Java: TaintTrackingUtil.qll ObjectInputStream.read% taint is faulty #4591
Description
TraintTrackingUtil.qll currently models that all ObjectInputStream read% methods preserve tainted data:
codeql/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
Lines 323 to 324 in cb527ca
As pointed out in #4582 (comment), this logic is likely faulty because read(byte[], int, int) returns the number of read bytes which therefore should not represent tainted data.