Merge pull request #16478 from aschackmull/java/hasqualifiedname

Java: Clean up some instances of getQualifiedName.
2025-12-16 16:53:25 +01:00 · 2024-05-14 09:19:25 +02:00
parent b34fb7c26b 76e740bc1d
commit ed0717af96
10 changed files with 31 additions and 38 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -301,7 +301,7 @@ class EnvReadMethod extends Method {

 /** The type `java.net.InetAddress`. */
 class TypeInetAddr extends RefType {
-  TypeInetAddr() { this.getQualifiedName() = "java.net.InetAddress" }
+  TypeInetAddr() { this.hasQualifiedName("java.net", "InetAddress") }
 }

 /** A reverse DNS method. */
--- a/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll
@@ -6,16 +6,12 @@ import java
 private import semmle.code.java.dataflow.FlowSteps

 class ApacheHttpGetParams extends Method {
-  ApacheHttpGetParams() {
-    this.getDeclaringType().getQualifiedName() = "org.apache.http.HttpMessage" and
-    this.getName() = "getParams"
-  }
+  ApacheHttpGetParams() { this.hasQualifiedName("org.apache.http", "HttpMessage", "getParams") }
 }

 class ApacheHttpEntityGetContent extends Method {
  ApacheHttpEntityGetContent() {
-    this.getDeclaringType().getQualifiedName() = "org.apache.http.HttpEntity" and
-    this.getName() = "getContent"
+    this.hasQualifiedName("org.apache.http", "HttpEntity", "getContent")
  }
 }

--- a/java/ql/lib/semmle/code/java/frameworks/JAXB.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/JAXB.qll
@@ -4,14 +4,14 @@ import semmle.code.java.Type

 class JaxbElement extends Class {
  JaxbElement() {
-    this.getAnAncestor().getQualifiedName() = "javax.xml.bind.JAXBElement" or
+    this.getAnAncestor().hasQualifiedName("javax.xml.bind", "JAXBElement") or
    this.getAnAnnotation().getType().getName() = "XmlRootElement"
  }
 }

 class JaxbMarshalMethod extends Method {
  JaxbMarshalMethod() {
-    this.getDeclaringType().getQualifiedName() = "javax.xml.bind.Marshaller" and
+    this.getDeclaringType().hasQualifiedName("javax.xml.bind", "Marshaller") and
    this.getName() = "marshal"
  }
 }
--- a/java/ql/lib/semmle/code/java/security/Encryption.qll
+++ b/java/ql/lib/semmle/code/java/security/Encryption.qll
@@ -284,8 +284,7 @@ abstract class JavaxCryptoAlgoSpec extends CryptoAlgoSpec { }
 class JavaxCryptoCipher extends JavaxCryptoAlgoSpec {
  JavaxCryptoCipher() {
    exists(Method m | m.getAReference() = this |
-      m.getDeclaringType().getQualifiedName() = "javax.crypto.Cipher" and
-      m.getName() = "getInstance"
+      m.hasQualifiedName("javax.crypto", "Cipher", "getInstance")
    )
  }

@@ -295,7 +294,7 @@ class JavaxCryptoCipher extends JavaxCryptoAlgoSpec {
 class JavaxCryptoSecretKey extends JavaxCryptoAlgoSpec {
  JavaxCryptoSecretKey() {
    exists(Constructor c | c.getAReference() = this |
-      c.getDeclaringType().getQualifiedName() = "javax.crypto.spec.SecretKeySpec"
+      c.getDeclaringType().hasQualifiedName("javax.crypto.spec", "SecretKeySpec")
    )
  }

@@ -320,8 +319,7 @@ class JavaxCryptoKeyGenerator extends JavaxCryptoAlgoSpec {
 class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec {
  JavaxCryptoKeyAgreement() {
    exists(Method m | m.getAReference() = this |
-      m.getDeclaringType().getQualifiedName() = "javax.crypto.KeyAgreement" and
-      m.getName() = "getInstance"
+      m.hasQualifiedName("javax.crypto", "KeyAgreement", "getInstance")
    )
  }

@@ -331,8 +329,7 @@ class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec {
 class JavaxCryptoKeyFactory extends JavaxCryptoAlgoSpec {
  JavaxCryptoKeyFactory() {
    exists(Method m | m.getAReference() = this |
-      m.getDeclaringType().getQualifiedName() = "javax.crypto.SecretKeyFactory" and
-      m.getName() = "getInstance"
+      m.hasQualifiedName("javax.crypto", "SecretKeyFactory", "getInstance")
    )
  }

@@ -348,8 +345,7 @@ class JavaSecurityMessageDigest extends JavaSecurityAlgoSpec {
    )
    or
    exists(Method m | m.getAReference() = this |
-      m.getDeclaringType().hasQualifiedName("java.security", "MessageDigest") and
-      m.getName() = "getInstance"
+      m.hasQualifiedName("java.security", "MessageDigest", "getInstance")
    )
  }

