@@ -6,6 +6,7 @@ private import semmle.code.java.dataflow.DefUse
66private import semmle.code.java.security.SecurityTests
77private import semmle.code.java.security.Validation
88private import semmle.code.java.frameworks.android.Intent
9+ private import semmle.code.java.frameworks.android.SQLite
910private import semmle.code.java.frameworks.Guice
1011private import semmle.code.java.frameworks.Protobuf
1112private import semmle.code.java.frameworks.spring.SpringController
@@ -388,10 +389,7 @@ private predicate taintPreservingQualifierToMethod(Method m) {
388389 )
389390 )
390391 or
391- m
392- .getDeclaringType ( )
393- .getASourceSupertype * ( )
394- .hasQualifiedName ( "android.database.sqlite" , "SQLiteQueryBuilder" ) and
392+ m .getDeclaringType ( ) .getASourceSupertype * ( ) instanceof TypeSQLiteQueryBuilder and
395393 // buildQuery(String[] projectionIn, String selection, String groupBy, String having, String sortOrder, String limit)
396394 // buildQuery(String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit)
397395 // buildUnionQuery(String[] subQueries, String sortOrder, String limit)
@@ -459,15 +457,12 @@ private predicate taintPreservingArgumentToMethod(Method method) {
459457 method .getDeclaringType ( ) instanceof TypeString and
460458 ( method .hasName ( "format" ) or method .hasName ( "formatted" ) or method .hasName ( "join" ) )
461459 or
462- method .getDeclaringType ( ) . hasQualifiedName ( "android.database" , "DatabaseUtils" ) and
460+ method .getDeclaringType ( ) instanceof TypeDatabaseUtils and
463461 // String[] appendSelectionArgs(String[] originalValues, String[] newValues)
464462 // String concatenateWhere(String a, String b)
465463 method .hasName ( [ "appendSelectionArgs" , "concatenateWhere" ] )
466464 or
467- method
468- .getDeclaringType ( )
469- .getASourceSupertype * ( )
470- .hasQualifiedName ( "android.database.sqlite" , "SQLiteQueryBuilder" ) and
465+ method .getDeclaringType ( ) .getASourceSupertype * ( ) instanceof TypeSQLiteQueryBuilder and
471466 // buildQuery(String[] projectionIn, String selection, String groupBy, String having, String sortOrder, String limit)
472467 // buildQuery(String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit)
473468 // buildUnionQuery(String[] subQueries, String sortOrder, String limit)
@@ -650,7 +645,7 @@ private predicate taintPreservingArgToArg(Method method, int input, int output)
650645 input = method .getNumberOfParameters ( ) - 1 and
651646 output = 0
652647 or
653- method .getDeclaringType ( ) . hasQualifiedName ( "android.database.sqlite" , "SQLiteQueryBuilder" ) and
648+ method .getDeclaringType ( ) instanceof TypeSQLiteQueryBuilder and
654649 // static appendColumns(StringBuilder s, String[] columns)
655650 method .hasName ( "appendColumns" ) and
656651 input = 1 and
@@ -693,10 +688,7 @@ private predicate taintPreservingArgumentToQualifier(Method method, int arg) {
693688 append .getDeclaringType ( ) .hasQualifiedName ( "java.io" , "StringWriter" )
694689 )
695690 or
696- method
697- .getDeclaringType ( )
698- .getASourceSupertype * ( )
699- .hasQualifiedName ( "android.database.sqlite" , "SQLiteQueryBuilder" ) and
691+ method .getDeclaringType ( ) .getASourceSupertype * ( ) instanceof TypeSQLiteQueryBuilder and
700692 // setProjectionMap(Map<String, String> columnMap)
701693 // setTables(String inTables)
702694 // appendWhere(CharSequence inWhere)
0 commit comments