diff --git a/docs/codeql/ql-training/query-examples/java/data-flow-java-1.ql b/docs/codeql/ql-training/query-examples/java/data-flow-java-1.ql index ca14242c10a5..4bc121965b58 100644 --- a/docs/codeql/ql-training/query-examples/java/data-flow-java-1.ql +++ b/docs/codeql/ql-training/query-examples/java/data-flow-java-1.ql @@ -4,7 +4,7 @@ class StringConcat extends AddExpr { StringConcat() { getType() instanceof TypeString } } -from MethodAccess ma +from MethodCall ma where ma.getMethod().getName().matches("sparql%Query") and ma.getArgument(0) instanceof StringConcat diff --git a/docs/codeql/ql-training/query-examples/java/data-flow-java-2.ql b/docs/codeql/ql-training/query-examples/java/data-flow-java-2.ql index 87f41f59fe27..552b9babdbda 100644 --- a/docs/codeql/ql-training/query-examples/java/data-flow-java-2.ql +++ b/docs/codeql/ql-training/query-examples/java/data-flow-java-2.ql @@ -1,7 +1,7 @@ import java import semmle.code.java.dataflow.DataFlow::DataFlow -from MethodAccess ma, StringConcat stringConcat +from MethodCall ma, StringConcat stringConcat where ma.getMethod().getName().matches("sparql%Query") and localFlow(exprNode(stringConcat), exprNode(ma.getArgument(0))) diff --git a/docs/codeql/ql-training/query-examples/java/query-injection-java-1.ql b/docs/codeql/ql-training/query-examples/java/query-injection-java-1.ql index e9ad5a7113e3..9993a4cffb89 100644 --- a/docs/codeql/ql-training/query-examples/java/query-injection-java-1.ql +++ b/docs/codeql/ql-training/query-examples/java/query-injection-java-1.ql @@ -1,6 +1,6 @@ import java -from Method m, MethodAccess ma +from Method m, MethodCall ma where m.getName().matches("sparql%Query") and ma.getMethod() = m diff --git a/docs/codeql/ql-training/query-examples/java/query-injection-java-2.ql b/docs/codeql/ql-training/query-examples/java/query-injection-java-2.ql index bb2e76d168a2..98f2279b4e50 100644 --- a/docs/codeql/ql-training/query-examples/java/query-injection-java-2.ql +++ b/docs/codeql/ql-training/query-examples/java/query-injection-java-2.ql @@ -1,6 +1,6 @@ import java -from Method m, MethodAccess ma +from Method m, MethodCall ma where m.getName().matches("sparql%Query") and ma.getMethod() = m and diff --git a/docs/codeql/ql-training/query-examples/java/query-injection-java-3.ql b/docs/codeql/ql-training/query-examples/java/query-injection-java-3.ql index 9c7186ce4bfb..ebe52bbe3595 100644 --- a/docs/codeql/ql-training/query-examples/java/query-injection-java-3.ql +++ b/docs/codeql/ql-training/query-examples/java/query-injection-java-3.ql @@ -2,7 +2,7 @@ import java predicate isStringConcat(AddExpr ae) { ae.getType() instanceof TypeString } -from Method m, MethodAccess ma +from Method m, MethodCall ma where m.getName().matches("sparql%Query") and ma.getMethod() = m and diff --git a/java/ql/consistency-queries/calls.ql b/java/ql/consistency-queries/calls.ql index 78ebc3fa9a68..85f4f47f38dd 100644 --- a/java/ql/consistency-queries/calls.ql +++ b/java/ql/consistency-queries/calls.ql @@ -1,6 +1,6 @@ import java -from MethodAccess ma +from MethodCall ma // Generally Kotlin calls will always use an explicit qualifier, except for calls // to the synthetic instance initializer , which use an implicit `this`. where diff --git a/java/ql/consistency-queries/cfgDeadEnds.ql b/java/ql/consistency-queries/cfgDeadEnds.ql index c0f2e6cfe1ff..73c30015a6fc 100644 --- a/java/ql/consistency-queries/cfgDeadEnds.ql +++ b/java/ql/consistency-queries/cfgDeadEnds.ql @@ -44,7 +44,7 @@ predicate shouldBeDeadEnd(ControlFlowNode n) { or n instanceof WildcardTypeAccess // TODO or - n instanceof