Java: Pass taint through Apache's StringEscapeUtils.escapeJson() method.

Sebastian Bauersfeld · Sebastian Bauersfeld · commit e2a9ced69162 · 2022-01-11T15:49:44.000+07:00
diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll b/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll
@@ -73,6 +73,15 @@ private class ApacheArrayUtilsModel extends SummaryModelCsv {
   }
 }
 
+private class ApacheStringEscapeUtilsModel extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "org.apache.commons.lang3;StringEscapeUtils;false;escapeJson;;;Argument[0];ReturnValue;taint"
+      ]
+  }
+}
+
 private class ApacheStringUtilsModel extends SummaryModelCsv {
   override predicate row(string row) {
     row =