@@ -359,7 +355,7 @@ class JavaSecurityMessageDigest extends JavaSecurityAlgoSpec {
 class JavaSecuritySignature extends JavaSecurityAlgoSpec {
  JavaSecuritySignature() {
    exists(Constructor c | c.getAReference() = this |
-      c.getDeclaringType().getQualifiedName() = "java.security.Signature"
+      c.getDeclaringType().hasQualifiedName("java.security", "Signature")
    )
  }

--- a/java/ql/lib/semmle/code/java/security/XSS.qll
+++ b/java/ql/lib/semmle/code/java/security/XSS.qll
@@ -97,8 +97,7 @@ class XssVulnerableWriterSource extends MethodCall {
    this.getMethod() instanceof ServletResponseGetOutputStreamMethod
    or
    exists(Method m | m = this.getMethod() |
-      m.getDeclaringType().getQualifiedName() = "javax.servlet.jsp.JspContext" and
-      m.getName() = "getOut"
+      m.hasQualifiedName("javax.servlet.jsp", "JspContext", "getOut")
    )
    or
    this.getMethod() instanceof FacesGetResponseWriterMethod
--- a/Bugs/Concurrency/WaitOutsideLoop.ql
+++ b/Bugs/Concurrency/WaitOutsideLoop.ql
@@ -16,7 +16,7 @@ import java
 class WaitMethod extends Method {
  WaitMethod() {
    this.getName() = "wait" and
-    this.getDeclaringType().getQualifiedName() = "java.lang.Object"
+    this.getDeclaringType() instanceof TypeObject
  }
 }

--- a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql
+++ b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql
@@ -16,23 +16,24 @@ import semmle.code.java.security.Encryption

 class NetworkClass extends Class {
  NetworkClass() {
-    this.getAnAncestor().getQualifiedName().matches("java.rmi.%") or
-    this.getAnAncestor().getQualifiedName().matches("java.net.%") or
-    this.getAnAncestor().getQualifiedName().matches("javax.net.%")
+    this.getAnAncestor()
+        .getPackage()
+        .getName()
+        .regexpMatch("(java\\.net|java\\.rmi|javax\\.net)(\\..*)?")
  }
 }

 class SocketFactoryType extends RefType {
  SocketFactoryType() {
-    this.getQualifiedName() = "java.rmi.server.RMIServerSocketFactory" or
-    this.getQualifiedName() = "java.rmi.server.RMIClientSocketFactory" or
-    this.getQualifiedName() = "javax.net.SocketFactory" or
-    this.getQualifiedName() = "java.net.SocketImplFactory"
+    this.hasQualifiedName("java.rmi.server", "RMIServerSocketFactory") or
+    this.hasQualifiedName("java.rmi.server", "RMIClientSocketFactory") or
+    this.hasQualifiedName("javax.net", "SocketFactory") or
+    this.hasQualifiedName("java.net", "SocketImplFactory")
  }
 }

 /** Holds if the method `m` has a factory parameter at location `p`. */
-cached
+pragma[nomagic]
 predicate usesFactory(Method m, int p) {
  m.getParameter(p).getType().(RefType).getAnAncestor() instanceof SocketFactoryType
 }
--- a/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
+++ b/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
@@ -13,11 +13,13 @@

 import java

-predicate dangerousMethod(string descriptor) { descriptor = "java.lang.Thread.stop" }
+predicate dangerousMethod(string pack, string type, string name) {
+  pack = "java.lang" and type = "Thread" and name = "stop"
+}

-from MethodCall call, Method target, string descriptor
+from MethodCall call, Method target, string pack, string type, string name
 where
  call.getCallee() = target and
-  descriptor = target.getDeclaringType().getQualifiedName() + "." + target.getName() and
-  dangerousMethod(descriptor)
-select call, "Call to " + descriptor + " is potentially dangerous."
+  target.hasQualifiedName(pack, type, name) and
+  dangerousMethod(pack, type, name)
+select call, "Call to " + pack + "." + type + "." + name + " is potentially dangerous."
--- a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll
@@ -72,7 +72,7 @@ class ArrayInitAtNonZeroIndex extends DataFlow::Node {
 class StreamConcatAtNonZeroIndex extends DataFlow::Node {
  StreamConcatAtNonZeroIndex() {
    exists(MethodCall call, int index |
-      call.getMethod().getQualifiedName() = "java.util.stream.Stream.concat" and
+      call.getMethod().hasQualifiedName("java.util.stream", "Stream", "concat") and
      call.getArgument(index) = this.asExpr() and
      index != 0
    )
--- a/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql
@@ -72,8 +72,7 @@ class HostVerificationMethodCall extends MethodCall {
      exists(MethodCall ma, Method m, Field f |
        this.getArgument(0) = ma and
        ma.getMethod() = m and
-        m.hasName("getString") and
-        m.getDeclaringType().getQualifiedName() = "android.content.res.Resources" and
+        m.hasQualifiedName("android.content.res", "Resources", "getString") and
        ma.getArgument(0).(FieldRead).getField() = f and
        f.getDeclaringType() instanceof AndroidRString
      ) //Check resource properties in /res/values/strings.xml in Android mobile applications using res.getString(R.string.key)