Replace stringbuilder step with model

2026-04-30 19:26:02 +02:00 · 2021-08-23 15:18:24 +02:00
parent 7ddf7ff211
commit 190bf90bc8
3 changed files with 12 additions and 14 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -147,8 +147,6 @@ private predicate localAdditionalTaintExprStep(Expr src, Expr sink) {
  or
  comparisonStep(src, sink)
  or
-  stringBuilderStep(src, sink)
-  or
  serializationStep(src, sink)
  or
  formatStep(src, sink)
@@ -392,15 +390,6 @@ private predicate comparisonStep(Expr tracked, Expr sink) {
  )
 }

-/** Flow through a `StringBuilder`. */
-private predicate stringBuilderStep(Expr tracked, Expr sink) {
-  exists(StringBuilderVar sbvar, MethodAccess input, int arg |
-    input = sbvar.getAnInput(arg) and
-    tracked = input.getArgument(arg) and
-    sink = sbvar.getToStringCall()
-  )
-}
-
 /** Flow through data serialization. */
 private predicate serializationStep(Expr tracked, Expr sink) {
  exists(ObjectOutputStreamVar v, VariableAssign def |