remove wicket taintstep from TaintTrackingUtil

2026-04-29 18:55:14 +02:00 · 2020-10-28 14:51:44 +01:00
parent a4a91eb1d2
commit c28856d3dc
1 changed files with 0 additions and 8 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -414,14 +414,6 @@ private predicate argToMethodStep(Expr tracked, MethodAccess sink) {
 * `arg`th argument is tainted.
 */
 private predicate taintPreservingArgumentToMethod(Method method, int arg) {
-  (
-    method.getDeclaringType().hasQualifiedName("org.apache.wicket.util.crypt", "Base64") and
-    (
-      method.getName().matches("decode%") and arg = 0 or
-      method.getName().matches("encode%") and arg = 0
-    )
-  )
-  or
  (
    method.getDeclaringType().hasQualifiedName("java.util", "Base64$Encoder") or
    method.getDeclaringType().hasQualifiedName("java.util", "Base64$Decoder") or