Java: Sync files and make dummy language specific implementation.

java/ql/src/utils/modelgenerator/internal/CaptureModels.qll

@@ -41,18 +41,30 @@ private module Printing implements PrintingSig {
 
 module ModelPrinting = PrintingImpl<Printing>;
 
+/**
+ * Gets the underlying type of the content `c`.
+ */
+private Type getUnderlyingContentType(DataFlow::Content c) {
+  result = getUnderlyingContentTypeSpecific(c) or
+  result = c.(DataFlow::FieldContent).getField().getType() or
+  result = c.(DataFlow::SyntheticFieldContent).getField().getType()
+}
+
+/**
+ * Holds if `c` is a relevant content kind, where the underlying type is relevant.
+ */
+private predicate isRelevantTypeInContent(DataFlow::Content c) {
+  isRelevantType(getUnderlyingContentType(c))
+}
+
 /**
  * Holds if data can flow from `node1` to `node2` either via a read or a write of an intermediate field `f`.
  */
 private predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
   exists(DataFlow::Content f |
     DataFlowPrivate::readStep(node1, f, node2) and
-    if f instanceof DataFlow::FieldContent
-    then isRelevantType(f.(DataFlow::FieldContent).getField().getType())
-    else
-      if f instanceof DataFlow::SyntheticFieldContent
-      then isRelevantType(f.(DataFlow::SyntheticFieldContent).getField().getType())
-      else any()
+    // Partially restrict the content types used for intermediate steps.
+    (not exists(getUnderlyingContentType(f)) or isRelevantTypeInContent(f))
   )
   or
   exists(DataFlow::Content f | DataFlowPrivate::storeStep(node1, f, node2) |
@@ -61,12 +73,11 @@ private predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2
 }
 
 /**
- * Holds if content `c` is either a field or synthetic field of a relevant type
- * or a container like content.
+ * Holds if content `c` is either a field, a synthetic field or language specific
+ * content of a relevant type or a container like content.
  */
 private predicate isRelevantContent(DataFlow::Content c) {
-  isRelevantType(c.(DataFlow::FieldContent).getField().getType()) or
-  isRelevantType(c.(DataFlow::SyntheticFieldContent).getField().getType()) or
+  isRelevantTypeInContent(c) or
   DataFlowPrivate::containerContent(c)
 }
 
@@ -258,6 +269,10 @@ module PropagateToSinkConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { sinkModelSanitizer(node) }
 
   DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
+
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    isRelevantTaintStep(node1, node2)
+  }
 }
 
 private module PropagateToSink = TaintTracking::Global<PropagateToSinkConfig>;

java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll

@@ -186,6 +186,8 @@ predicate isRelevantType(J::Type t) {
   )
 }
 
+J::Type getUnderlyingContentTypeSpecific(DataFlow::Content c) { none() }
+
 /**
  * Gets the MaD string representation of the qualifier.
  */