Refactor MyBatisAbstractSQLMethodsStep

Set output to `Argument[-1]` instead of `ReturnValue` to be able to get rid of `MyBatisAbstractSQLAnonymousClassStep`. Thanks @pwntester!
2026-04-27 01:35:13 +02:00 · 2022-03-15 13:46:06 +01:00
parent 9aa440e5b6
commit ed198709b4
1 changed files with 1 additions and 12 deletions
--- a/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll
@@ -194,18 +194,7 @@ private class MyBatisAbstractSQLMethodsStep extends SummaryModelCsv {
    exists(MyBatisAbstractSQLMethod m |
      row =
        "org.apache.ibatis.jdbc;AbstractSQL;true;" + m.getName() + ";(" + m.getCsvSignature() +
-          ");;" + m.getTaintedArgs() + ";ReturnValue;taint"
-    )
-  }
-}
-
-private class MyBatisAbstractSQLAnonymousClassStep extends TaintTracking::AdditionalTaintStep {
-  override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(MethodAccess ma, ClassInstanceExpr c |
-      ma.getMethod() instanceof MyBatisAbstractSQLMethod and
-      c.getAnonymousClass().getACallable() = ma.getCaller() and
-      node1.asExpr() = ma and
-      node2.asExpr() = c
+          ");;" + m.getTaintedArgs() + ";Argument[-1];taint"
    )
  }
 }