Java: Add flow out of Map and List

2026-02-28 21:03:50 +01:00 · 2020-05-15 17:27:07 +01:00
parent 6de2b93f3a
commit 7c4251deac
1 changed files with 11 additions and 0 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -358,6 +358,17 @@ private predicate taintPreservingQualifierToMethod(Method m) {
  m = any(GuiceProvider gp).getAnOverridingGetMethod()
  or
  m = any(ProtobufMessageLite p).getAGetterMethod()
+  or
+  m instanceof MapMethod and
+  (
+    m.getName().regexpMatch("get|entrySet|keySet|values")
+  )
+  or
+  m.getDeclaringType().getSourceDeclaration().getASourceSupertype*().hasQualifiedName("java.util", "List") and
+  (
+    m.getName().regexpMatch("get|toArray|subList|spliterator|set|iterator|listIterator") or
+    (m.getName().regexpMatch("remove") and not m.getReturnType() instanceof BooleanType)
+  )
 }

 private class StringReplaceMethod extends Method {