Restrict source configuration to return nodes

Benjamin Muskalla · Benjamin Muskalla · commit ca9d5439f0b7 · 2021-11-10T16:30:20.000+01:00
diff --git a/java/ql/src/utils/model-generator/CaptureSourceModels.ql b/java/ql/src/utils/model-generator/CaptureSourceModels.ql
@@ -12,6 +12,7 @@ private import semmle.code.java.dataflow.ExternalFlow
 private import ModelGeneratorUtils
 private import semmle.code.java.dataflow.internal.FlowSummaryImplSpecific
 private import semmle.code.java.dataflow.internal.FlowSummaryImpl
+private import semmle.code.java.dataflow.internal.DataFlowImplCommon
 
 class FromSourceConfiguration extends TaintTracking::Configuration {
   FromSourceConfiguration() { this = "FromSourceConfiguration" }
@@ -20,6 +21,7 @@ class FromSourceConfiguration extends TaintTracking::Configuration {
 
   override predicate isSink(DataFlow::Node sink) {
     exists(Callable c |
+      sink instanceof ReturnNodeExt and
       sink.asExpr().getEnclosingCallable() = c and
       c.isPublic() and
       c.fromSource()
