Skip to content

Java: static field access of unknown class breaks dataflow (build-mode=none) #19597

New issue
New issue
Open
Open
Java: static field access of unknown class breaks dataflow (build-mode=none)#19597
Labels
questionFurther information is requested
@odipar

Description

@odipar
odipar
opened on May 27, 2025

This is another issue we encountered when analysing databases created with build-mode=none.
It appears that dataflow graphs are broken when static fields are accessed on unknown classes.
Please take a look codeql_issue2.zip for more information.

Here is the example java code:

// This import is from a dependency that is not resolved
import com.foo.mycompany.UnknownClass;

public class DataFlowNotConnected {
    static class MyClass {
        public static String staticField = "static";
    }

    private int run() {
        // data source 1 should flow to sink e and f, but dataflow is broken by UnknownClass.staticField
        int a = 1;
        int b = a;

        // static class field access from known class
        String staticField1 = MyClass.staticField;

        int c = b;
        int d = c;

        // static class field access from unknown class breaks dataflow
        String staticField2 = UnknownClass.staticField;

        int e = d;
        int f = e;

        return f;
    }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions