Non-safe string is passed to safe method

Reports cases when a non-safe object is passed to a method with a parameter marked with @Untainted annotations, returned from annotated methods or assigned to annotated fields, parameters, or local variables. Kotlin set and get methods for fields are not supported as entry points.

A safe object (in the same class) is:

a string literal, interface instance, or enum object
a call result of a method that is marked as @Untainted
a private field, which is assigned only with a string literal and has a safe initializer
a final field, which has a safe initializer
local variable or parameter that are marked as @Untainted and are not assigned from non-safe objects

This field, local variable, or parameter must not be passed as arguments to methods or used as a qualifier or must be a primitive, its wrapper or immutable. Also static final fields are considered as safe.

The analysis is performed only inside one file. To process dependencies from other classes, use options. The analysis extends to private or static methods and has a limit of depth propagation.

Example:

  void doSmth(boolean b) {
    String s = safe();
    String s1 = "other";
    if (b) s1 = s;
    sink(s);
  }

  String sink(@Untainted String s) {}

Here we do not have non-safe string assignments to s so a warning is not produced. On the other hand:

  void doSmth(boolean b) {
    String s = safe();
    String s1 = "other";
    s1 = foo();
    if (b) s = s1;
    sink(s);        // warning here
  }

  String foo();

  String sink(@Untainted String s) {}

Here we have a warning since s1 has an unknown state after foo call result assignment.

Locating this inspection

By ID

Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.

tainting

Via Settings dialog

Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.

Settings or Preferences | Editor | Inspections | JVM languages

Inspection ID: SourceToSinkFlow

New in 2021.2

Inspection options

Here you can find the description of settings available for the Non-safe string is passed to safe method inspection, and the reference of their default values.

Tainted annotations

Option ID:

taintedAnnotations

Default value:

[javax.annotation.Tainted, org.checkerframework.checker.tainting.qual.Tainted]

Untainted annotations

Option ID:

untaintedAnnotations

Default value:

[javax.annotation.Untainted, org.checkerframework.checker.tainting.qual.Untainted]

Consider external methods untainted if receivers and arguments are untainted

Option ID:

processOuterMethodAsQualifierAndArguments

Default value:

Selected

Safe classes

Option ID:

skipClasses

Default value:

[java.lang.Boolean, boolean, kotlin.Boolean, java.lang.Class, kotlin.reflect.KClass]

Consider parameters of private methods as safe

Option ID:

parameterOfPrivateMethodIsUntainted

Default value:

Not selected

Report if the case is too complex to check

Option ID:

warnIfComplex

Default value:

Not selected

Checked types

Option ID:

checkedTypes

Default value:

[java.lang.String]

Analysis Depth inside the method

Option ID:

depthInside

Default value:

Report unknown object

Option ID:

showUnknownObject

Default value:

Selected

Report unsafe object

Option ID:

showUnsafeObject

Default value:

Selected

Tainted parameters

Class Name

Option ID:

taintedParameterMethodClass

Default value:

None

Method Name Regex

Option ID:

taintedParameterMethodName

Default value:

None

Parameter Index

Option ID:

taintedParameterIndex

Default value:

None

Untainted parameters

Class Name

Option ID:

untaintedParameterMethodClass

Default value:

None

Method Name Regex

Option ID:

untaintedParameterMethodName

Default value:

None

Parameter Index

Option ID:

untaintedParameterIndex

Default value:

None

Untainted parameters

Class Name

Option ID:

untaintedParameterWithPlaceMethodClass

Default value:

None

Method Name Regex

Option ID:

untaintedParameterWithPlaceMethodName

Default value:

None

Parameter Index

Option ID:

untaintedParameterWithPlaceIndex

Default value:

None

Class Name Of Context

Option ID:

untaintedParameterWithPlacePlaceClass

Default value:

None

Method Name Regex Of Context

Option ID:

untaintedParameterWithPlacePlaceMethod

Default value:

None

Tainted methods

Class Name

Option ID:

myTaintedMethodMatcher.myClassNames

Default value:

None

Method Name Regex

Option ID:

myTaintedMethodMatcher.myMethodNamePatterns

Default value:

None

Untainted methods

Class Name

Option ID:

myUntaintedMethodMatcher.myClassNames

Default value:

None

Method Name Regex

Option ID:

myUntaintedMethodMatcher.myMethodNamePatterns

Default value:

None

Untainted fields

Class Name

Option ID:

myUntaintedFieldClasses

Default value:

None

Field Name

Option ID:

myUntaintedFieldNames

Default value:

None

Methods to clean qualifiers

Classes

Option ID:

qualifierCleanerClass

Default value:

None

Methods

Option ID:

qualifierCleanerMethod

Default value:

None

Arguments

Option ID:

qualifierCleanerParams

Default value:

None

Suppressing Inspection

You can suppress this inspection by placing the following comment marker before the code fragment where you no longer want messages from this inspection to appear:

//noinspection tainting

More detailed instructions as well as other ways and options that you have can be found in the product documentation:

IntelliJ IDEA 2025.3

Inspection Details
By default bundled with:	IntelliJ IDEA 2025.3, Qodana for JVM 2025.3,

Last modified: 04 March 2026