From f8e474f89afa969e493b4074339d1f44b51ded41 Mon Sep 17 00:00:00 2001
From: Marcono1234 <Marcono1234@users.noreply.github.com>
Date: Fri, 26 Jun 2020 23:56:01 +0200
Subject: [PATCH 1/2] Add missing java.nio.file.Files methods to
 FileReadWrite.qll

---
 .../semmle/code/java/security/FileReadWrite.qll  | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/java/ql/src/semmle/code/java/security/FileReadWrite.qll b/java/ql/src/semmle/code/java/security/FileReadWrite.qll
index 68cd987532c0..85020f60fd4f 100644
--- a/java/ql/src/semmle/code/java/security/FileReadWrite.qll
+++ b/java/ql/src/semmle/code/java/security/FileReadWrite.qll
@@ -9,9 +9,9 @@ private predicate fileRead(VarAccess fileAccess, Expr fileReadingExpr) {
     cie = fileReadingExpr and
     cie.getArgument(0) = fileAccess
   |
-    cie.getConstructedType().hasQualifiedName("java.io", "RandomAccessFile") or
-    cie.getConstructedType().hasQualifiedName("java.io", "FileReader") or
-    cie.getConstructedType().hasQualifiedName("java.io", "FileInputStream")
+    cie
+        .getConstructedType()
+        .hasQualifiedName("java.io", ["RandomAccessFile", "FileReader", "FileInputStream"])
   )
   or
   exists(MethodAccess ma, Method filesMethod |
@@ -22,13 +22,9 @@ private predicate fileRead(VarAccess fileAccess, Expr fileReadingExpr) {
       // represented by the first argument.
       filesMethod.getDeclaringType().hasQualifiedName("java.nio.file", "Files") and
       fileAccess = ma.getArgument(0) and
-      (
-        filesMethod.hasName("readAllBytes") or
-        filesMethod.hasName("readAllLines") or
-        filesMethod.hasName("newBufferedReader") or
-        filesMethod.hasName("newInputReader") or
-        filesMethod.hasName("newByteChannel")
-      )
+      filesMethod
+          .hasName(["readAllBytes", "readAllLines", "readString", "lines", "newBufferedReader",
+                "newInputReader", "newByteChannel"])
     )
   )
   or

From 0a9686709bf5945a16496edccf104fc6f3bf6458 Mon Sep 17 00:00:00 2001
From: Marcono1234 <Marcono1234@users.noreply.github.com>
Date: Sun, 5 Jul 2020 18:43:02 +0200
Subject: [PATCH 2/2] Fix wrong method name

---
 java/ql/src/semmle/code/java/security/FileReadWrite.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/semmle/code/java/security/FileReadWrite.qll b/java/ql/src/semmle/code/java/security/FileReadWrite.qll
index 85020f60fd4f..f6aec6e9999c 100644
--- a/java/ql/src/semmle/code/java/security/FileReadWrite.qll
+++ b/java/ql/src/semmle/code/java/security/FileReadWrite.qll
@@ -24,7 +24,7 @@ private predicate fileRead(VarAccess fileAccess, Expr fileReadingExpr) {
       fileAccess = ma.getArgument(0) and
       filesMethod
           .hasName(["readAllBytes", "readAllLines", "readString", "lines", "newBufferedReader",
-                "newInputReader", "newByteChannel"])
+                "newInputStream", "newByteChannel"])
     )
   )
   or