Add MethodAccessSystemGetProperty predicate

JLLeitschuh · JLLeitschuh · commit 54950c2f42ca · 2021-01-01T20:07:45.000-05:00
diff --git a/java/ql/src/semmle/code/java/JDK.qll b/java/ql/src/semmle/code/java/JDK.qll
@@ -211,6 +211,21 @@ class MethodSystemGetProperty extends Method {
   }
 }
 
+/**
+ * Any method access to a method named `getProperty` on class `java.lang.System`.
+ */
+class MethodAccessSystemGetProperty extends MethodAccess {
+  MethodAccessSystemGetProperty() { getMethod() instanceof MethodSystemGetProperty }
+
+  /**
+   * Holds true if this is a compile-time constant call for the specified `propertyName`.
+   * Eg. `System.getProperty("user.dir")`.
+   */
+  predicate hasCompileTimeConstantGetPropertyName(string propertyName) {
+    this.getArgument(0).(CompileTimeConstantExpr).getStringValue() = propertyName
+  }
+}
+
 /**
  * Any method named `exit` on class `java.lang.Runtime` or `java.lang.System`.
  */
diff --git a/java/ql/src/semmle/code/java/PrintAst.ql b/java/ql/src/semmle/code/java/PrintAst.ql
@@ -16,5 +16,6 @@ class PrintAstConfigurationOverride extends PrintAstConfiguration {
   /**
    * TWEAK THIS PREDICATE AS NEEDED.
    */
-  override predicate shouldPrint(Element e, Location l) { super.shouldPrint(e, l) }
+  override predicate shouldPrint(Element e, Location l) { super.shouldPrint(e, l) and 
+    not l.getFile().getBaseName().matches("SystemGetPropertyCall.java") }
 }
diff --git a/java/ql/test/library-tests/JDK/SystemGetPropertyCall.expected b/java/ql/test/library-tests/JDK/SystemGetPropertyCall.expected
@@ -0,0 +1,3 @@
+| jdk/SystemGetPropertyCall.java:7:9:7:38 | getProperty(...) |
+| jdk/SystemGetPropertyCall.java:11:9:11:46 | getProperty(...) |
+| jdk/SystemGetPropertyCall.java:15:9:15:45 | getProperty(...) |
diff --git a/java/ql/test/library-tests/JDK/SystemGetPropertyCall.ql b/java/ql/test/library-tests/JDK/SystemGetPropertyCall.ql
@@ -0,0 +1,10 @@
+/**
+ * @name SystemCall
+ * @description Test the definition of System Get Property
+ */
+
+import default
+
+from MethodAccessSystemGetProperty ma
+where ma.hasCompileTimeConstantGetPropertyName("user.dir")
+select ma
diff --git a/java/ql/test/library-tests/JDK/jdk/SystemGetPropertyCall.java b/java/ql/test/library-tests/JDK/jdk/SystemGetPropertyCall.java
@@ -0,0 +1,21 @@
+package jdk;
+
+public class SystemGetPropertyCall {
+    private static final String USER_DIR_PROPERTY = "user.dir";
+
+    void a() {
+        System.getProperty("user.dir");
+    }
+
+    void b() {
+        System.getProperty("user.dir", "HOME");
+    }
+
+    void c() {
+        System.getProperty(USER_DIR_PROPERTY);
+    }
+
+    void d() {
+        System.getProperty("random.property");
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -16,5 +16,6 @@ class PrintAstConfigurationOverride extends PrintAstConfiguration {`
`16`	`16`	`/**`
`17`	`17`	`* TWEAK THIS PREDICATE AS NEEDED.`
`18`	`18`	`*/`
`19`		`- override predicate shouldPrint(Element e, Location l) { super.shouldPrint(e, l) }`
	`19`	`+ override predicate shouldPrint(Element e, Location l) { super.shouldPrint(e, l) and`
	`20`	`+ not l.getFile().getBaseName().matches("SystemGetPropertyCall.java") }`
`20`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+\| jdk/SystemGetPropertyCall.java:7:9:7:38 \| getProperty(...) \|`
	`2`	`+\| jdk/SystemGetPropertyCall.java:11:9:11:46 \| getProperty(...) \|`
	`3`	`+\| jdk/SystemGetPropertyCall.java:15:9:15:45 \| getProperty(...) \|`