Sync SqlTaintedLocalQuery with SqlInjectionQuery

egregius313 · egregius313 · commit ef282955fdcc · 2023-10-12T09:58:08.000-04:00
diff --git a/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll b/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll
@@ -17,7 +17,9 @@ module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
 
   predicate isBarrier(DataFlow::Node node) {
-    node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
+    node.getType() instanceof PrimitiveType or
+    node.getType() instanceof BoxedType or
+    node.getType() instanceof NumberType
   }
 
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,9 @@ module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {`
`17`	`17`	`predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }`
`18`	`18`
`19`	`19`	`predicate isBarrier(DataFlow::Node node) {`
`20`		`- node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType`
	`20`	`+ node.getType() instanceof PrimitiveType or`
	`21`	`+ node.getType() instanceof BoxedType or`
	`22`	`+ node.getType() instanceof NumberType`
`21`	`23`	`}`
`22`	`24`
`23`	`25`	`predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {`