Java: adjust wrapped constructor calls

Author: tamasvajk

java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll

@@ -243,28 +243,28 @@ private predicate summaryModelCsv(string row) {
       "org.apache.commons.io;IOUtils;false;writeLines;;;Argument[0];Argument[2];taint",
       "org.apache.commons.io;IOUtils;false;writeLines;;;Argument[1];Argument[2];taint",
       // constructor flow
-      "java.io;File;false;File;;;Argument[0];ReturnValue;taint",
-      "java.io;File;false;File;;;Argument[1];ReturnValue;taint",
-      "java.net;URI;false;URI;(String);;Argument[0];ReturnValue;taint",
-      "javax.xml.transform.stream;StreamSource;false;StreamSource;;;Argument[0];ReturnValue;taint",
-      "javax.xml.transform.sax;SAXSource;false;SAXSource;(InputSource);;Argument[0];ReturnValue;taint",
-      "javax.xml.transform.sax;SAXSource;false;SAXSource;(XMLReader,InputSource);;Argument[1];ReturnValue;taint",
-      "org.xml.sax;InputSource;false;InputSource;;;Argument[0];ReturnValue;taint",
-      "javax.servlet.http;Cookie;false;Cookie;;;Argument[0];ReturnValue;taint",
-      "javax.servlet.http;Cookie;false;Cookie;;;Argument[1];ReturnValue;taint",
-      "java.util.zip;ZipInputStream;false;ZipInputStream;;;Argument[0];ReturnValue;taint",
-      "java.util.zip;GZIPInputStream;false;GZIPInputStream;;;Argument[0];ReturnValue;taint",
-      "java.util;StringTokenizer;false;StringTokenizer;;;Argument[0];ReturnValue;taint",
-      "java.beans;XMLDecoder;false;XMLDecoder;;;Argument[0];ReturnValue;taint",
-      "com.esotericsoftware.kryo.io;Input;false;Input;;;Argument[0];ReturnValue;taint",
-      "java.io;BufferedInputStream;false;BufferedInputStream;;;Argument[0];ReturnValue;taint",
-      "java.io;DataInputStream;false;DataInputStream;;;Argument[0];ReturnValue;taint",
-      "java.io;ByteArrayInputStream;false;ByteArrayInputStream;;;Argument[0];ReturnValue;taint",
-      "java.io;ObjectInputStream;false;ObjectInputStream;;;Argument[0];ReturnValue;taint",
-      "java.io;StringReader;false;StringReader;;;Argument[0];ReturnValue;taint",
-      "java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];ReturnValue;taint",
-      "java.io;BufferedReader;false;BufferedReader;;;Argument[0];ReturnValue;taint",
-      "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];ReturnValue;taint"
+      "java.io;File;false;File;;;Argument[0];Argument[-1];taint",
+      "java.io;File;false;File;;;Argument[1];Argument[-1];taint",
+      "java.net;URI;false;URI;(String);;Argument[0];Argument[-1];taint",
+      "javax.xml.transform.stream;StreamSource;false;StreamSource;;;Argument[0];Argument[-1];taint",
+      "javax.xml.transform.sax;SAXSource;false;SAXSource;(InputSource);;Argument[0];Argument[-1];taint",
+      "javax.xml.transform.sax;SAXSource;false;SAXSource;(XMLReader,InputSource);;Argument[1];Argument[-1];taint",
+      "org.xml.sax;InputSource;false;InputSource;;;Argument[0];Argument[-1];taint",
+      "javax.servlet.http;Cookie;false;Cookie;;;Argument[0];Argument[-1];taint",
+      "javax.servlet.http;Cookie;false;Cookie;;;Argument[1];Argument[-1];taint",
+      "java.util.zip;ZipInputStream;false;ZipInputStream;;;Argument[0];Argument[-1];taint",
+      "java.util.zip;GZIPInputStream;false;GZIPInputStream;;;Argument[0];Argument[-1];taint",
+      "java.util;StringTokenizer;false;StringTokenizer;;;Argument[0];Argument[-1];taint",
+      "java.beans;XMLDecoder;false;XMLDecoder;;;Argument[0];Argument[-1];taint",
+      "com.esotericsoftware.kryo.io;Input;false;Input;;;Argument[0];Argument[-1];taint",
+      "java.io;BufferedInputStream;false;BufferedInputStream;;;Argument[0];Argument[-1];taint",
+      "java.io;DataInputStream;false;DataInputStream;;;Argument[0];Argument[-1];taint",
+      "java.io;ByteArrayInputStream;false;ByteArrayInputStream;;;Argument[0];Argument[-1];taint",
+      "java.io;ObjectInputStream;false;ObjectInputStream;;;Argument[0];Argument[-1];taint",
+      "java.io;StringReader;false;StringReader;;;Argument[0];Argument[-1];taint",
+      "java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];Argument[-1];taint",
+      "java.io;BufferedReader;false;BufferedReader;;;Argument[0];Argument[-1];taint",
+      "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint"
     ]
 }
 
@@ -697,15 +697,3 @@ predicate summaryStep(Node node1, Node node2, string kind) {
     interpretOutput(output, 0, ref, TNode(node2))
   )
 }
-
-/**
- * Holds if `node1` to `node2` is specified as a flow step with the given kind, input and output
- * in a CSV flow model.
- */
-predicate summaryStep(Node node1, Node node2, string kind, string input, string output) {
-  exists(Top ref |
-    summaryElementRef(ref, input, output, kind) and
-    interpretInput(input, 0, ref, TNode(node1)) and
-    interpretOutput(output, 0, ref, TNode(node2))
-  )
-}

java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll

@@ -166,9 +166,6 @@ private predicate inputStreamWrapper(Constructor c, int argi) {
 /** An object construction that preserves the data flow status of any of its arguments. */
 private predicate constructorStep(Expr tracked, ConstructorCall sink) {
   exists(int argi | sink.getArgument(argi) = tracked |
-    summaryStep(any(DataFlow::Node n | n.asExpr() = tracked),
-      any(DataFlow::Node n | n.asExpr() = sink), "taint", "Argument(" + argi + ")", "ReturnValue")
-    or
     // wrappers constructed by extension
     exists(Constructor c, Parameter p, SuperConstructorInvocationStmt sup |
       c = sink.getConstructor() and