From 7c4251deacecb12b49ce62810d23866d4e07a4c7 Mon Sep 17 00:00:00 2001
From: "lcartey@github.com" <lcartey@github.com>
Date: Fri, 15 May 2020 17:27:07 +0100
Subject: [PATCH] Java: Add flow out of Map and List

---
 .../code/java/dataflow/internal/TaintTrackingUtil.qll | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
index bc7b4355862..cb266ee8838 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -358,6 +358,17 @@ private predicate taintPreservingQualifierToMethod(Method m) {
   m = any(GuiceProvider gp).getAnOverridingGetMethod()
   or
   m = any(ProtobufMessageLite p).getAGetterMethod()
+  or
+  m instanceof MapMethod and
+  (
+    m.getName().regexpMatch("get|entrySet|keySet|values")
+  )
+  or
+  m.getDeclaringType().getSourceDeclaration().getASourceSupertype*().hasQualifiedName("java.util", "List") and
+  (
+    m.getName().regexpMatch("get|toArray|subList|spliterator|set|iterator|listIterator") or
+    (m.getName().regexpMatch("remove") and not m.getReturnType() instanceof BooleanType)
+  )
 }
 
 private class StringReplaceMethod extends Method {