From 160f3b43128b760ccb14aa4a4b2a053d3edc8a49 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Thu, 1 Jul 2021 14:41:39 +0100
Subject: [PATCH] Remove ArrayElement from sink specifications

---
 .../semmle/code/java/frameworks/SpringJdbc.qll   |  2 +-
 .../code/java/frameworks/android/SQLite.qll      | 16 ++++++++--------
 .../frameworks/android/taint-database/Sinks.java | 16 ++++++++--------
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/java/ql/src/semmle/code/java/frameworks/SpringJdbc.qll b/java/ql/src/semmle/code/java/frameworks/SpringJdbc.qll
index 795c3060c50..3eba5b41065 100644
--- a/java/ql/src/semmle/code/java/frameworks/SpringJdbc.qll
+++ b/java/ql/src/semmle/code/java/frameworks/SpringJdbc.qll
@@ -15,7 +15,7 @@ private class SqlSinkCsv extends SinkModelCsv {
     row =
       [
         //"package;type;overrides;name;signature;ext;spec;kind"
-        "org.springframework.jdbc.core;JdbcTemplate;false;batchUpdate;(String[]);;ArrayElement of Argument[0];sql",
+        "org.springframework.jdbc.core;JdbcTemplate;false;batchUpdate;(String[]);;Argument[0];sql",
         "org.springframework.jdbc.core;JdbcTemplate;false;batchUpdate;;;Argument[0];sql",
         "org.springframework.jdbc.core;JdbcTemplate;false;execute;;;Argument[0];sql",
         "org.springframework.jdbc.core;JdbcTemplate;false;update;;;Argument[0];sql",
diff --git a/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll b/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll
index 125cf23cf49..d53d8db5519 100644
--- a/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll
+++ b/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll
@@ -41,25 +41,25 @@ private class SQLiteSinkCsv extends SinkModelCsv {
         // queryWithFactory(SQLiteDatabase.CursorFactory cursorFactory, boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit)
         // Each String / String[] arg except for selectionArgs is a sink
         "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[0];sql",
-        "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;ArrayElement of Argument[1];sql",
+        "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[1];sql",
         "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[2];sql",
         "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[4..7];sql",
         "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String);;Argument[0..2];sql",
         "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String);;Argument[4..6];sql",
         "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[1];sql",
-        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;ArrayElement of Argument[2];sql",
+        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[2];sql",
         "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[3];sql",
         "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[5..8];sql",
         "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[1];sql",
-        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;ArrayElement of Argument[2];sql",
+        "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[2];sql",
         "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[3];sql",
         "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[5..8];sql",
         "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[2];sql",
-        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;ArrayElement of Argument[3];sql",
+        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[3];sql",
         "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[4];sql",
         "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[6..9];sql",
         "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[2];sql",
-        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;ArrayElement of Argument[3];sql",
+        "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[3];sql",
         "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[4];sql",
         "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[6..9];sql",
         "android.database.sqlite;SQLiteDatabase;false;rawQuery;(String,String[]);;Argument[0];sql",
@@ -87,15 +87,15 @@ private class SQLiteSinkCsv extends SinkModelCsv {
         // query(SQLiteDatabase db, String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit)
         // query(SQLiteDatabase db, String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit, CancellationSignal cancellationSignal)
         "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[-1];sql",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;ArrayElement of Argument[1];sql",
+        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[1];sql",
         "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[2];sql",
