Move class for getProperty method call to Properties.qll

java/ql/lib/semmle/code/java/frameworks/Properties.qll

@@ -2,6 +2,8 @@
 
 import semmle.code.java.Type
 private import semmle.code.java.dataflow.FlowSteps
+private import semmle.code.configfiles.ConfigFiles
+private import semmle.code.java.dataflow.RangeUtils
 
 /**
  * The `java.util.Properties` class.
@@ -43,3 +45,19 @@ class PropertiesStoreMethod extends Method {
     (this.getName().matches("store%") or this.getName() = "save")
   }
 }
+
+/**
+ * A call to the `getProperty` method of the class `java.util.Properties`.
+ */
+class PropertiesGetPropertyMethodCall extends MethodCall {
+  PropertiesGetPropertyMethodCall() { this.getMethod() instanceof PropertiesGetPropertyMethod }
+
+  private ConfigPair getPair() {
+    this.getArgument(0).(ConstantStringExpr).getStringValue() = result.getNameElement().getName()
+  }
+
+  string getPropertyValue() {
+    result = this.getPair().getValueElement().getValue() or
+    result = this.getArgument(1).(ConstantStringExpr).getStringValue()
+  }
+}

java/ql/lib/semmle/code/java/security/MaybeBrokenCryptoAlgorithmQuery.qll

@@ -37,31 +37,6 @@ private predicate objectToString(MethodCall ma) {
   )
 }
 
-private class GetPropertyMethodCall extends MethodCall {
-  GetPropertyMethodCall() { this.getMethod() instanceof PropertiesGetPropertyMethod }
-
-  private ConfigPair getPair() {
-    this.getArgument(0).(ConstantStringExpr).getStringValue() = result.getNameElement().getName()
-  }
-
-  string getPropertyValue() {
-    result = this.getPair().getValueElement().getValue() or
-    result = this.getArgument(1).(ConstantStringExpr).getStringValue()
-  }
-}
-
-/**
- * Get the string value represented by the given expression.
- *
- * If the value is a string literal, return the literal value.
- * If the value is a call to `java.util.Properties::getProperty`, return the potential values of the property.
- */
-string insecureAlgorithmName(DataFlow::Node algo) {
-  result = algo.asExpr().(StringLiteral).getValue()
-  or
-  result = algo.asExpr().(GetPropertyMethodCall).getPropertyValue()
-}
-
 /**
  * A taint-tracking configuration to reason about the use of potentially insecure cryptographic algorithms.
  */
@@ -69,7 +44,7 @@ module InsecureCryptoConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node n) {
     n.asExpr() instanceof InsecureAlgoLiteral
     or
-    exists(GetPropertyMethodCall mc | n.asExpr() = mc |
+    exists(PropertiesGetPropertyMethodCall mc | n.asExpr() = mc |
       // Since properties pairs are not included in the java/weak-crypto-algorithm,
       // The check for values from properties files can be less strict than `InsecureAlgoLiteral`.
       not mc.getPropertyValue().regexpMatch(getSecureAlgorithmRegex())

java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql

@@ -13,13 +13,27 @@
 
 import java
 import semmle.code.java.security.Encryption
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.frameworks.Properties
 import semmle.code.java.security.MaybeBrokenCryptoAlgorithmQuery
 import InsecureCryptoFlow::PathGraph
 
+/**
+ * Get the string value represented by the given expression.
+ *
+ * If the value is a string literal, return the literal value.
+ * If the value is a call to `java.util.Properties::getProperty`, return the potential values of the property.
+ */
+string getStringValue(DataFlow::Node algo) {
+  result = algo.asExpr().(StringLiteral).getValue()
+  or
+  result = algo.asExpr().(PropertiesGetPropertyMethodCall).getPropertyValue()
+}
+
 from InsecureCryptoFlow::PathNode source, InsecureCryptoFlow::PathNode sink, CryptoAlgoSpec c
 where
   sink.getNode().asExpr() = c.getAlgoSpec() and
   InsecureCryptoFlow::flowPath(source, sink)
 select c, source, sink,
   "Cryptographic algorithm $@ may not be secure, consider using a different algorithm.", source,
-  insecureAlgorithmName(source.getNode())
+  getStringValue(source.getNode())