diff --git a/java/ql/src/semmle/code/java/dataflow/FlowSteps.qll b/java/ql/src/semmle/code/java/dataflow/FlowSteps.qll index 99dbfda4171..1468363c33c 100644 --- a/java/ql/src/semmle/code/java/dataflow/FlowSteps.qll +++ b/java/ql/src/semmle/code/java/dataflow/FlowSteps.qll @@ -62,7 +62,7 @@ private class StringTaintPreservingMethod extends TaintPreservingMethod { } override predicate returnsTaintFrom(int arg) { - arg = -1 + arg = -1 and not this.isStatic() or this.hasName(["concat", "copyValueOf"]) and arg = 0 or diff --git a/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll b/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll index 79f37628114..cd2232a8683 100644 --- a/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll +++ b/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll @@ -233,24 +233,23 @@ private class QueryBuilderBuildMethod extends TaintPreservingMethod { QueryBuilderBuildMethod() { this.getDeclaringType().getASourceSupertype*() instanceof TypeSQLiteQueryBuilder and - // buildQuery(String[] projectionIn, String selection, String groupBy, String having, String sortOrder, String limit) - // buildQuery(String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit) - // buildUnionQuery(String[] subQueries, String sortOrder, String limit) - // buildUnionSubQuery(String typeDiscriminatorColumn, String[] unionColumns, Set columnsPresentInTable, int computedColumnsOffset, String typeDiscriminatorValue, String selection, String[] selectionArgs, String groupBy, String having) - // buildUnionSubQuery(String typeDiscriminatorColumn, String[] unionColumns, Set columnsPresentInTable, int computedColumnsOffset, String typeDiscriminatorValue, String selection, String groupBy, String having) - // static buildQueryString(boolean distinct, String tables, String[] columns, String where, String groupBy, String having, String orderBy, String limit) - this.hasName(["buildQuery", "buildUnionQuery", "buildUnionSubQuery"]) and - argument = -1 - or - hasName(["buildQuery", "buildUnionQuery"]) and - argument = [0 .. getNumberOfParameters()] - or - hasName("buildQueryString") and - argument = [1 .. getNumberOfParameters()] - or - hasName("buildUnionSubQuery") and - argument = [0 .. getNumberOfParameters()] and - argument != 3 + ( + // buildQuery(String[] projectionIn, String selection, String groupBy, String having, String sortOrder, String limit) + // buildQuery(String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit) + // buildUnionQuery(String[] subQueries, String sortOrder, String limit) + this.hasName(["buildQuery", "buildUnionQuery"]) and + argument = [-1 .. getNumberOfParameters()] + or + // buildUnionSubQuery(String typeDiscriminatorColumn, String[] unionColumns, Set columnsPresentInTable, int computedColumnsOffset, String typeDiscriminatorValue, String selection, String[] selectionArgs, String groupBy, String having) + // buildUnionSubQuery(String typeDiscriminatorColumn, String[] unionColumns, Set columnsPresentInTable, int computedColumnsOffset, String typeDiscriminatorValue, String selection, String groupBy, String having) + this.hasName("buildUnionSubQuery") and + argument = [-1 .. getNumberOfParameters()] and + argument != 3 + or + // static buildQueryString(boolean distinct, String tables, String[] columns, String where, String groupBy, String having, String orderBy, String limit) + hasName("buildQueryString") and + argument = [1 .. getNumberOfParameters()] + ) } override predicate returnsTaintFrom(int arg) { argument = arg }