Update TP: Java: Multiple patterns / confounding factor / generics

[vlkl-sap]

Testability pattern

Consider 103_arrays_aslist:

sast-testability-patterns/JAVA/103_arrays_aslist/1_instance_103_arrays_aslist/src/QuickServlet.java

Lines 11 to 14 in 9691405

	String s = request.getParameter("t1");
	String [] stringArr = {s};
	List l = Arrays.asList(stringArr);
	response.getWriter().write(l.get(0).toString());

Problem statement

Some tools are apparently tripping up on the fact that l is declared as a List rather than a List<String>, i.e., they fail to track the full type of the list object that l points to. This failure has nothing to do with the intent of the pattern and should be tested for in a separate pattern, but not here.

In other tools, this failure could be masked, if they assume that toString() propagates taint for all objects.

There are also other patterns/instances that have the same problem, but I did not bother to review them all. Candidates:
102_collection_taint_propagation, 24_arraylist

Proposed changes

Other