Merge pull request #16772 from michaelnebel/java/taintedpermissionthreatmodel

Java: Opt-in `java/tainted-permissions-check` to threat models.

java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll

@@ -54,7 +54,7 @@ private class WildCardPermissionConstruction extends ClassInstanceExpr, Permissi
  * A configuration for tracking flow from user input to a permissions check.
  */
 module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UserInput }
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
 
   predicate isSink(DataFlow::Node sink) {
     sink.asExpr() = any(PermissionsConstruction p).getInput()

java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The query `java/tainted-permissions-check` now uses threat models. This means that `local` sources are no longer included by default for this query, but can be added by enabling the `local` threat model.