Java/NumericCastTaintedQuery

java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
2025-12-16 16:53:25 +01:00 · 2025-10-09 14:01:26 +02:00
parent 247ae1d23c
commit 72a97773b1
1 changed files with 3 additions and 2 deletions
--- a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll
@@ -106,8 +106,9 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig {
  predicate observeDiffInformedIncrementalMode() { any() }

  Location getASelectedSinkLocation(DataFlow::Node sink) {
-    exists(NumericNarrowingCastExpr cast |
-      cast.getExpr() = sink.asExpr() and
+    exists(NumericNarrowingCastExpr cast | cast.getExpr() = sink.asExpr() |
+      result = sink.getLocation()
+      or
      result = cast.getLocation()
    )
  }