feat(analyzer): Fix #156

core/opentaint-dataflow-core/opentaint-dataflow/src/main/kotlin/org/opentaint/dataflow/ap/ifds/taint/ExternalMethodTracker.kt

@@ -7,7 +7,7 @@ import java.util.concurrent.atomic.AtomicBoolean
 import java.util.concurrent.atomic.AtomicInteger
 
 class ExternalMethodTracker {
-    private val seen = ConcurrentHashMap.newKeySet<String>()
+    private val trackingDisabled = ConcurrentHashMap.newKeySet<String>()
     private val records = ConcurrentHashMap<String, ExternalMethodAggregation>()
 
     fun trackExternalMethod(
@@ -16,10 +16,9 @@ class ExternalMethodTracker {
         factPosition: String,
         rulesApplied: Boolean,
     ) {
-        val dedupKey = "$method|$signature|$factPosition"
-        if (!seen.add(dedupKey)) return
-
         val methodKey = "$method|$signature"
+        if (trackingDisabled.contains(methodKey)) return
+
         records.computeIfAbsent(methodKey) {
             ExternalMethodAggregation(method, signature)
         }.apply {
@@ -29,6 +28,12 @@ class ExternalMethodTracker {
         }
     }
 
+    fun untrackMethod(method: String, signature: String) {
+        val methodKey = "$method|$signature"
+        trackingDisabled.add(methodKey)
+        records.remove(methodKey)
+    }
+
     fun getExternalMethods(): SkippedExternalMethods {
         val withoutRules = mutableListOf<ExternalMethodRecord>()
         val withRules = mutableListOf<ExternalMethodRecord>()

core/opentaint-dataflow-core/opentaint-jvm-dataflow/src/main/kotlin/org/opentaint/dataflow/jvm/ap/ifds/analysis/JIRAnalysisManager.kt

@@ -70,7 +70,7 @@ class JIRAnalysisManager(
         jIRDowncast<JIRUnitResolver>(unitResolver)
 
         val jIRCallResolver = JIRCallResolver(cp, unitResolver)
-        return JIRMethodCallResolver(jIRCallResolver, runner)
+        return JIRMethodCallResolver(jIRCallResolver, runner, externalMethodTracker)
     }
 
     override fun getMethodAnalysisContext(

core/opentaint-dataflow-core/opentaint-jvm-dataflow/src/main/kotlin/org/opentaint/dataflow/jvm/ap/ifds/analysis/JIRMethodCallResolver.kt

@@ -15,6 +15,7 @@ import org.opentaint.dataflow.ap.ifds.TypeInfoGroupAccessor
 import org.opentaint.dataflow.ap.ifds.analysis.MethodAnalysisContext
 import org.opentaint.dataflow.ap.ifds.analysis.MethodCallResolver
 import org.opentaint.dataflow.ap.ifds.analysis.MethodCallResolver.MethodCallResolutionResult
+import org.opentaint.dataflow.ap.ifds.taint.ExternalMethodTracker
 import org.opentaint.dataflow.call.tryExtractCallTypeInfo
 import org.opentaint.dataflow.jvm.ap.ifds.JIRCallResolver
 import org.opentaint.dataflow.jvm.ap.ifds.JIRLambdaTracker
@@ -34,6 +35,7 @@ import org.opentaint.ir.api.jvm.ext.findMethodOrNull
 class JIRMethodCallResolver(
     val callResolver: JIRCallResolver,
     val runner: TaintAnalysisUnitRunner,
+    val externalMethodTracker: ExternalMethodTracker?
 ) : MethodCallResolver {
     override fun resolveMethodCall(
         callerContext: MethodAnalysisContext,
@@ -126,6 +128,12 @@ class JIRMethodCallResolver(
                 return@tryExtractCallTypeInfo
             }
 
+            externalMethodTracker?.apply {
+                val methodName = "${lambdaMethod.enclosingClass.name}#${lambdaMethod.name}"
+                val methodDesc = lambdaMethod.description
+                untrackMethod(methodName, methodDesc)
+            }
+
             lambdaResolver.addLambda(cls)
         }
     }

core/src/main/kotlin/org/opentaint/jvm/sast/project/spring/SpringRuleProvider.kt

@@ -169,6 +169,8 @@ class SpringRuleProvider(
     private fun RepositoryMethodInfo.actions(): List<CopyAllMarks>? {
         val actions = mutableListOf<CopyAllMarks>()
         val repoPos = PositionWithAccess(This, repositoryContent)
+        actions += CopyAllMarks(This, This)
+
         when (kind) {
             SpringRepoQueryKind.SAVE -> {
                 val entityPos = Argument(0)