Java: Add taint steps for String.formatted.

2026-04-27 17:55:19 +02:00 · 2020-05-14 16:17:03 +02:00
parent 8ce9c9d57e
commit 1838a7455a
1 changed files with 2 additions and 1 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -296,6 +296,7 @@ private predicate taintPreservingQualifierToMethod(Method m) {
  (
    m.getName() = "concat" or
    m.getName() = "endsWith" or
+    m.getName() = "formatted" or
    m.getName() = "getBytes" or
    m.getName() = "split" or
    m.getName() = "substring" or
@@ -395,7 +396,7 @@ private predicate argToMethodStep(Expr tracked, MethodAccess sink) {
 */
 private predicate taintPreservingArgumentToMethod(Method method) {
  method.getDeclaringType() instanceof TypeString and
-  (method.hasName("format") or method.hasName("join"))
+  (method.hasName("format") or method.hasName("formatted") or method.hasName("join"))
 }

 /**