Java: Fix Field.getInitializer() matching non-initializer assignments

Marcono1234 · smowton · commit c8d98ae649fd · 2021-08-24T14:04:44.000+01:00
diff --git a/java/ql/lib/semmle/code/java/Member.qll b/java/ql/lib/semmle/code/java/Member.qll
@@ -600,12 +600,13 @@ class Field extends Member, ExprParent, @field, Variable {
 
   /** Gets the initializer expression of this field, if any. */
   override Expr getInitializer() {
-    exists(AssignExpr e, InitializerMethod im |
+    exists(AssignExpr e, InitializerMethod im, ExprStmt exprStmt |
       e.getDest() = this.getAnAccess() and
       e.getSource() = result and
-      pragma[only_bind_out](result).getEnclosingCallable() = im and
-      // This rules out updates in explicit initializer blocks as they are nested inside the compiler generated initializer blocks.
-      pragma[only_bind_out](e.getEnclosingStmt().getParent()) = pragma[only_bind_out](im.getBody())
+      exprStmt.getExpr() = e and
+      // This check also rules out assignments in explicit initializer blocks
+      // (CodeQL models explicit initializer blocks as BlockStmt in initializer methods)
+      exprStmt.getParent() = im.getBody()
     )
   }
 
