From ef0c6d01eb72e728033e661641471a5b72b7c73e Mon Sep 17 00:00:00 2001
From: Anders Schack-Mulligen <schack@semmle.com>
Date: Thu, 22 Aug 2019 16:38:59 +0200
Subject: [PATCH] Java: Add a global extension point for taint steps.

---
 .../java/dataflow/internal/TaintTrackingUtil.qll | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
index 19764af049c..1aa4c589ee2 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -40,12 +40,26 @@ predicate localAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) {
   )
 }
 
+/**
+ * A `DataFlow::Node` that is the origin of a taint step.
+ *
+ * Extend this class to add additional taint steps that should apply to all
+ * taint configurations.
+ */
+abstract class AdditionalTaintStepNode extends DataFlow::Node {
+  /**
+   * Gets a `DataFlow::Node` that this node can step to in one taint step.
+   */
+  abstract DataFlow::Node step();
+}
+
 /**
  * Holds if the additional step from `src` to `sink` should be included in all
  * global taint flow configurations.
  */
 predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) {
-  localAdditionalTaintStep(src, sink)
+  localAdditionalTaintStep(src, sink) or
+  src.(AdditionalTaintStepNode).step() = sink
 }
 
 /**