Thanks to visit codestin.com Credit goes to github.com
We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent a42d9b1 commit 046d4a0Copy full SHA for 046d4a0
1 file changed
java/ql/src/semmle/code/java/dataflow/TaintTracking.qll
@@ -377,6 +377,7 @@ module TaintTracking {
377
private predicate taintPreservingQualifierToMethod(Method m) {
378
m.getDeclaringType() instanceof TypeString and
379
(
380
+ m.getName() = "concat" or
381
m.getName() = "endsWith" or
382
m.getName() = "getBytes" or
383
m.getName() = "split" or
@@ -481,6 +482,10 @@ module TaintTracking {
481
482
method.getName().matches("to%String") and arg = 0
483
)
484
or
485
+ method.getDeclaringType() instanceof TypeString and
486
+ method.getName() = "concat" and
487
+ arg = 0
488
+ or
489
490
method.getDeclaringType().hasQualifiedName("java.lang", "StringBuilder") or
491
method.getDeclaringType().hasQualifiedName("java.lang", "StringBuffer")
0 commit comments