Java: Remove list, map, and StringReplaceMethod flow steps.

2026-04-25 08:45:14 +02:00 · 2020-07-06 14:19:13 +02:00
parent a41c2d8abf
commit 2ae15f9ace
1 changed files with 0 additions and 13 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -377,19 +377,6 @@ private predicate taintPreservingQualifierToMethod(Method m) {
  or
  m = any(ProtobufMessageLite p).getAGetterMethod()
  or
-  m instanceof MapMethod and
-  (
-    m.getName().regexpMatch("get|entrySet|keySet|values")
-  )
-  or
-  m.getDeclaringType().getSourceDeclaration().getASourceSupertype*().hasQualifiedName("java.util", "List") and
-  (
-    m.getName().regexpMatch("get|toArray|subList|spliterator|set|iterator|listIterator") or
-    (m.getName().regexpMatch("remove") and not m.getReturnType() instanceof BooleanType)
-  )
-  or
-  m instanceof StringReplaceMethod
-  or
  exists(SpringUntrustedDataType dt |
    m.(GetterMethod) = dt.getAMethod()
  )