From 52f1930e1d896165cfd3396ceca251c89f70ec6f Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Mon, 7 Jun 2021 11:37:05 +0200
Subject: [PATCH 1/2] Add key-read-steps as local additional taint steps

---
 .../src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll | 1 +
 1 file changed, 1 insertion(+)

diff --git a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
index 93b8641d11b..966daea783f 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -69,6 +69,7 @@ private module Cached {
     |
       f instanceof ArrayContent or
       f instanceof CollectionContent or
+      f instanceof MapKeyContent or
       f instanceof MapValueContent
     )
     or

From c828c7031f431c5dcdf2c5629d07c3ea35905958 Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Fri, 11 Jun 2021 12:04:11 +0200
Subject: [PATCH 2/2] Add change note

---
 java/change-notes/2021-06-11-tainted-key-read-steps.md | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 java/change-notes/2021-06-11-tainted-key-read-steps.md

diff --git a/java/change-notes/2021-06-11-tainted-key-read-steps.md b/java/change-notes/2021-06-11-tainted-key-read-steps.md
new file mode 100644
index 00000000000..a0e03053c35
--- /dev/null
+++ b/java/change-notes/2021-06-11-tainted-key-read-steps.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Data flow now propagates taint from tainted Maps to read steps of their keys (e.g. `tainted.keySet()`).