mirror of
https://github.com/github/codeql.git
synced 2026-04-30 19:26:02 +02:00
Java: Deprecate StringLiteral.getRepresentedString()
This commit is contained in:
Marcono1234
@@ -166,7 +166,7 @@ class CompileTimeConstantExpr extends Expr {
|
||||
*/
|
||||
pragma[nomagic]
|
||||
string getStringValue() {
|
||||
result = this.(StringLiteral).getRepresentedString()
|
||||
result = this.(StringLiteral).getValue()
|
||||
or
|
||||
result =
|
||||
this.(AddExpr).getLeftOperand().(CompileTimeConstantExpr).getStringValue() +
|
||||
@@ -732,9 +732,18 @@ class CharacterLiteral extends Literal, @characterliteral {
|
||||
*/
|
||||
class StringLiteral extends Literal, @stringliteral {
|
||||
/**
|
||||
* Gets the string represented by this string literal, that is, the content
|
||||
* of the literal without enclosing quotes and with escape sequences translated.
|
||||
*/
|
||||
override string getValue() { result = super.getValue() }
|
||||
|
||||
/**
|
||||
* DEPRECATED: This predicate will be removed in a future version because
|
||||
* it is just an alias for `getValue()`; that predicate should be used instead.
|
||||
*
|
||||
* Gets the literal string without the quotes.
|
||||
*/
|
||||
string getRepresentedString() { result = this.getValue() }
|
||||
deprecated string getRepresentedString() { result = this.getValue() }
|
||||
|
||||
/** Holds if this string literal is a text block (`""" ... """`). */
|
||||
predicate isTextBlock() { this.getLiteral().matches("\"\"\"%") }
|
||||
|
||||
@@ -25,9 +25,7 @@ class SuppressWarningsAnnotation extends Annotation {
|
||||
}
|
||||
|
||||
/** Gets the name of a warning suppressed by this annotation. */
|
||||
string getASuppressedWarning() {
|
||||
result = this.getASuppressedWarningLiteral().getRepresentedString()
|
||||
}
|
||||
string getASuppressedWarning() { result = this.getASuppressedWarningLiteral().getValue() }
|
||||
}
|
||||
|
||||
/** A `@Target` annotation. */
|
||||
|
||||
@@ -75,7 +75,7 @@ class ReflectiveClassIdentifierMethodAccess extends ReflectiveClassIdentifier, M
|
||||
/**
|
||||
* If the argument to this call is a `StringLiteral`, then return that string.
|
||||
*/
|
||||
string getTypeName() { result = this.getArgument(0).(StringLiteral).getRepresentedString() }
|
||||
string getTypeName() { result = this.getArgument(0).(StringLiteral).getValue() }
|
||||
|
||||
override RefType getReflectivelyIdentifiedClass() {
|
||||
// We only handle cases where the class is specified as a string literal to this call.
|
||||
@@ -360,7 +360,7 @@ class ReflectiveMethodAccess extends ClassMethodAccess {
|
||||
this.getInferredClassType().inherits(result)
|
||||
) and
|
||||
// Only consider instances where the method name is provided as a `StringLiteral`.
|
||||
result.hasName(this.getArgument(0).(StringLiteral).getRepresentedString())
|
||||
result.hasName(this.getArgument(0).(StringLiteral).getValue())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -400,6 +400,6 @@ class ReflectiveFieldAccess extends ClassMethodAccess {
|
||||
this.getInferredClassType().inherits(result)
|
||||
)
|
||||
) and
|
||||
result.hasName(this.getArgument(0).(StringLiteral).getRepresentedString())
|
||||
result.hasName(this.getArgument(0).(StringLiteral).getValue())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -279,7 +279,7 @@ private predicate formatStringFragment(Expr fmt) {
|
||||
private predicate formatStringValue(Expr e, string fmtvalue) {
|
||||
formatStringFragment(e) and
|
||||
(
|
||||
e.(StringLiteral).getRepresentedString() = fmtvalue
|
||||
e.(StringLiteral).getValue() = fmtvalue
|
||||
or
|
||||
e.getType() instanceof IntegralType and fmtvalue = "1" // dummy value
|
||||
or
|
||||
@@ -318,7 +318,7 @@ private predicate formatStringValue(Expr e, string fmtvalue) {
|
||||
getprop.hasName("getProperty") and
|
||||
getprop.getDeclaringType().hasQualifiedName("java.lang", "System") and
|
||||
getprop.getNumberOfParameters() = 1 and
|
||||
ma.getAnArgument().(StringLiteral).getRepresentedString() = prop and
|
||||
ma.getAnArgument().(StringLiteral).getValue() = prop and
|
||||
(prop = "line.separator" or prop = "file.separator" or prop = "path.separator") and
|
||||
fmtvalue = "x" // dummy value
|
||||
)
|
||||
|
||||
@@ -162,7 +162,7 @@ class TestNGTestMethod extends Method {
|
||||
testAnnotation = this.getAnAnnotation() and
|
||||
// The data provider must have the same name as the referenced data provider
|
||||
result.getDataProviderName() =
|
||||
testAnnotation.getValue("dataProvider").(StringLiteral).getRepresentedString()
|
||||
testAnnotation.getValue("dataProvider").(StringLiteral).getValue()
|
||||
|
|
||||
// Either the data provider should be on the current class, or a supertype
|
||||
this.getDeclaringType().getAnAncestor() = result.getDeclaringType()
|
||||
@@ -258,7 +258,7 @@ class TestNGDataProviderMethod extends Method {
|
||||
.(TestNGDataProviderAnnotation)
|
||||
.getValue("name")
|
||||
.(StringLiteral)
|
||||
.getRepresentedString()
|
||||
.getValue()
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -300,8 +300,8 @@ private predicate unsafeEscape(MethodAccess ma) {
|
||||
// Removing `<script>` tags using a string-replace method is
|
||||
// unsafe if such a tag is embedded inside another one (e.g. `<scr<script>ipt>`).
