Merge pull request #4989 from lcartey/lcartey/spring-inheritence-improvements

Java: Track taint through Spring Java bean getters on super types

Author: aschackmull

java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll

@@ -345,7 +345,9 @@ private predicate taintPreservingQualifierToMethod(Method m) {
   m.getDeclaringType() instanceof TypeUri and
   m.hasName("toURL")
   or
-  m instanceof GetterMethod and m.getDeclaringType() instanceof SpringUntrustedDataType
+  m instanceof GetterMethod and
+  m.getDeclaringType().getASubtype*() instanceof SpringUntrustedDataType and
+  not m.getDeclaringType() instanceof TypeObject
   or
   m.getDeclaringType() instanceof SpringHttpEntity and
   m.getName().regexpMatch("getBody|getHeaders")