From bf3dbc24dea92abbfb913aa3cfaf7047a94f2788 Mon Sep 17 00:00:00 2001
From: Anders Schack-Mulligen <aschackmull@github.com>
Date: Wed, 15 May 2024 15:37:48 +0200
Subject: [PATCH 1/2] Java: Add support for flow through side-effects on static
 fields.

---
 .../dataflow/internal/DataFlowPrivate.qll     |  5 ++++-
 .../test/library-tests/dataflow/fields/G.java | 21 +++++++++++++++++++
 .../dataflow/fields/flow.expected             |  2 ++
 3 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 java/ql/test/library-tests/dataflow/fields/G.java

diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
index e6f223c195cb..5d8e3047700b 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
@@ -40,8 +40,11 @@ private predicate fieldStep(Node node1, Node node2) {
   exists(Field f |
     // Taint fields through assigned values only if they're static
     f.isStatic() and
-    f.getAnAssignedValue() = node1.asExpr() and
     node2.(FieldValueNode).getField() = f
+  |
+    f.getAnAssignedValue() = node1.asExpr()
+    or
+    f.getAnAccess() = node1.(PostUpdateNode).getPreUpdateNode().asExpr()
   )
   or
   exists(Field f, FieldRead fr |
diff --git a/java/ql/test/library-tests/dataflow/fields/G.java b/java/ql/test/library-tests/dataflow/fields/G.java
new file mode 100644
index 000000000000..42e4e6dfd492
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/fields/G.java
@@ -0,0 +1,21 @@
+public class G {
+  static Object[] f;
+
+  void sink(Object o) { }
+
+  void runsink() {
+    sink(f[0]);
+  }
+
+  void test1() {
+    f[0] = new Object();
+  }
+
+  void test2() {
+    addObj(f);
+  }
+
+  void addObj(Object[] xs) {
+    xs[0] = new Object();
+  }
+}
diff --git a/java/ql/test/library-tests/dataflow/fields/flow.expected b/java/ql/test/library-tests/dataflow/fields/flow.expected
index 382819fbdbba..2674dbcdcba8 100644
--- a/java/ql/test/library-tests/dataflow/fields/flow.expected
+++ b/java/ql/test/library-tests/dataflow/fields/flow.expected
@@ -29,3 +29,5 @@
 | F.java:5:14:5:25 | new Object(...) | F.java:20:10:20:17 | f.Field1 |
 | F.java:10:16:10:27 | new Object(...) | F.java:15:10:15:17 | f.Field1 |
 | F.java:24:9:24:20 | new Object(...) | F.java:33:10:33:17 | f.Field1 |
+| G.java:11:12:11:23 | new Object(...) | G.java:7:10:7:13 | ...[...] |
+| G.java:19:13:19:24 | new Object(...) | G.java:7:10:7:13 | ...[...] |

From 1bc3f6b0e7175336d571b22a0838543df1fff90b Mon Sep 17 00:00:00 2001
From: Anders Schack-Mulligen <aschackmull@github.com>
Date: Wed, 15 May 2024 15:45:17 +0200
Subject: [PATCH 2/2] Java: Add change note.

---
 .../lib/change-notes/2024-05-15-static-field-side-effect.md   | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 java/ql/lib/change-notes/2024-05-15-static-field-side-effect.md

diff --git a/java/ql/lib/change-notes/2024-05-15-static-field-side-effect.md b/java/ql/lib/change-notes/2024-05-15-static-field-side-effect.md
new file mode 100644
index 000000000000..3f6e8d8edaf9
--- /dev/null
+++ b/java/ql/lib/change-notes/2024-05-15-static-field-side-effect.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Added support for data flow through side-effects on static fields. For example, when a static field containing an array is updated.