From 9baf2b9eff89bfa3dad5d88ee3bbc655be5ed6bc Mon Sep 17 00:00:00 2001
From: Joe <joefarebrother@github.com>
Date: Fri, 18 Sep 2020 15:42:03 +0100
Subject: [PATCH] Fix cartesian product

---
 java/ql/src/semmle/code/java/security/CommandArguments.qll | 1 +
 1 file changed, 1 insertion(+)

diff --git a/java/ql/src/semmle/code/java/security/CommandArguments.qll b/java/ql/src/semmle/code/java/security/CommandArguments.qll
index ebc30eb22df..c0934e49411 100644
--- a/java/ql/src/semmle/code/java/security/CommandArguments.qll
+++ b/java/ql/src/semmle/code/java/security/CommandArguments.qll
@@ -174,6 +174,7 @@ private Expr firstElementOf(Expr arr) {
     exists(CommandArgArrayImmutableFirst caa | arr = caa.getAUse() | result = caa.getFirstElement())
     or
     exists(MethodAccess ma, Method m |
+      arr = ma and
       ma.getMethod() = m and
       m.getDeclaringType().hasQualifiedName("java.util", "Arrays") and
       m.hasName("copyOf") and