Java: Add support for flow through side-effects on static fields.

2026-04-26 17:25:19 +02:00 · 2024-05-15 15:37:48 +02:00
parent 619913b553
commit bf3dbc24de
3 changed files with 27 additions and 1 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
@@ -40,8 +40,11 @@ private predicate fieldStep(Node node1, Node node2) {
  exists(Field f |
    // Taint fields through assigned values only if they're static
    f.isStatic() and
-    f.getAnAssignedValue() = node1.asExpr() and
    node2.(FieldValueNode).getField() = f
+  |
+    f.getAnAssignedValue() = node1.asExpr()
+    or
+    f.getAnAccess() = node1.(PostUpdateNode).getPreUpdateNode().asExpr()
  )
  or
  exists(Field f, FieldRead fr |