Don't track taint on Map keys

2026-04-28 18:25:24 +02:00 · 2020-07-03 13:36:56 +02:00
parent 5f2a5f1b55
commit 5fff41f35b
2 changed files with 1 additions and 2 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
@@ -169,7 +169,7 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) {
    method
        .hasName(["checkedCollection", "checkedList", "checkedMap", "checkedNavigableMap",
              "checkedNavigableSet", "checkedSet", "checkedSortedMap", "checkedSortedSet",
-              "enumeration", "list", "max", "min", "singleton", "singletonList", "singletonMap",
+              "enumeration", "list", "max", "min", "singleton", "singletonList",
              "synchronizedCollection", "synchronizedList", "synchronizedMap",
              "synchronizedNavigableMap", "synchronizedNavigableSet", "synchronizedSet",
              "synchronizedSortedMap", "synchronizedSortedSet", "unmodifiableCollection",
--- a/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.expected
+++ b/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.expected
@@ -11,7 +11,6 @@
 | CollectionsTest.java:13:19:13:22 | list | CollectionsTest.java:13:3:13:23 | min(...) |
 | CollectionsTest.java:14:27:14:30 | list | CollectionsTest.java:14:3:14:31 | enumeration(...) |
 | CollectionsTest.java:15:20:15:30 | enumeration | CollectionsTest.java:15:3:15:31 | list(...) |
-| CollectionsTest.java:16:28:16:32 | "key" | CollectionsTest.java:16:3:16:42 | singletonMap(...) |
 | CollectionsTest.java:16:35:16:41 | "value" | CollectionsTest.java:16:3:16:42 | singletonMap(...) |
 | CollectionsTest.java:17:26:17:30 | other | CollectionsTest.java:17:20:17:23 | list [post update] |
 | CollectionsTest.java:18:27:18:32 | "item" | CollectionsTest.java:18:3:18:33 | nCopies(...) |