From 73fa680224694716dab5cc775a4587979121a384 Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Mon, 26 Apr 2021 15:38:12 +0100
Subject: [PATCH] Add support for CSV-specified flow to or from fields.

---
 .../dataflow/internal/FlowSummaryImplSpecific.qll  | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/java/ql/src/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll b/java/ql/src/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll
index d28dd2206ac..bf6556712da 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -70,9 +70,23 @@ predicate summaryElement(DataFlowCallable c, string input, string output, string
   )
 }
 
+bindingset[name]
+private FieldContent interpretField(string name) {
+  exists(string splitRegex, string package, string className, string fieldName |
+    splitRegex = "^(.*)\\.([^.]+)\\.([^.]+)$" and
+    package = name.regexpCapture(splitRegex, 1) and
+    className = name.regexpCapture(splitRegex, 2) and
+    fieldName = name.regexpCapture(splitRegex, 3)
+  |
+    result.getField().hasQualifiedName(package, className, fieldName)
+  )
+}
+
 /** Gets the summary component for specification component `c`, if any. */
 bindingset[c]
 SummaryComponent interpretComponentSpecific(string c) {
+  c.matches("Field %") and result = SummaryComponent::content(interpretField(c.splitAt(" ", 1)))
+  or
   c = "ArrayElement" and result = SummaryComponent::content(any(ArrayContent c0))
   or
   c = "Element" and result = SummaryComponent::content(any(CollectionContent c0))