@@ -140,7 +140,7 @@ class CopyWithin extends SummarizedCallable {
140140 input = "Argument[this].WithArrayElement" and
141141 output = "ReturnValue"
142142 or
143- // TODO: workaround for WithArrayElement not being converted to a taint step
143+ // Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step
144144 preservesValue = false and
145145 input = "Argument[this]" and
146146 output = "ReturnValue"
@@ -186,7 +186,7 @@ class Filter extends SummarizedCallable {
186186 output = "ReturnValue"
187187 )
188188 or
189- // TODO: workaround for WithArrayElement not being converted to a taint step
189+ // Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step
190190 preservesValue = false and
191191 input = "Argument[this]" and
192192 output = "ReturnValue"
@@ -328,10 +328,7 @@ class From1Arg extends SummarizedCallable {
328328 output = "ReturnValue[exception]"
329329 )
330330 or
331- // TODO: we currently convert ArrayElement read/store steps to taint steps, but this does not
332- // work for WithArrayElement because it's just an expectsContent node, and there's no way easy
333- // to omit the expectsContent restriction in taint tracking.
334- // Work around this for now.
331+ // Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step
335332 preservesValue = false and
336333 input = "Argument[0]" and
337334 output = "ReturnValue"
@@ -561,7 +558,7 @@ class ArrayCoercionPackage extends FunctionalPackageSummary {
561558 output = "ReturnValue.ArrayElement"
562559 )
563560 or
564- // TODO: workaround for WithArrayElement not being converted to a taint step
561+ // Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step
565562 preservesValue = false and
566563 input = "Argument[0]" and
567564 output = "ReturnValue"
0 commit comments