hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor OS Guard Checks

Browse Source
This commit is contained in:
Jonathan Leitschuh
2022-03-01 13:20:54 -05:00
parent fd63107edf
commit 5913c9acad
8 changed files with 185 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
java/ql/lib/semmle/code/java/os/OSCheck.qll
View File

@@ -8,15 +8,33 @@ private import semmle.code.java.frameworks.apache.Lang
private import semmle.code.java.dataflow.DataFlow
/**
* A guard that checks if the current platform is Windows.
* A guard that checks if the current os is Windows.
* When True, the OS is Windows.
* When False, the OS is not Windows.
*/
abstract class IsWindowsGuard extends Guard { }
/**
* A guard that checks if the current platform is unix or unix-like.
* A guard that checks if the current OS is any Windows.
* When True, the OS is Windows.
* When False, the OS *may* still be Windows.
*/
abstract class IsAnyWindowsGuard extends Guard { }
/**
* A guard that checks if the current OS is unix or unix-like.
* When True, the OS is unix or unix-like.
* When False, the OS is not unix or unix-like.
*/
abstract class IsUnixGuard extends Guard { }
/**
* A guard that checks if the current OS is unix or unix-like.
* When True, the OS is unix or unix-like.
* When False, the OS *may* still be unix or unix-like.
*/
abstract class IsAnyUnixGuard extends Guard { }
/**
* Holds when the MethodAccess is a call to check the current OS using either the upper case `osUpperCase` or lower case `osLowerCase` string constants.
*/
@@ -48,7 +66,7 @@ private class IsWindowsFromSystemProp extends IsWindowsGuard instanceof MethodAc
IsWindowsFromSystemProp() { isOsFromSystemProp(this, "window%") }
}
private class IsUnixFromSystemProp extends IsUnixGuard instanceof MethodAccess {
private class IsUnixFromSystemProp extends IsAnyUnixGuard instanceof MethodAccess {
IsUnixFromSystemProp() { isOsFromSystemProp(this, ["mac%", "linux%"]) }
}
@@ -61,16 +79,31 @@ private predicate isOsFromApacheCommons(FieldAccess fa, string fieldNamePattern)
}
private class IsWindowsFromApacheCommons extends IsWindowsGuard instanceof FieldAccess {
IsWindowsFromApacheCommons() { isOsFromApacheCommons(this, "IS_OS_WINDOWS%") }
IsWindowsFromApacheCommons() { isOsFromApacheCommons(this, "IS_OS_WINDOWS") }
}
private class IsAnyWindowsFromApacheCommons extends IsAnyWindowsGuard instanceof FieldAccess {
IsAnyWindowsFromApacheCommons() { isOsFromApacheCommons(this, "IS_OS_WINDOWS_%") }
}
private class IsUnixFromApacheCommons extends IsUnixGuard instanceof FieldAccess {
IsUnixFromApacheCommons() { isOsFromApacheCommons(this, "IS_OS_UNIX") }
}
private class IsAnyUnixFromApacheCommons extends IsAnyUnixGuard instanceof FieldAccess {
IsAnyUnixFromApacheCommons() {
isOsFromApacheCommons(this,
[
"IS_OS_AIX", "IS_OS_HP_UX", "IS_OS_IRIX", "IS_OS_LINUX", "IS_OS_MAC%", "IS_OS_FREE_BSD",
"IS_OS_OPEN_BSD", "IS_OS_NET_BSD", "IS_OS_SOLARIS", "IS_OS_SUN_OS", "IS_OS_ZOS"
])
}
}
/**
* A guard that checks if the `java.nio.file.FileSystem` supports posix file permissions.
* This is often used to infer if the OS is unix-based.
* This is often used to infer if the OS is unix-based and can generally be considered to be true for all unix-based OSes
* ([source](https://en.wikipedia.org/wiki/POSIX#POSIX-oriented_operating_systems)).
* Looks for calls to `contains("posix")` on the `supportedFileAttributeViews()` method returned by `FileSystem`.
*/
private class IsUnixFromPosixFromFileSystem extends IsUnixGuard instanceof MethodAccess {

