From 76e740bc1db0bb5f5031b5ce7a99dcc34af624f4 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 13 May 2024 13:06:44 +0200 Subject: [PATCH] Java: Clean up some instances of getQualifiedName. --- .../semmle/code/java/dataflow/FlowSources.qll | 2 +- .../semmle/code/java/frameworks/ApacheHttp.qll | 8 ++------ .../ql/lib/semmle/code/java/frameworks/JAXB.qll | 4 ++-- .../semmle/code/java/security/Encryption.qll | 16 ++++++---------- java/ql/lib/semmle/code/java/security/XSS.qll | 3 +-- .../Likely Bugs/Concurrency/WaitOutsideLoop.ql | 2 +- .../CWE/CWE-319/UseSSLSocketFactories.ql | 17 +++++++++-------- .../CWE/CWE-676/PotentiallyDangerousFunction.ql | 12 +++++++----- .../CWE/CWE-078/CommandInjectionRuntimeExec.qll | 2 +- .../CWE/CWE-939/IncorrectURLVerification.ql | 3 +-- 10 files changed, 31 insertions(+), 38 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index 6befe289a17..3d5b74f4a35 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -301,7 +301,7 @@ class EnvReadMethod extends Method { /** The type `java.net.InetAddress`. */ class TypeInetAddr extends RefType { - TypeInetAddr() { this.getQualifiedName() = "java.net.InetAddress" } + TypeInetAddr() { this.hasQualifiedName("java.net", "InetAddress") } } /** A reverse DNS method. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll b/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll index 64e38a19e9d..61f6aa9a34e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll +++ b/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll @@ -6,16 +6,12 @@ import java private import semmle.code.java.dataflow.FlowSteps class ApacheHttpGetParams extends Method { - ApacheHttpGetParams() { - this.getDeclaringType().getQualifiedName() = "org.apache.http.HttpMessage" and - this.getName() = "getParams" - } + ApacheHttpGetParams() { this.hasQualifiedName("org.apache.http", "HttpMessage", "getParams") } } class ApacheHttpEntityGetContent extends Method { ApacheHttpEntityGetContent() { - this.getDeclaringType().getQualifiedName() = "org.apache.http.HttpEntity" and - this.getName() = "getContent" + this.hasQualifiedName("org.apache.http", "HttpEntity", "getContent") } } diff --git a/java/ql/lib/semmle/code/java/frameworks/JAXB.qll b/java/ql/lib/semmle/code/java/frameworks/JAXB.qll index 7d60673508d..e25add17ccb 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JAXB.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JAXB.qll @@ -4,14 +4,14 @@ import semmle.code.java.Type class JaxbElement extends Class { JaxbElement() { - this.getAnAncestor().getQualifiedName() = "javax.xml.bind.JAXBElement" or + this.getAnAncestor().hasQualifiedName("javax.xml.bind", "JAXBElement") or this.getAnAnnotation().getType().getName() = "XmlRootElement" } } class JaxbMarshalMethod extends Method { JaxbMarshalMethod() { - this.getDeclaringType().getQualifiedName() = "javax.xml.bind.Marshaller" and + this.getDeclaringType().hasQualifiedName("javax.xml.bind", "Marshaller") and this.getName() = "marshal" } } diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll index a3973d3efad..6fc7f6b7d16 100644 --- a/java/ql/lib/semmle/code/java/security/Encryption.qll +++ b/java/ql/lib/semmle/code/java/security/Encryption.qll @@ -284,8 +284,7 @@ abstract class JavaxCryptoAlgoSpec extends CryptoAlgoSpec { } class JavaxCryptoCipher extends JavaxCryptoAlgoSpec { JavaxCryptoCipher() { exists(Method m | m.getAReference() = this | - m.getDeclaringType().getQualifiedName() = "javax.crypto.Cipher" and - m.getName() = "getInstance" + m.hasQualifiedName("javax.crypto", "Cipher", "getInstance") ) } @@ -295,7 +294,7 @@ class JavaxCryptoCipher extends JavaxCryptoAlgoSpec { class JavaxCryptoSecretKey extends JavaxCryptoAlgoSpec { JavaxCryptoSecretKey() { exists(Constructor c | c.getAReference() = this | - c.getDeclaringType().getQualifiedName() = "javax.crypto.spec.SecretKeySpec" + c.getDeclaringType().hasQualifiedName("javax.crypto.spec", "SecretKeySpec") ) } @@ -320,8 +319,7 @@ class JavaxCryptoKeyGenerator extends JavaxCryptoAlgoSpec { class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec { JavaxCryptoKeyAgreement() { exists(Method m | m.getAReference() = this | - m.getDeclaringType().getQualifiedName() = "javax.crypto.KeyAgreement" and - m.getName() = "getInstance" + m.hasQualifiedName("javax.crypto", "KeyAgreement", "getInstance") ) } @@ -331,8 +329,7 @@ class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec { class JavaxCryptoKeyFactory extends JavaxCryptoAlgoSpec { JavaxCryptoKeyFactory() { exists(Method m | m.getAReference() = this | - m.getDeclaringType().getQualifiedName() = "javax.crypto.SecretKeyFactory" and - m.getName() = "getInstance" + m.hasQualifiedName("javax.crypto", "SecretKeyFactory", "getInstance") ) } @@ -348,8 +345,7 @@ class JavaSecurityMessageDigest extends JavaSecurityAlgoSpec { ) or exists(Method m | m.getAReference() = this | - m.getDeclaringType().hasQualifiedName("java.security", "MessageDigest") and - m.getName() = "getInstance" + m.hasQualifiedName("java.security", "MessageDigest", "getInstance") ) } @@ -359,7 +355,7 @@ class JavaSecurityMessageDigest extends JavaSecurityAlgoSpec { class JavaSecuritySignature extends JavaSecurityAlgoSpec { JavaSecuritySignature() { exists(Constructor