Java/ImproperValidationOfArrayConstructionFlow

java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql

Author: d10c

java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll

@@ -18,6 +18,8 @@ module ImproperValidationOfArrayConstructionConfig implements DataFlow::ConfigSi
   predicate observeDiffInformedIncrementalMode() { any() }
 
   Location getASelectedSinkLocation(DataFlow::Node sink) {
+    result = sink.getLocation()
+    or
     exists(ArrayCreationExpr arrayCreation, CheckableArrayAccess arrayAccess |
       result = [arrayCreation, arrayAccess.getIndexExpr()].getLocation() and
       arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), arrayCreation)