Remove redundant method taint flow specifications

2026-04-29 10:45:15 +02:00 · 2021-08-02 14:30:31 +01:00
parent eda3d864f5
commit 8a78075d3d
2 changed files with 1 additions and 21 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql
@@ -71,24 +71,6 @@ class UnsafeReflectionConfig extends TaintTracking::Configuration {
    // Argument -> return of methods that look like `Object getInstance(Class c)`
    looksLikeInstantiateClassStep(pred, succ)
    or
-    // Argument -> return of BeanFactory.getBean
-    exists(MethodAccess ma, Method getBean, Expr argument |
-      getBean.hasQualifiedName("org.springframework.beans.factory", "BeanFactory", "getBean") and
-      (
-        ma.getMethod().overrides(getBean)
-        or
-        ma.getMethod() = getBean
-      ) and
-      argument = ma.getAnArgument() and
-      (
-        argument.getType() instanceof TypeString
-        or
-        argument.getType() instanceof TypeClass
-      ) and
-      pred.asExpr() = argument and
-      succ.asExpr() = ma
-    )
-    or
    // Qualifier -> return of Constructor.newInstance, Class.newInstance
    exists(NewInstance ni |
      ni.getQualifier() = pred.asExpr() and
--- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflectionLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflectionLib.qll
@@ -52,9 +52,7 @@ predicate looksLikeInstantiateClassStep(DataFlow::Node fromNode, DataFlow::Node
    m = ma.getMethod() and arg = ma.getArgument(i)
  |
    m.getReturnType() instanceof TypeObject and
-    m.getName()
-        .toLowerCase()
-        .regexpMatch("instantiate|instance|create|make|getbean|instantiateclass") and
+    m.getName().toLowerCase().regexpMatch("instantiate|instance|create|make|getbean") and
    arg.getType() instanceof TypeClass and
    arg = fromNode.asExpr() and
    ma = toNode.asExpr()