Spring RestController - java.util.Optional not recognized

version: 9.9 Datacenter Edition (deployed as zip)

When using java.util.Optional with Spring RestController, it is not recognized as tainted source.

sample code:

public class TestController {
	public String test(@PathVariable String value1, @PathVariable Optional<String> value2) {
		File file1 = new File(value1.get());
		file1.delete(); // detected by javasecurity:S2083

		File file2 = new File(value2);
		file2.delete(); // not detected by javasecurity:S2083

		return "done";

Hello Roman,

Thanks a lot for the report and nice reproducer! I have created an internal ticket to tackle this problem. I also think it makes sense to add Optional as a passthrough, as you wrote in the other post. But to raise an issue here, we will have to do some additional changes in the analyzer.