Java: Taint tracking through String.replace(all)?

2026-05-03 12:45:27 +02:00 · 2020-05-17 17:59:06 +01:00
parent 7d555a7467
commit c59042f9c3
1 changed files with 2 additions and 0 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -387,6 +387,8 @@ private predicate taintPreservingQualifierToMethod(Method m) {
    m.getName().regexpMatch("get|toArray|subList|spliterator|set|iterator|listIterator") or
    (m.getName().regexpMatch("remove") and not m.getReturnType() instanceof BooleanType)
  )
+  or
+  m instanceof StringReplaceMethod
 }

 private class StringReplaceMethod extends Method {