101
java/ql/test/library-tests/os/Test.java
View File

@@ -4,41 +4,98 @@ import java.nio.file.Path;
import org.apache.commons.lang3.SystemUtils;
public class Test {
void test() {
/**
* Should only be called on windows
*/
private void onlyOnWindows() {}
/**
* Should only be called on unix-like systems
*/
private void onlyOnUnix() {}
void testWindows() {
if (System.getProperty("os.name").contains("Windows")) {
onlyOnWindows();
}
if (System.getProperty("os.name").toLowerCase().contains("windows")) {
onlyOnWindows();
}
if (System.getProperty("os.name").contains("Linux")) {
}
if (System.getProperty("os.name").contains("Mac OS X")) {
}
if (System.getProperty("os.name").toLowerCase().contains("mac")) {
}
if (Path.of("whatever").getFileSystem().supportedFileAttributeViews().contains("posix")) {
}
if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
if (System.getProperty("os.name").toUpperCase().contains("WINDOWS")) {
onlyOnWindows();
}
if (SystemUtils.IS_OS_WINDOWS) {
onlyOnWindows();
} else {
onlyOnUnix();
}
if (SystemUtils.IS_OS_WINDOWS_XP) {
onlyOnWindows();
} else {
// Might be another version of windows
}
}
void testUnix() {
if (Path.of("whatever").getFileSystem().supportedFileAttributeViews().contains("posix")) {
onlyOnUnix();
}
if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
onlyOnUnix();
}
if (SystemUtils.IS_OS_UNIX) {
onlyOnUnix();
} else {
// Reasonable assumption, maybe not 100% accurate, but it's 'good enough'
onlyOnWindows();
}
}
void testLinux() {
if (System.getProperty("os.name").toLowerCase().contains("linux")) {
onlyOnUnix();
}
if (System.getProperty("os.name").contains("Linux")) {
onlyOnUnix();
}
if (SystemUtils.IS_OS_LINUX) {
onlyOnUnix();
} else {
// Might be another different unix-like system, so this can't be `onlyOnWindows()`.
}
if (!SystemUtils.IS_OS_LINUX) {
// Might be another different unix-like system, so this can't be `onlyOnWindows()`.
} else {
onlyOnUnix();
}
}
void testMacOs() {
if (System.getProperty("os.name").contains("Mac OS X")) {
onlyOnUnix();
}
if (System.getProperty("os.name").toLowerCase().contains("mac")) {
onlyOnUnix();
}
if (SystemUtils.IS_OS_MAC) {
onlyOnUnix();
} else {
// Can't assume this is windows, it could be another unix-like OS
}
if (SystemUtils.IS_OS_MAC_OSX_MOJAVE) {
onlyOnUnix();
}
}
}

37
java/ql/test/library-tests/os/any-unix-test.expected Normal file
View File

@@ -0,0 +1,37 @@
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1079:5:1079:80 | IS_OS_AIX |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1091:5:1091:82 | IS_OS_HP_UX |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1115:5:1115:81 | IS_OS_IRIX |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1127:5:1127:82 | IS_OS_LINUX |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1139:5:1139:80 | IS_OS_MAC |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1151:5:1151:84 | IS_OS_MAC_OSX |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1163:5:1163:92 | IS_OS_MAC_OSX_CHEETAH |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1175:5:1175:89 | IS_OS_MAC_OSX_PUMA |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1187:5:1187:91 | IS_OS_MAC_OSX_JAGUAR |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1199:5:1199:92 | IS_OS_MAC_OSX_PANTHER |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1211:5:1211:90 | IS_OS_MAC_OSX_TIGER |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1223:5:1223:92 | IS_OS_MAC_OSX_LEOPARD |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1235:5:1235:97 | IS_OS_MAC_OSX_SNOW_LEOPARD |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1247:5:1247:89 | IS_OS_MAC_OSX_LION |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1259:5:1259:98 | IS_OS_MAC_OSX_MOUNTAIN_LION |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1271:5:1271:94 | IS_OS_MAC_OSX_MAVERICKS |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1283:5:1283:93 | IS_OS_MAC_OSX_YOSEMITE |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1295:5:1295:95 | IS_OS_MAC_OSX_EL_CAPITAN |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1307:5:1307:91 | IS_OS_MAC_OSX_SIERRA |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1319:5:1319:96 | IS_OS_MAC_OSX_HIGH_SIERRA |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1331:5:1331:91 | IS_OS_MAC_OSX_MOJAVE |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1343:5:1343:93 | IS_OS_MAC_OSX_CATALINA |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1355:5:1355:92 | IS_OS_MAC_OSX_BIG_SUR |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1367:5:1367:85 | IS_OS_FREE_BSD |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1379:5:1379:85 | IS_OS_OPEN_BSD |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1391:5:1391:84 | IS_OS_NET_BSD |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1415:5:1415:84 | IS_OS_SOLARIS |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1427:5:1427:83 | IS_OS_SUN_OS |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1625:5:1625:80 | IS_OS_ZOS |
| Test.java:61:13:61:73 | contains(...) |
| Test.java:65:13:65:59 | contains(...) |
| Test.java:69:13:69:35 | SystemUtils.IS_OS_LINUX |
| Test.java:75:14:75:36 | SystemUtils.IS_OS_LINUX |
| Test.java:83:13:83:62 | contains(...) |
| Test.java:87:14:87:72 | contains(...) |
| Test.java:91:14:91:34 | SystemUtils.IS_OS_MAC |
| Test.java:97:14:97:45 | SystemUtils.IS_OS_MAC_OSX_MOJAVE |

