Java: static field access of unknown class breaks dataflow (build-mode=none) #19597

odipar · 2025-05-27T13:19:40Z

This is another issue we encountered when analysing databases created with build-mode=none.
It appears that dataflow graphs are broken when static fields are accessed on unknown classes.
Please take a look codeql_issue2.zip for more information.

Here is the example java code:

// This import is from a dependency that is not resolved
import com.foo.mycompany.UnknownClass;

public class DataFlowNotConnected {
    static class MyClass {
        public static String staticField = "static";
    }

    private int run() {
        // data source 1 should flow to sink e and f, but dataflow is broken by UnknownClass.staticField
        int a = 1;
        int b = a;

        // static class field access from known class
        String staticField1 = MyClass.staticField;

        int c = b;
        int d = c;

        // static class field access from unknown class breaks dataflow
        String staticField2 = UnknownClass.staticField;

        int e = d;
        int f = e;

        return f;
    }
}

The text was updated successfully, but these errors were encountered:

odipar added the question Further information is requested label May 27, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Java: static field access of unknown class breaks dataflow (build-mode=none) #19597

Java: static field access of unknown class breaks dataflow (build-mode=none) #19597

odipar commented May 27, 2025 •

edited

Loading

Java: static field access of unknown class breaks dataflow (build-mode=none) #19597

Java: static field access of unknown class breaks dataflow (build-mode=none) #19597

Comments

odipar commented May 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

odipar commented May 27, 2025 •

edited

Loading