|
||||
exists(StringReplaceMethod m | ma.getMethod() = m |
|
||||
ma.getArgument(0).(StringLiteral).getRepresentedString() = "(<script>)" and
|
||||
ma.getArgument(1).(StringLiteral).getRepresentedString() = ""
|
||||
ma.getArgument(0).(StringLiteral).getValue() = "(<script>)" and
|
||||
ma.getArgument(1).(StringLiteral).getValue() = ""
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -37,9 +37,9 @@ class SpringComponentScan extends Annotation {
|
||||
*/
|
||||
string getBasePackages() {
|
||||
// "value" and "basePackages" are synonymous, and are simple strings
|
||||
result = this.getAValue("basePackages").(StringLiteral).getRepresentedString()
|
||||
result = this.getAValue("basePackages").(StringLiteral).getValue()
|
||||
or
|
||||
result = this.getAValue("value").(StringLiteral).getRepresentedString()
|
||||
result = this.getAValue("value").(StringLiteral).getValue()
|
||||
or
|
||||
exists(TypeLiteral typeLiteral |
|
||||
// Base package classes are type literals whose package should be considered a base package.
|
||||
@@ -201,7 +201,7 @@ class SpringComponent extends RefType {
|
||||
.getType()
|
||||
.hasQualifiedName("org.springframework.context.annotation", "Profile")
|
||||
|
|
||||
result = profileAnnotation.getAValue("value").(StringLiteral).getRepresentedString()
|
||||
result = profileAnnotation.getAValue("value").(StringLiteral).getValue()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ private predicate boxedToString(Method method) {
|
||||
* it is better to use a prepared query than to just put single quotes around the string.
|
||||
*/
|
||||
predicate endsInQuote(Expr expr) {
|
||||
exists(string str | str = expr.(StringLiteral).getRepresentedString() | str.matches("%'"))
|
||||
exists(string str | str = expr.(StringLiteral).getValue() | str.matches("%'"))
|
||||
or
|
||||
exists(Variable var | expr = var.getAnAccess() | endsInQuote(var.getAnAssignedValue()))
|
||||
or
|
||||
|
||||
@@ -12,13 +12,13 @@ private import semmle.code.java.frameworks.Networking
|
||||
*/
|
||||
class HttpStringLiteral extends StringLiteral {
|
||||
HttpStringLiteral() {
|
||||
exists(string s | this.getRepresentedString() = s |
|
||||
exists(string s | this.getValue() = s |
|
||||
s = "http"
|
||||
or
|
||||
s.matches("http://%") and
|
||||
not s.substring(7, s.length()) instanceof PrivateHostName and
|
||||
not TaintTracking::localExprTaint(any(StringLiteral p |
|
||||
p.getRepresentedString() instanceof PrivateHostName
|
||||
p.getValue() instanceof PrivateHostName
|
||||
), this.getParent*())
|
||||
)
|
||||
}
|
||||
|
||||
@@ -41,5 +41,5 @@ private class DefaultInsecureBasicAuthSink extends InsecureBasicAuthSink {
|
||||
* String pattern of basic authentication.
|
||||
*/
|
||||
private class BasicAuthString extends StringLiteral {
|
||||
BasicAuthString() { exists(string s | this.getRepresentedString() = s | s.matches("Basic %")) }
|
||||
BasicAuthString() { exists(string s | this.getValue() = s | s.matches("Basic %")) }
|
||||
}
|
||||
|
||||
@@ -5,7 +5,7 @@ import java
|
||||
* An element that starts with a relative path.
|
||||
*/
|
||||
predicate relativePath(Element tree, string command) {
|
||||
exists(StringLiteral lit, string text | tree = lit and text = lit.getRepresentedString() |
|
||||
exists(StringLiteral lit, string text | tree = lit and text = lit.getValue() |
|
||||
text != "" and
|
||||
text.regexpMatch(["[^/\\\\ \t]*", "[^/\\\\ \t]*[ \t].*"]) and
|
||||
command = text.replaceAll("\t", " ").splitAt(" ", 0).replaceAll("\"", "")
|
||||
|
||||
@@ -27,7 +27,7 @@ abstract class FlagKind extends string {
|
||||
flag.asExpr() = v and v.getType() instanceof FlagType
|
||||
)
|
||||
or
|
||||
exists(StringLiteral s | s.getRepresentedString() = getAFlagName() | flag.asExpr() = s)
|
||||
exists(StringLiteral s | s.getValue() = getAFlagName() | flag.asExpr() = s)
|
||||
or
|
||||
exists(MethodAccess ma | ma.getMethod().getName() = getAFlagName() |
|
||||
flag.asExpr() = ma and
|
||||
|
||||
@@ -41,9 +41,7 @@ class SensitiveMethodAccess extends SensitiveExpr, MethodAccess {
|
||||
or
|
||||
// This is particularly to pick up methods with an argument like "password", which
|
||||
// may indicate a lookup.
|
||||
exists(string s |
|
||||
this.getAnArgument().(StringLiteral).getRepresentedString().toLowerCase() = s
|
||||
|
|
||||
exists(string s | this.getAnArgument().(StringLiteral).getValue().toLowerCase() = s |
|
||||
s.matches(suspicious()) and
|
||||
not s.matches(nonSuspicious())
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user