Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 26a9ba4

Browse files
aschackmullaschackmull
authored
Merge pull request #4898 from JLLeitschuh/feat/JLL/system_get_property
Add MethodAccessSystemGetProperty predicate
2 parents 7f25efd + ba4a562 commit 26a9ba4

5 files changed

Lines changed: 79 additions & 0 deletions

File tree

java/ql/src/semmle/code/java/JDK.qll

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -211,6 +211,21 @@ class MethodSystemGetProperty extends Method {
211211
}
212212
}
213213

214+
/**
215+
* An access to a method named `getProperty` on class `java.lang.System`.
216+
*/
217+
class MethodAccessSystemGetProperty extends MethodAccess {
218+
MethodAccessSystemGetProperty() { getMethod() instanceof MethodSystemGetProperty }
219+
220+
/**
221+
* Holds if this call has a compile-time constant first argument with the value `propertyName`.
222+
* For example: `System.getProperty("user.dir")`.
223+
*/
224+
predicate hasCompileTimeConstantGetPropertyName(string propertyName) {
225+
this.getArgument(0).(CompileTimeConstantExpr).getStringValue() = propertyName
226+
}
227+
}
228+
214229
/**
215230
* Any method named `exit` on class `java.lang.Runtime` or `java.lang.System`.
216231
*/

java/ql/test/library-tests/JDK/PrintAst.expected

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,3 +60,38 @@ jdk/A.java:
6060
# 28| 0: [ArrayTypeAccess] ...[]
6161
# 28| 0: [TypeAccess] String
6262
# 28| 5: [BlockStmt] stmt
63+
jdk/SystemGetPropertyCall.java:
64+
# 0| [CompilationUnit] SystemGetPropertyCall
65+
# 3| 1: [Class] SystemGetPropertyCall
66+
# 4| 3: [FieldDeclaration] String USER_DIR_PROPERTY, ...;
67+
# 4| -1: [TypeAccess] String
68+
# 4| 0: [StringLiteral] "user.dir"
69+
# 6| 4: [Method] a
70+
# 6| 3: [TypeAccess] void
71+
# 6| 5: [BlockStmt] stmt
72+
# 7| 0: [ExprStmt] stmt
73+
# 7| 0: [MethodAccess] getProperty(...)
74+
# 7| -1: [TypeAccess] System
75+
# 7| 0: [StringLiteral] "user.dir"
76+
# 10| 5: [Method] b
77+
# 10| 3: [TypeAccess] void
78+
# 10| 5: [BlockStmt] stmt
79+
# 11| 0: [ExprStmt] stmt
80+
# 11| 0: [MethodAccess] getProperty(...)
81+
# 11| -1: [TypeAccess] System
82+
# 11| 0: [StringLiteral] "user.dir"
83+
# 11| 1: [StringLiteral] "HOME"
84+
# 14| 6: [Method] c
85+
# 14| 3: [TypeAccess] void
86+
# 14| 5: [BlockStmt] stmt
87+
# 15| 0: [ExprStmt] stmt
88+
# 15| 0: [MethodAccess] getProperty(...)
89+
# 15| -1: [TypeAccess] System
90+
# 15| 0: [VarAccess] USER_DIR_PROPERTY
91+
# 18| 7: [Method] d
92+
# 18| 3: [TypeAccess] void
93+
# 18| 5: [BlockStmt] stmt
94+
# 19| 0: [ExprStmt] stmt
95+
# 19| 0: [MethodAccess] getProperty(...)
96+
# 19| -1: [TypeAccess] System
97+
# 19| 0: [StringLiteral] "random.property"

java/ql/test/library-tests/JDK/SystemGetPropertyCall.expected

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
| jdk/SystemGetPropertyCall.java:7:9:7:38 | getProperty(...) |
2+
| jdk/SystemGetPropertyCall.java:11:9:11:46 | getProperty(...) |
3+
| jdk/SystemGetPropertyCall.java:15:9:15:45 | getProperty(...) |

java/ql/test/library-tests/JDK/SystemGetPropertyCall.ql

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
import java
2+
3+
from MethodAccessSystemGetProperty ma
4+
where ma.hasCompileTimeConstantGetPropertyName("user.dir")
5+
select ma

java/ql/test/library-tests/JDK/jdk/SystemGetPropertyCall.java

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
package jdk;
2+
3+
public class SystemGetPropertyCall {
4+
private static final String USER_DIR_PROPERTY = "user.dir";
5+
6+
void a() {
7+
System.getProperty("user.dir");
8+
}
9+
10+
void b() {
11+
System.getProperty("user.dir", "HOME");
12+
}
13+
14+
void c() {
15+
System.getProperty(USER_DIR_PROPERTY);
16+
}
17+
18+
void d() {
19+
System.getProperty("random.property");
20+
}
21+
}

0 commit comments

Comments
 (0)