From 940fec5669e345fd9de3005cdd463c8ed717d84e Mon Sep 17 00:00:00 2001
From: Arthur Baars <arthur@semmle.com>
Date: Tue, 7 Jul 2020 17:26:49 +0200
Subject: [PATCH] Drop taint tracking for Arrays.{deepToString,toString}

---
 .../ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll | 2 +-
 .../local-additional-taint/localAdditionalTaintStep.expected    | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll b/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
index a7127b48356..8e2305faeb4 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
@@ -183,7 +183,7 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) {
   or
   method.getDeclaringType().hasQualifiedName("java.util", "Arrays") and
   (
-    method.hasName(["copyOf", "copyOfRange", "deepToString", "spliterator", "stream", "toString"]) and
+    method.hasName(["copyOf", "copyOfRange", "spliterator", "stream"]) and
     arg = 0
   )
 }
diff --git a/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.expected b/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.expected
index b4ca4db0716..4de5be40177 100644
--- a/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.expected
+++ b/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.expected
@@ -6,10 +6,8 @@
 | ArraysTest.java:8:24:8:30 | "three" | ArraysTest.java:8:3:8:31 | new ..[] { .. } |
 | ArraysTest.java:9:17:9:22 | source | ArraysTest.java:9:3:9:27 | copyOf(...) |
 | ArraysTest.java:10:22:10:27 | source | ArraysTest.java:10:3:10:35 | copyOfRange(...) |
-| ArraysTest.java:11:23:11:28 | source | ArraysTest.java:11:3:11:29 | deepToString(...) |
 | ArraysTest.java:12:22:12:27 | source | ArraysTest.java:12:3:12:28 | spliterator(...) |
 | ArraysTest.java:13:17:13:22 | source | ArraysTest.java:13:3:13:23 | stream(...) |
-| ArraysTest.java:14:19:14:24 | source | ArraysTest.java:14:3:14:25 | toString(...) |
 | ArraysTest.java:15:23:15:29 | "value" | ArraysTest.java:15:15:15:20 | source [post update] |
 | ArraysTest.java:16:30:16:35 | "data" | ArraysTest.java:16:15:16:20 | source [post update] |
 | ArraysTest.java:17:43:17:43 | x | ArraysTest.java:17:43:17:47 | ... + ... |