From c239a4399cc5a86c4638737a728d069034cb4845 Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Thu, 27 Jul 2023 10:37:00 +0200
Subject: [PATCH] Changed Struts2ActionSupportClassFieldReadSource to be a
 FieldValueNode instead of a field read

---
 java/ql/lib/semmle/code/java/dataflow/FlowSources.qll | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
index f049a0cb37b..26f29076efc 100644
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -143,11 +143,10 @@ private class GuiceRequestParameterSource extends RemoteFlowSource {
   override string getSourceType() { result = "Guice request parameter" }
 }
 
-private class Struts2ActionSupportClassFieldReadSource extends RemoteFlowSource {
-  Struts2ActionSupportClassFieldReadSource() {
-    exists(Struts2ActionSupportClass c |
-      c.getASetterMethod().getField() = this.asExpr().(FieldRead).getField()
-    )
+private class Struts2ActionSupportClassFieldSource extends RemoteFlowSource {
+  Struts2ActionSupportClassFieldSource() {
+    this.(DataFlow::FieldValueNode).getField() =
+      any(Struts2ActionSupportClass c).getASetterMethod().getField()
   }
 
   override string getSourceType() { result = "Struts2 ActionSupport field" }