From 24c6e506aa29e36aeff21aa203256caae328bc1b Mon Sep 17 00:00:00 2001
From: Arthur Baars <arthur@semmle.com>
Date: Thu, 9 Jul 2020 12:16:18 +0200
Subject: [PATCH] Java: ContainerFlow: RValue -> Expr

While most flow for a qualifierToArgumentStep goes through a variable use
this is not always the case. Therefore it is best to remove the restriction
to RValue to allow taint steps to use postupdate nodes.

See also: ba86dea657e227f9aac0371cda62e47bdef565d3
---
 .../ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll b/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
index 7f433124256..76656f0f609 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
@@ -180,7 +180,7 @@ private predicate qualifierToMethodStep(Expr tracked, MethodAccess sink) {
   tracked = sink.getQualifier()
 }
 
-private predicate qualifierToArgumentStep(Expr tracked, RValue sink) {
+private predicate qualifierToArgumentStep(Expr tracked, Expr sink) {
   exists(MethodAccess ma, CollectionMethod method |
     method = ma.getMethod() and
     (