From 0156fcc381f37f7773bd576ddf4277398f45f59d Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Fri, 21 Jul 2023 11:18:55 +0200
Subject: [PATCH] Apply suggestions from code review

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
---
 java/ql/lib/semmle/code/java/JDK.qll           |  6 +++---
 .../library-tests/dataflow/stream-read/A.java  | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/JDK.qll b/java/ql/lib/semmle/code/java/JDK.qll
index 59c132e16c9..c0c388f9308 100644
--- a/java/ql/lib/semmle/code/java/JDK.qll
+++ b/java/ql/lib/semmle/code/java/JDK.qll
@@ -232,10 +232,10 @@ private class InputStreamWrapperAnonymousStep extends AdditionalTaintStep {
  */
 private class InputStreamWrapperConstructorStep extends AdditionalTaintStep {
   override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
-    exists(ClassInstanceExpr cc, Argument a, AssignExpr ae |
+    exists(ClassInstanceExpr cc, Argument a, AssignExpr ae, int pos |
       cc.getConstructedType().getASourceSupertype+() instanceof TypeInputStream and
-      cc.getAnArgument() = a and
-      cc.getCallee().getParameter(a.getParameterPos()).getAnAccess() = ae.getRhs() and
+      cc.getArgument(pragma[only_bind_into](pos)) = a and
+      cc.getCallee().getParameter(pragma[only_bind_into](pos)).getAnAccess() = ae.getRhs() and
       ae.getDest().(FieldWrite).getField().getType().(RefType).getASourceSupertype*() instanceof
         TypeInputStream
     |
diff --git a/java/ql/test/library-tests/dataflow/stream-read/A.java b/java/ql/test/library-tests/dataflow/stream-read/A.java
index a1b208a898a..e66b99400d2 100644
--- a/java/ql/test/library-tests/dataflow/stream-read/A.java
+++ b/java/ql/test/library-tests/dataflow/stream-read/A.java
@@ -84,4 +84,22 @@ public class A {
         sink(wrapper); // $ hasTaintFlow
     }
 
+    public static InputStream wrapStream(InputStream in) {
+        return new InputStream() {
+            @Override
+            public int read() throws IOException {
+                return 0;
+            }
+
+            @Override
+            public int read(byte[] b) throws IOException {
+                return in.read(b);
+            }
+        };
+    }
+
+    public static void testWrapCall() {
+        sink(wrapStream(null)); // no flow
+        sink(wrapStream(source())); // $ hasTaintFlow
+    }
 }