5
java/ql/test/library-tests/os/any-unix-test.ql Normal file
View File

@@ -0,0 +1,5 @@
import default
import semmle.code.java.os.OSCheck
from IsAnyUnixGuard isAnyUnix
select isAnyUnix

14
java/ql/test/library-tests/os/any-windows-test.expected Normal file
View File

@@ -0,0 +1,14 @@
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1463:5:1463:89 | IS_OS_WINDOWS_2000 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1475:5:1475:89 | IS_OS_WINDOWS_2003 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1487:5:1487:89 | IS_OS_WINDOWS_2008 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1499:5:1499:89 | IS_OS_WINDOWS_2012 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1511:5:1511:87 | IS_OS_WINDOWS_95 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1523:5:1523:87 | IS_OS_WINDOWS_98 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1535:5:1535:87 | IS_OS_WINDOWS_ME |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1547:5:1547:87 | IS_OS_WINDOWS_NT |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1559:5:1559:87 | IS_OS_WINDOWS_XP |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1572:5:1572:90 | IS_OS_WINDOWS_VISTA |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1584:5:1584:86 | IS_OS_WINDOWS_7 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1596:5:1596:86 | IS_OS_WINDOWS_8 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1608:5:1608:87 | IS_OS_WINDOWS_10 |
| Test.java:36:13:36:40 | SystemUtils.IS_OS_WINDOWS_XP |

5
java/ql/test/library-tests/os/any-windows-test.ql Normal file
View File

@@ -0,0 +1,5 @@
import default
import semmle.code.java.os.OSCheck
from IsAnyWindowsGuard isAnyWindows
select isAnyWindows

9
java/ql/test/library-tests/os/unix-test.expected
View File

@@ -1,7 +1,4 @@
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1439:5:1439:81 | IS_OS_UNIX |
| Test.java:16:13:16:59 | contains(...) |
| Test.java:20:13:20:62 | contains(...) |
| Test.java:24:13:24:71 | contains(...) |
| Test.java:28:13:28:95 | contains(...) |
| Test.java:32:13:32:84 | contains(...) |
| Test.java:40:13:40:34 | SystemUtils.IS_OS_UNIX |
| Test.java:44:13:44:95 | contains(...) |
| Test.java:48:13:48:84 | contains(...) |
| Test.java:52:13:52:34 | SystemUtils.IS_OS_UNIX |

20
java/ql/test/library-tests/os/windows-test.expected
View File

@@ -1,17 +1,5 @@
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1451:5:1451:84 | IS_OS_WINDOWS |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1463:5:1463:89 | IS_OS_WINDOWS_2000 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1475:5:1475:89 | IS_OS_WINDOWS_2003 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1487:5:1487:89 | IS_OS_WINDOWS_2008 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1499:5:1499:89 | IS_OS_WINDOWS_2012 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1511:5:1511:87 | IS_OS_WINDOWS_95 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1523:5:1523:87 | IS_OS_WINDOWS_98 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1535:5:1535:87 | IS_OS_WINDOWS_ME |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1547:5:1547:87 | IS_OS_WINDOWS_NT |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1559:5:1559:87 | IS_OS_WINDOWS_XP |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1572:5:1572:90 | IS_OS_WINDOWS_VISTA |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1584:5:1584:86 | IS_OS_WINDOWS_7 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1596:5:1596:86 | IS_OS_WINDOWS_8 |
| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1608:5:1608:87 | IS_OS_WINDOWS_10 |
| Test.java:8:13:8:61 | contains(...) |
| Test.java:12:13:12:75 | contains(...) |
| Test.java:36:13:36:37 | SystemUtils.IS_OS_WINDOWS |
| Test.java:18:13:18:61 | contains(...) |
| Test.java:22:13:22:75 | contains(...) |
| Test.java:26:13:26:75 | contains(...) |
| Test.java:30:13:30:37 | SystemUtils.IS_OS_WINDOWS |