Java/ImproperValidationOfArrayConstructionCodeSpecifiedQuery

java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql

Author: d10c

java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionCodeSpecifiedQuery.qll

@@ -21,6 +21,8 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig {
   predicate observeDiffInformedIncrementalMode() { any() }
 
   Location getASelectedSinkLocation(DataFlow::Node sink) {
+    result = sink.getLocation()
+    or
     exists(ArrayCreationExpr arrayCreation, CheckableArrayAccess arrayAccess |
       result = [arrayCreation, arrayAccess.getIndexExpr()].getLocation() and
       arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), arrayCreation)