c | c.getAReference() = this | - c.getDeclaringType().getQualifiedName() = "java.security.Signature" + c.getDeclaringType().hasQualifiedName("java.security", "Signature") ) } diff --git a/java/ql/lib/semmle/code/java/security/XSS.qll b/java/ql/lib/semmle/code/java/security/XSS.qll index 777e5fae062..e35f8f9e643 100644 --- a/java/ql/lib/semmle/code/java/security/XSS.qll +++ b/java/ql/lib/semmle/code/java/security/XSS.qll @@ -97,8 +97,7 @@ class XssVulnerableWriterSource extends MethodCall { this.getMethod() instanceof ServletResponseGetOutputStreamMethod or exists(Method m | m = this.getMethod() | - m.getDeclaringType().getQualifiedName() = "javax.servlet.jsp.JspContext" and - m.getName() = "getOut" + m.hasQualifiedName("javax.servlet.jsp", "JspContext", "getOut") ) or this.getMethod() instanceof FacesGetResponseWriterMethod diff --git a/java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql b/java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql index 6e1356ff1a1..bcbf3ffcbbe 100644 --- a/java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql +++ b/java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql @@ -16,7 +16,7 @@ import java class WaitMethod extends Method { WaitMethod() { this.getName() = "wait" and - this.getDeclaringType().getQualifiedName() = "java.lang.Object" + this.getDeclaringType() instanceof TypeObject } } diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql index 1ea08ca7319..13843884651 100644 --- a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql +++ b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql @@ -16,23 +16,24 @@ import semmle.code.java.security.Encryption class NetworkClass extends Class { NetworkClass() { - this.getAnAncestor().getQualifiedName().matches("java.rmi.%") or - this.getAnAncestor().getQualifiedName().matches("java.net.%") or - this.getAnAncestor().getQualifiedName().matches("javax.net.%") + this.getAnAncestor() + .getPackage() + .getName() + .regexpMatch("(java\\.net|java\\.rmi|javax\\.net)(\\..*)?") } } class SocketFactoryType extends RefType { SocketFactoryType() { - this.getQualifiedName() = "java.rmi.server.RMIServerSocketFactory" or - this.getQualifiedName() = "java.rmi.server.RMIClientSocketFactory" or - this.getQualifiedName() = "javax.net.SocketFactory" or - this.getQualifiedName() = "java.net.SocketImplFactory" + this.hasQualifiedName("java.rmi.server", "RMIServerSocketFactory") or + this.hasQualifiedName("java.rmi.server", "RMIClientSocketFactory") or + this.hasQualifiedName("javax.net", "SocketFactory") or + this.hasQualifiedName("java.net", "SocketImplFactory") } } /** Holds if the method `m` has a factory parameter at location `p`. */ -cached +pragma[nomagic] predicate usesFactory(Method m, int p) { m.getParameter(p).getType().(RefType).getAnAncestor() instanceof SocketFactoryType } diff --git a/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql b/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql index 0387a16eff6..c2405df11c9 100644 --- a/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +++ b/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql @@ -13,11 +13,13 @@ import java -predicate dangerousMethod(string descriptor) { descriptor = "java.lang.Thread.stop" } +predicate dangerousMethod(string pack, string type, string name) { + pack = "java.lang" and type = "Thread" and name = "stop" +} -from MethodCall call, Method target, string descriptor +from MethodCall call, Method target, string pack, string type, string name where call.getCallee() = target and - descriptor = target.getDeclaringType().getQualifiedName() + "." + target.getName() and - dangerousMethod(descriptor) -select call, "Call to " + descriptor + " is potentially dangerous." + target.hasQualifiedName(pack, type, name) and + dangerousMethod(pack, type, name) +select call, "Call to " + pack + "." + type + "." + name + " is potentially dangerous." diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll index a9ea1049187..280d6608aad 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll @@ -72,7 +72,7 @@ class ArrayInitAtNonZeroIndex extends DataFlow::Node { class StreamConcatAtNonZeroIndex extends DataFlow::Node { StreamConcatAtNonZeroIndex() { exists(MethodCall call, int index | - call.getMethod().getQualifiedName() = "java.util.stream.Stream.concat" and + call.getMethod().hasQualifiedName("java.util.stream", "Stream", "concat") and call.getArgument(index) = this.asExpr() and index != 0 ) diff --git a/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql b/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql index d12ea262aed..844e6760101 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql @@ -72,8 +72,7 @@ class HostVerificationMethodCall extends MethodCall { exists(MethodCall ma, Method m, Field f | this.getArgument(0) = ma and ma.getMethod() = m and - m.hasName("getString") and - m.getDeclaringType().getQualifiedName() = "android.content.res.Resources" and + m.hasQualifiedName("android.content.res", "Resources", "getString") and ma.getArgument(0).(FieldRead).getField() = f and f.getDeclaringType() instanceof AndroidRString ) //Check resource properties in /res/values/strings.xml in Android mobile applications using res.getString(R.string.key)