         "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[4..6];sql",
         "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[-1];sql",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;ArrayElement of Argument[1];sql",
+        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[1];sql",
         "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[2];sql",
         "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[4..7];sql",
         "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[-1];sql",
-        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;ArrayElement of Argument[1];sql",
+        "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[1];sql",
         "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[2];sql",
         "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[4..7];sql",
         "android.content;ContentProvider;true;delete;(Uri,String,String[]);;Argument[1];sql",
diff --git a/java/ql/test/library-tests/frameworks/android/taint-database/Sinks.java b/java/ql/test/library-tests/frameworks/android/taint-database/Sinks.java
index b53f0e904ae..d236368e089 100644
--- a/java/ql/test/library-tests/frameworks/android/taint-database/Sinks.java
+++ b/java/ql/test/library-tests/frameworks/android/taint-database/Sinks.java
@@ -85,7 +85,7 @@ public class Sinks {
 	public static void query(SQLiteDatabase target) {
 		boolean distinct = taint();
 		String table = taint(); // $taintReachesSink
-		String[] columns = {taint()}; // $ MISSING: taintReachesSink
+		String[] columns = {taint()}; // $taintReachesSink
 		String selection = taint(); // $taintReachesSink
 		String[] selectionArgs = {taint()};
 		String groupBy = taint(); // $taintReachesSink
@@ -98,7 +98,7 @@ public class Sinks {
 	public static void query2(SQLiteDatabase target) {
 		boolean distinct = taint();
 		String table = taint(); // $taintReachesSink
-		String[] columns = {taint()}; // $ MISSING: taintReachesSink
+		String[] columns = {taint()}; // $taintReachesSink
 		String selection = taint(); // $taintReachesSink
 		String[] selectionArgs = {taint()};
 		String groupBy = taint(); // $taintReachesSink
@@ -123,7 +123,7 @@ public class Sinks {
 
 	public static void query4(SQLiteDatabase target) {
 		String table = taint(); // $taintReachesSink
-		String[] columns = {taint()}; // $ MISSING: taintReachesSink
+		String[] columns = {taint()}; // $taintReachesSink
 		String selection = taint(); // $taintReachesSink
 		String[] selectionArgs = {taint()};
 		String groupBy = taint(); // $taintReachesSink
@@ -136,7 +136,7 @@ public class Sinks {
 	public static void query(MySQLiteQueryBuilder target) {
 		target = taint();  // $taintReachesSink
 		SQLiteDatabase db = taint();
-		String[] projectionIn = {taint()}; // $ MISSING: taintReachesSink
+		String[] projectionIn = {taint()}; // $taintReachesSink
 		String selection = taint(); // $taintReachesSink
 		String[] selectionArgs = {taint()};
 		String groupBy = taint(); // $taintReachesSink
@@ -148,7 +148,7 @@ public class Sinks {
 	public static void query2(MySQLiteQueryBuilder target) {
 		target = taint(); // $taintReachesSink
 		SQLiteDatabase db = taint();
-		String[] projectionIn = {taint()}; // $ MISSING: taintReachesSink
+		String[] projectionIn = {taint()}; // $taintReachesSink
 		String selection = taint(); // $taintReachesSink
 		String[] selectionArgs = {taint()};
 		String groupBy = taint(); // $taintReachesSink
@@ -161,7 +161,7 @@ public class Sinks {
 	public static void query3(MySQLiteQueryBuilder target) {
 		target = taint();  // $taintReachesSink
 		SQLiteDatabase db = taint();
-		String[] projectionIn = {taint()}; // $ MISSING: taintReachesSink
+		String[] projectionIn = {taint()}; // $taintReachesSink
 		String selection = taint(); // $taintReachesSink
 		String[] selectionArgs = {taint()};
 		String groupBy = taint(); // $taintReachesSink
@@ -214,7 +214,7 @@ public class Sinks {
 		SQLiteDatabase.CursorFactory cursorFactory = taint();
 		boolean distinct = taint();
 		String table = taint(); // $taintReachesSink
-		String[] columns = {taint()}; // $ MISSING: taintReachesSink
+		String[] columns = {taint()}; // $taintReachesSink
 		String selection = taint(); // $taintReachesSink
 		String[] selectionArgs = {taint()};
 		String groupBy = taint(); // $taintReachesSink
@@ -229,7 +229,7 @@ public class Sinks {
 		SQLiteDatabase.CursorFactory cursorFactory = taint();
 		boolean distinct = taint();
 		String table = taint(); // $taintReachesSink
-		String[] columns = {taint()}; // $ MISSING: taintReachesSink
+		String[] columns = {taint()}; // $taintReachesSink
 		String selection = taint(); // $taintReachesSink
 		String[] selectionArgs = {taint()};
 		String groupBy = taint(); // $taintReachesSink