Skip to content

Commit ed19870

Browse files
jorgectfjorgectf
committed
Refactor MyBatisAbstractSQLMethodsStep
Set output to `Argument[-1]` instead of `ReturnValue` to be able to get rid of `MyBatisAbstractSQLAnonymousClassStep`. Thanks @pwntester!
1 parent 9aa440e commit ed19870

File tree

1 file changed

+1
-12
lines changed

1 file changed

+1
-12
lines changed

java/ql/lib/semmle/code/java/frameworks/MyBatis.qll

Lines changed: 1 addition & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -194,18 +194,7 @@ private class MyBatisAbstractSQLMethodsStep extends SummaryModelCsv {
194194
exists(MyBatisAbstractSQLMethod m |
195195
row =
196196
"org.apache.ibatis.jdbc;AbstractSQL;true;" + m.getName() + ";(" + m.getCsvSignature() +
197-
");;" + m.getTaintedArgs() + ";ReturnValue;taint"
198-
)
199-
}
200-
}
201-
202-
private class MyBatisAbstractSQLAnonymousClassStep extends TaintTracking::AdditionalTaintStep {
203-
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
204-
exists(MethodAccess ma, ClassInstanceExpr c |
205-
ma.getMethod() instanceof MyBatisAbstractSQLMethod and
206-
c.getAnonymousClass().getACallable() = ma.getCaller() and
207-
node1.asExpr() = ma and
208-
node2.asExpr() = c
197+
");;" + m.getTaintedArgs() + ";Argument[-1];taint"
209198
)
210199
}
211200
}

0 commit comments

Comments
 (0)