To find sources of the tainted data, we'll be looking for first parameters of isValid() methods that override a method with the same name declared in ConstraintValidator interface.
Let's define a subclass of Method for methods of interest:
class UnsafeValidationMethod extends Method {