From 93c28d4c03a14893b8fc3b2bb42ced435bb8d349 Mon Sep 17 00:00:00 2001
From: "lcartey@github.com" <lcartey@github.com>
Date: Sun, 17 May 2020 23:29:13 +0100
Subject: [PATCH] Java: Add taint step to flow through Spring tainted user data
 class getters.

---
 .../semmle/code/java/dataflow/internal/TaintTrackingUtil.qll  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
index a1d5d830665..65c0dc1d4be 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -389,6 +389,10 @@ private predicate taintPreservingQualifierToMethod(Method m) {
   )
   or
   m instanceof StringReplaceMethod
+  or
+  exists(SpringUntrustedDataType dt |
+    m.(GetterMethod) = dt.getAMethod()
+  )
 }
 
 private class StringReplaceMethod extends Method {