Java: Deprecate StringLiteral.getRepresentedString()

2026-05-24 16:17:07 +02:00 · 2021-10-29 14:50:15 +02:00
parent 3a1836c9f6
commit bfb9577d15
27 changed files with 104 additions and 104 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll
@@ -59,7 +59,7 @@ class SpringViewManipulationConfig extends TaintTracking::Configuration {
    exists(AddExpr e, StringLiteral sl |
      node.asExpr() = e.getControlFlowNode().getASuccessor*() and
      sl = e.getLeftOperand*() and
-      sl.getRepresentedString().matches(["redirect:%", "ajaxredirect:%", "forward:%"])
+      sl.getValue().matches(["redirect:%", "ajaxredirect:%", "forward:%"])
    )
    or
    // Block flows like
@@ -79,7 +79,7 @@ class SpringViewManipulationConfig extends TaintTracking::Configuration {
        sl = ca.getQualifier()
      ) and
      ca = getAStringCombiningCall() and
-      sl.getRepresentedString().matches(["redirect:%", "ajaxredirect:%", "forward:%"])
+      sl.getValue().matches(["redirect:%", "ajaxredirect:%", "forward:%"])
    |
      exists(Call cc | DataFlow::localExprFlow(ca.getQualifier(), cc.getQualifier()) |
        cc = node.asExpr()
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
@@ -139,7 +139,7 @@ predicate hasShortECKeyPair(MethodAccess ma, string msg) {
    kc.hasFlowPath(source, dest) and
    DataFlow::localExprFlow(cie, ma.getArgument(0)) and
    ma.getArgument(0).getType() instanceof ECGenParameterSpec and
-    getECKeySize(cie.getArgument(0).(StringLiteral).getRepresentedString()) < 256
+    getECKeySize(cie.getArgument(0).(StringLiteral).getValue()) < 256
  ) and
  msg = "Key size should be at least 256 bits for EC encryption."
 }
--- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql
@@ -42,7 +42,7 @@ private class UnsafeBeanInitMethod extends Method {
    exists(Annotation a | this.getAnAnnotation() = a |
      a.getType().hasQualifiedName("org.springframework.context.annotation", "Bean") and
      if a.getValue("name") instanceof StringLiteral
-      then identifier = a.getValue("name").(StringLiteral).getRepresentedString()
+      then identifier = a.getValue("name").(StringLiteral).getValue()
      else identifier = this.getName()
    )
  }
--- a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql
@@ -23,7 +23,7 @@ import DataFlow::PathGraph
 class InsecureLdapUrlLiteral extends StringLiteral {
  InsecureLdapUrlLiteral() {
    // Match connection strings with the LDAP protocol and without private IP addresses to reduce false positives.
-    exists(string s | this.getRepresentedString() = s |
+    exists(string s | this.getValue() = s |
      s.regexpMatch("(?i)ldap://[\\[a-zA-Z0-9].*") and
      not s.substring(7, s.length()) instanceof PrivateHostName
    )
--- a/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql
@@ -54,7 +54,7 @@ class HostVerificationMethodAccess extends MethodAccess {
    ) and
    this.getMethod().getNumberOfParameters() = 1 and
    (
-      this.getArgument(0).(StringLiteral).getRepresentedString().charAt(0) != "." //string constant comparison e.g. uri.getHost().endsWith("example.com")
+      this.getArgument(0).(StringLiteral).getValue().charAt(0) != "." //string constant comparison e.g. uri.getHost().endsWith("example.com")
      or
      this.getArgument(0)
          .(AddExpr)
@@ -63,15 +63,10 @@ class HostVerificationMethodAccess extends MethodAccess {
          .getVariable()
          .getAnAssignedValue()
          .(StringLiteral)
-          .getRepresentedString()
+          .getValue()
          .charAt(0) != "." //var1+var2, check var1 starts with "." e.g. String domainName = "example"; Uri.parse(url).getHost().endsWith(domainName+".com")
      or
-      this.getArgument(0)
-          .(AddExpr)
-          .getLeftOperand()
-          .(StringLiteral)
-          .getRepresentedString()
-          .charAt(0) != "." //"."+var2, check string constant "." e.g. String domainName = "example.com";  Uri.parse(url).getHost().endsWith("www."+domainName)
+      this.getArgument(0).(AddExpr).getLeftOperand().(StringLiteral).getValue().charAt(0) != "." //"."+var2, check string constant "." e.g. String domainName = "example.com";  Uri.parse(url).getHost().endsWith("www."+domainName)
      or
      exists(MethodAccess ma, Method m, Field f |
        this.getArgument(0) = ma and
@@ -87,7 +82,7 @@ class HostVerificationMethodAccess extends MethodAccess {
          .getVariable()
          .getAnAssignedValue()
          .(StringLiteral)
-          .getRepresentedString()
+          .getValue()
          .charAt(0) != "." //check variable starts with "." e.g. String domainName = "example.com";  Uri.parse(url).getHost().endsWith(domainName)
    )
  }