From 441bf98ce70d7bf6f9f1f1feeec169ead47d3261 Mon Sep 17 00:00:00 2001
From: Arthur Baars <arthur@semmle.com>
Date: Tue, 7 Jul 2020 20:34:13 +0200
Subject: [PATCH] Java: add Vector::copyInto, BlockingQueue::drainTo

---
 .../src/semmle/code/java/dataflow/internal/ContainerFlow.qll | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll b/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
index be642e2397c..fe74a1b5e3b 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
@@ -181,9 +181,10 @@ private predicate qualifierToMethodStep(Expr tracked, MethodAccess sink) {
 
 private predicate qualifierToArgumentStep(Expr tracked, RValue sink) {
   exists(MethodAccess ma |
-    ma.getMethod().(CollectionMethod).hasName("toArray") and
+    // java.util.Vector, java.util.concurrent.BlockingQueue, java.util.Collection
+    ma.getMethod().(CollectionMethod).hasName(["copyInto", "drainTo", "toArray"]) and
     tracked = ma.getQualifier() and
-    sink = ma.getArgument(1)
+    sink = ma.getArgument(0)
   )
 }