Add models for flow- and taint-preserving functions in Commons ObjectUtils.

These should all be value-preserving, but we don't support value-preserving varargs methods yet.
2026-05-02 12:15:17 +02:00 · 2021-03-05 17:59:05 +00:00
parent 0edae89425
commit 1c1ca70027
5 changed files with 306 additions and 4 deletions
--- a/java/change-notes/2021-03-05-commons-object-utils.md
+++ b/java/change-notes/2021-03-05-commons-object-utils.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Add models for ObjectUtils functions in the Apache Commons-Lang library. This may lead to more results from any dataflow query where traversal of ObjectUtils functions means we can now complete a path from a source of tainted data to a corresponding sink.