From 11992404ec3bb368a4e3455d260532819a8defd4 Mon Sep 17 00:00:00 2001
From: Fosstars <artem.smotrakov@gmail.com>
Date: Sat, 14 Aug 2021 12:18:02 +0200
Subject: [PATCH] Be precise when checking for Cipher.ENCRYPT_MODE

---
 .../code/java/security/StaticInitializationVectorQuery.qll  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll b/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll
index 40860075f88..66ebb38a521 100644
--- a/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll
+++ b/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll
@@ -102,7 +102,11 @@ private class EncryptionModeConfig extends TaintTracking2::Configuration {
   EncryptionModeConfig() { this = "EncryptionModeConfig" }
 
   override predicate isSource(DataFlow::Node source) {
-    source.asExpr().(VarAccess).getVariable().hasName("ENCRYPT_MODE")
+    source
+        .asExpr()
+        .(FieldRead)
+        .getField()
+        .hasQualifiedName("javax.crypto", "Cipher", "ENCRYPT_MODE")
   }
 
   override predicate isSink(DataFlow::Node sink) {