Java: Remove wrong definition of taint tracking

This explanation, taken from C/C++, was not correct for Java.
2026-04-30 11:15:13 +02:00 · 2019-08-20 12:58:25 +02:00
parent 9ac0cdd2a2
commit f1e6e36ce6
2 changed files with 0 additions and 10 deletions
--- a/java/ql/src/semmle/code/java/dataflow/TaintTracking.qll
+++ b/java/ql/src/semmle/code/java/dataflow/TaintTracking.qll
@@ -1,11 +1,6 @@
 /**
 * Provides classes for performing local (intra-procedural) and
 * global (inter-procedural) taint-tracking analyses.
- *
- * We define _taint propagation_ informally to mean that a substantial part of
- * the information from the source is preserved at the sink. For example, taint
- * propagates from `x` to `x + 100`, but it does not propagate from `x` to `x >
- * 100` since we consider a single bit of information to be too little.
 */
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.DataFlow2
--- a/java/ql/src/semmle/code/java/dataflow/TaintTracking2.qll
+++ b/java/ql/src/semmle/code/java/dataflow/TaintTracking2.qll
@@ -1,11 +1,6 @@
 /**
 * Provides classes for performing local (intra-procedural) and
 * global (inter-procedural) taint-tracking analyses.
- *
- * We define _taint propagation_ informally to mean that a substantial part of
- * the information from the source is preserved at the sink. For example, taint
- * propagates from `x` to `x + 100`, but it does not propagate from `x` to `x >
- * 100` since we consider a single bit of information to be too little.
 */
 module TaintTracking2 {
  import semmle.code.java.dataflow.internal.tainttracking2.TaintTrackingImpl