github · smowton · Apr 9, 2025 · Apr 9, 2025 · Apr 9, 2025 · Apr 9, 2025
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Enum-typed values are now assumed to be safe by most queries. This means that queries may return less results where an enum value is used in a sensitive context, e.g. pasted into a query string.
@@ -23,6 +23,7 @@ class SimpleTypeSanitizer extends DataFlow::Node {
     this.getType()
         .(RefType)
         .getASourceSupertype*()
-        .hasQualifiedName("java.time.temporal", "TemporalAccessor")
+        .hasQualifiedName("java.time.temporal", "TemporalAccessor") or
+    this.getType() instanceof EnumType
   }
 }