Merge pull request #16500 from aschackmull/java/static-field-side-effect

Java: Add support for flow through side-effects on static fields.
2026-04-26 01:05:15 +02:00 · 2024-05-24 09:19:31 +02:00
parent 78d4745722 1bc3f6b0e7
commit 5a7174dcbb
4 changed files with 31 additions and 1 deletions
--- a/java/ql/lib/change-notes/2024-05-15-static-field-side-effect.md
+++ b/java/ql/lib/change-notes/2024-05-15-static-field-side-effect.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Added support for data flow through side-effects on static fields. For example, when a static field containing an array is updated.
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
@@ -40,8 +40,11 @@ private predicate fieldStep(Node node1, Node node2) {
  exists(Field f |
    // Taint fields through assigned values only if they're static
    f.isStatic() and
-    f.getAnAssignedValue() = node1.asExpr() and
    node2.(FieldValueNode).getField() = f
+  |
+    f.getAnAssignedValue() = node1.asExpr()
+    or
+    f.getAnAccess() = node1.(PostUpdateNode).getPreUpdateNode().asExpr()
  )
  or
  exists(Field f, FieldRead fr |