa2hpsmj.cloudfront.net/pixel/v1/track?writeKey=2PI43jNm7atYvAuK7rJUz3Kcd6A&event=PR_HARDENING%7Cpixee%2Fcodemodder-java%7C5a118b8f3662cfca9b96b81697993b2216be657e) --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> Co-authored-by: pixeebot[bot] <pixeebot[bot]@users.noreply.github.com>
pixee · Oct 21, 2024 · fbe740b · fbe740b
1 parent 422adc6
commit fbe740b
Showing 1 changed file with 0 additions and 19 deletions.
diff --git a/...in/java/io/codemodder/remediation/javadeserialization/JavaDeserializationFixStrategy.java b/...in/java/io/codemodder/remediation/javadeserialization/JavaDeserializationFixStrategy.java
@@ -9,19 +9,14 @@
 import com.github.javaparser.ast.expr.MethodCallExpr;
 import com.github.javaparser.ast.expr.NameExpr;
 import com.github.javaparser.ast.expr.ObjectCreationExpr;
-import io.codemodder.CodemodChange;
 import io.codemodder.DependencyGAV;
 import io.codemodder.Either;
 import io.codemodder.ast.ASTs;
 import io.codemodder.ast.LocalDeclaration;
-import io.codemodder.codetf.DetectorRule;
-import io.codemodder.codetf.FixedFinding;
 import io.codemodder.remediation.*;
 import io.github.pixee.security.ObjectInputFilters;
 import java.util.List;
 import java.util.Optional;
-import java.util.function.Function;
-import org.jetbrains.annotations.NotNull;
 
 /** Default strategy to hardens deserialization vulnerabilities. */
 public final class JavaDeserializationFixStrategy implements RemediationStrategy {
@@ -99,20 +94,6 @@ public SuccessOrReason fix(final CompilationUnit cu, final Node node) {
     return SuccessOrReason.success(List.of(DependencyGAV.JAVA_SECURITY_TOOLKIT));
   }
 
-  /**
-   * Build a {@link io.codemodder.CodemodChange} for this code change that fixes the given issues.
-   */
-  private static <T> @NotNull CodemodChange buildFixChange(
-      final DetectorRule detectorRule,
-      final Function<T, String> getKey,
-      final Function<T, Integer> getLine,
-      final List<T> issues) {
-    return CodemodChange.from(
-        getLine.apply(issues.get(0)),
-        List.of(DependencyGAV.JAVA_SECURITY_TOOLKIT),
-        issues.stream().map(i -> new FixedFinding(getKey.apply(i), detectorRule)).toList());
-  }
-
   private void fixObjectInputStreamCreation(final ObjectCreationExpr objCreation) {
     replace(objCreation)
         .withStaticMethod(ObjectInputFilters.class.getName(), "createSafeObjectInputStream")