Java: Allow taint-read-steps for array sources.

aschackmull · aschackmull · commit 11665bea0abe · 2025-10-07T10:10:02.000+02:00
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -655,6 +655,8 @@ private SrcRefType entrypointType() {
   )
   or
   result = entrypointType().getAField().getType().(RefType).getSourceDeclaration()
+  or
+  result = entrypointType().(Array).getElementType().(RefType).getSourceDeclaration()
 }
 
 private predicate entrypointFieldStep(DataFlow::Node src, DataFlow::Node sink) {

Original file line number	Diff line number	Diff line change
`@@ -655,6 +655,8 @@ private SrcRefType entrypointType() {`
`655`	`655`	`)`
`656`	`656`	`or`
`657`	`657`	`result = entrypointType().getAField().getType().(RefType).getSourceDeclaration()`
	`658`	`+ or`
	`659`	`+ result = entrypointType().(Array).getElementType().(RefType).getSourceDeclaration()`
`658`	`660`	`}`
`659`	`661`
`660`	`662`	`private predicate entrypointFieldStep(DataFlow::Node src, DataFlow::Node sink) {`