Fix SqlConcatenated

egregius313 · egregius313 · commit 3d033fd72768 · 2023-03-27T13:06:31.000-04:00
diff --git a/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql b/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
@@ -48,6 +48,6 @@ where
       UncontrolledStringBuilderSourceFlow::flow(DataFlow::exprNode(sbv.getToStringCall()), query)
     )
   ) and
-  not queryTaintedBy(query, _, _)
+  not queryIsTaintedBy(query, _, _)
 select query, "Query built by concatenation with $@, which may be untrusted.", uncontrolled,
   "this expression"

Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,6 @@ where`
`48`	`48`	`UncontrolledStringBuilderSourceFlow::flow(DataFlow::exprNode(sbv.getToStringCall()), query)`
`49`	`49`	`)`
`50`	`50`	`) and`
`51`		`- not queryTaintedBy(query, _, _)`
	`51`	`+ not queryIsTaintedBy(query, _, _)`
`52`	`52`	`select query, "Query built by concatenation with $@, which may be untrusted.", uncontrolled,`
`53`	`53`	`"this expression"`