Only consider store steps

Author: Benjamin Muskalla

java/ql/src/utils/model-generator/CaptureSummaryModels.ql

@@ -158,9 +158,9 @@ class ParameterToReturnValueTaintConfig extends TaintTracking::Configuration {
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof ReturnNode }
 
-  // track taint across objects so we consider factory methods returning newly tainted objects
+  // consider store steps to track taint across objects to model factory methods returning tainted objects
   override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node2.asExpr().(ConstructorCall).getAnArgument() = node1.asExpr()
+    store(node1, _, node2, _)
   }
 
   override DataFlow::FlowFeature getAFeature() {

java/ql/test/utils/model-generator/CaptureSummaryModels.expected

@@ -44,4 +44,3 @@
 | p;Pojo;false;getValue;();;Argument[-1];ReturnValue;taint |
 | p;Pojo;false;setValue;(String);;Argument[0];Argument[-1];taint |
 | p;PrivateFlowViaPublicInterface;true;createAnSPI;(File);;Argument[0];ReturnValue;taint |
-| p;PrivateFlowViaPublicInterface;true;createAnSPIWithoutTrackingFile;(File);;Argument[0];ReturnValue;taint |