Don't track taint on Map keys

aibaars · aibaars · commit 5fff41f35b7d · 2020-07-03T14:47:25.000+02:00
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll b/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
@@ -169,7 +169,7 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) {
     method
         .hasName(["checkedCollection", "checkedList", "checkedMap", "checkedNavigableMap",
               "checkedNavigableSet", "checkedSet", "checkedSortedMap", "checkedSortedSet",
-              "enumeration", "list", "max", "min", "singleton", "singletonList", "singletonMap",
+              "enumeration", "list", "max", "min", "singleton", "singletonList",
               "synchronizedCollection", "synchronizedList", "synchronizedMap",
               "synchronizedNavigableMap", "synchronizedNavigableSet", "synchronizedSet",
               "synchronizedSortedMap", "synchronizedSortedSet", "unmodifiableCollection",
diff --git a/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.expected b/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.expected
@@ -11,7 +11,6 @@
 | CollectionsTest.java:13:19:13:22 | list | CollectionsTest.java:13:3:13:23 | min(...) |
 | CollectionsTest.java:14:27:14:30 | list | CollectionsTest.java:14:3:14:31 | enumeration(...) |
 | CollectionsTest.java:15:20:15:30 | enumeration | CollectionsTest.java:15:3:15:31 | list(...) |
-| CollectionsTest.java:16:28:16:32 | "key" | CollectionsTest.java:16:3:16:42 | singletonMap(...) |
 | CollectionsTest.java:16:35:16:41 | "value" | CollectionsTest.java:16:3:16:42 | singletonMap(...) |
 | CollectionsTest.java:17:26:17:30 | other | CollectionsTest.java:17:20:17:23 | list [post update] |
 | CollectionsTest.java:18:27:18:32 | "item" | CollectionsTest.java:18:3:18:33 | nCopies(...) |
