Only consider store steps

2026-04-30 19:26:02 +02:00 · 2021-11-16 10:46:24 +01:00
parent fd9199c0c0
commit 0e6bb28016
2 changed files with 2 additions and 3 deletions
--- a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
+++ b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
@@ -158,9 +158,9 @@ class ParameterToReturnValueTaintConfig extends TaintTracking::Configuration {

  override predicate isSink(DataFlow::Node sink) { sink instanceof ReturnNode }

-  // track taint across objects so we consider factory methods returning newly tainted objects
+  // consider store steps to track taint across objects to model factory methods returning tainted objects
  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node2.asExpr().(ConstructorCall).getAnArgument() = node1.asExpr()
+    store(node1, _, node2, _)
  }

  override DataFlow::FlowFeature getAFeature() {
--- a/java/ql/test/utils/model-generator/CaptureSummaryModels.expected
+++ b/java/ql/test/utils/model-generator/CaptureSummaryModels.expected
@@ -44,4 +44,3 @@
 | p;Pojo;false;getValue;();;Argument[-1];ReturnValue;taint |
 | p;Pojo;false;setValue;(String);;Argument[0];Argument[-1];taint |
 | p;PrivateFlowViaPublicInterface;true;createAnSPI;(File);;Argument[0];ReturnValue;taint |
-| p;PrivateFlowViaPublicInterface;true;createAnSPIWithoutTrackingFile;(File);;Argument[0];ReturnValue;taint |