Add UUID and Date to the list of types in the SimpleTypeSanitizer class

egregius313 · egregius313 · commit dca24ded1890 · 2024-01-23T13:36:03.000-05:00
diff --git a/java/ql/lib/semmle/code/java/security/Sanitizers.qll b/java/ql/lib/semmle/code/java/security/Sanitizers.qll
@@ -4,12 +4,15 @@ import java
 private import semmle.code.java.dataflow.DataFlow
 
 /**
- * A node whose type is a simple type unlikely to carry taint, such as primitives or their boxed counterparts.
+ * A node whose type is a simple type unlikely to carry taint, such as primitives and their boxed counterparts,
+ * `java.util.UUID` and `java.util.Date`.
  */
 class SimpleTypeSanitizer extends DataFlow::Node {
   SimpleTypeSanitizer() {
     this.getType() instanceof PrimitiveType or
     this.getType() instanceof BoxedType or
-    this.getType() instanceof NumberType
+    this.getType() instanceof NumberType or
+    this.getType().(RefType).hasQualifiedName("java.util", "UUID") or
+    this.getType().(RefType).hasQualifiedName("java.util", "Date")
   }
 }
