Migrate String constructor to model

Benjamin Muskalla · Benjamin Muskalla · commit e0d978fd5850 · 2021-09-01T15:41:13.000+02:00
diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
@@ -10,6 +10,7 @@ private import semmle.code.java.dataflow.DataFlow
  * ensuring that they are visible to the taint tracking library.
  */
 private module Frameworks {
+  private import semmle.code.java.Strings
   private import semmle.code.java.frameworks.jackson.JacksonSerializability
   private import semmle.code.java.frameworks.android.Intent
   private import semmle.code.java.frameworks.android.SQLite
@@ -108,12 +109,6 @@ private class StringTaintPreservingMethod extends TaintPreservingCallable {
   }
 }
 
-private class StringTaintPreservingConstructor extends Constructor, TaintPreservingCallable {
-  StringTaintPreservingConstructor() { this.getDeclaringType() instanceof TypeString }
-
-  override predicate returnsTaintFrom(int arg) { arg = 0 }
-}
-
 private class NumberTaintPreservingCallable extends TaintPreservingCallable {
   int argument;
 
diff --git a/java/ql/src/semmle/code/java/Strings.qll b/java/ql/src/semmle/code/java/Strings.qll
@@ -0,0 +1,14 @@
+/** Definitions of taint steps in String and String-related classes of the JDK */
+
+import java
+private import semmle.code.java.dataflow.ExternalFlow
+
+private class StringSummaryCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        //`namespace; type; subtypes; name; signature; ext; input; output; kind`
+        "java.lang;String;false;String;;;Argument[0];Argument[-1];taint"
+      ]
+  }
+}
