Node type restriction

haby0 · haby0 · commit b0f745365d89 · 2021-04-28T14:32:25.000+08:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql b/java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql
@@ -35,6 +35,12 @@ class UseOfLessTrustedSourceConfig extends TaintTracking::Configuration {
       ma.getMethod() instanceof SplitMethod and
       not aa.getIndexExpr().(CompileTimeConstantExpr).getIntValue() = 0
     )
+    or
+    node.getType().hasName("Object")
+    or
+    node.getType() instanceof PrimitiveType
+    or
+    node.getType() instanceof BoxedType
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,12 @@ class UseOfLessTrustedSourceConfig extends TaintTracking::Configuration {`
`35`	`35`	`ma.getMethod() instanceof SplitMethod and`
`36`	`36`	`not aa.getIndexExpr().(CompileTimeConstantExpr).getIntValue() = 0`
`37`	`37`	`)`
	`38`	`+ or`
	`39`	`+ node.getType().hasName("Object")`
	`40`	`+ or`
	`41`	`+ node.getType() instanceof PrimitiveType`
	`42`	`+ or`
	`43`	`+ node.getType() instanceof BoxedType`
`38`	`44`	`}`
`39`	`45`	`}`
`40`	`46`