MethodAccess // TODO + n instanceof MethodCall // TODO or n instanceof Method or diff --git a/java/ql/consistency-queries/children.ql b/java/ql/consistency-queries/children.ql index b22fd56d0446..7386ee79c000 100644 --- a/java/ql/consistency-queries/children.ql +++ b/java/ql/consistency-queries/children.ql @@ -37,11 +37,11 @@ predicate gapInChildren(Element e, int i) { // For statements may or may not declare a new variable (child 0), or // have a condition (child 1). not (e instanceof ForStmt and i = [0, 1]) and - // TODO: Clarify situation with Kotlin and MethodAccess. + // TODO: Clarify situation with Kotlin and MethodCall. // -1 can be skipped (type arguments from -2 down, no qualifier at -1, // then arguments from 0). // Can we also skip arguments, e.g. due to defaults for parameters? - not (e instanceof MethodAccess and e.getFile().isKotlinSourceFile()) and + not (e instanceof MethodCall and e.getFile().isKotlinSourceFile()) and // Kotlin-extracted annotations can have missing children where a default // value should be, because kotlinc doesn't load annotation defaults and we // want to leave a space for another extractor to fill in the default if it diff --git a/java/ql/examples/snippets/method_call.ql b/java/ql/examples/snippets/method_call.ql index e7bd527ef44d..7c4296f49af6 100644 --- a/java/ql/examples/snippets/method_call.ql +++ b/java/ql/examples/snippets/method_call.ql @@ -8,7 +8,7 @@ import java -from MethodAccess call, Method method +from MethodCall call, Method method where call.getMethod() = method and method.hasName("methodName") and diff --git a/java/ql/examples/snippets/mutualrecursion.ql b/java/ql/examples/snippets/mutualrecursion.ql index 67a3f12e7807..71d038c16e8d 100644 --- a/java/ql/examples/snippets/mutualrecursion.ql +++ b/java/ql/examples/snippets/mutualrecursion.ql @@ -10,7 +10,7 @@ import java from Method m, Method n where - exists(MethodAccess ma | ma.getCaller() = m and ma.getCallee() = n) and - exists(MethodAccess ma | ma.getCaller() = n and ma.getCallee() = m) and + exists(MethodCall ma | ma.getCaller() = m and ma.getCallee() = n) and + exists(MethodCall ma | ma.getCaller() = n and ma.getCallee() = m) and m != n select m, n diff --git a/java/ql/examples/snippets/null_argument.ql b/java/ql/examples/snippets/null_argument.ql index 116642b8aaf6..68523b812e41 100644 --- a/java/ql/examples/snippets/null_argument.ql +++ b/java/ql/examples/snippets/null_argument.ql @@ -11,7 +11,7 @@ import java -from MethodAccess call, Method add +from MethodCall call, Method add where call.getMethod().overrides*(add) and add.hasName("add") and diff --git a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/PrintAst.expected b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/PrintAst.expected index 6da5da6d522f..ce525f1727be 100644 --- a/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/PrintAst.expected +++ b/java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/PrintAst.expected @@ -10,10 +10,10 @@ User.java: # 3| 0: [TypeAccess] Ann2 # 3| 5: [BlockStmt] { ... } # 4| 0: [ExprStmt] ; -# 4| 0: [MethodAccess] x(...) +# 4| 0: [MethodCall] x(...) # 4| -1: [VarAccess] a1 # 4| 1: [ExprStmt] ; -# 4| 0: [MethodAccess] z(...) +# 4| 0: [MethodCall] z(...) # 4| -1: [VarAccess] a2 # 4| 2: [ExprStmt] ; # 4| 0: [ClassInstanceExpr] new Annotated(...) @@ -49,7 +49,7 @@ ktUser.kt: # 8| 3: [ExprStmt] ; # 8| 0: [ImplicitCoercionToUnitExpr] # 8| 0: [TypeAccess] Unit -# 8| 1: [MethodAccess] isJavaLetter(...) +# 8| 1: [MethodCall] isJavaLetter(...) # 8| -1: [TypeAccess] Character # 8| 0: [CharacterLiteral] a test.kt: diff --git a/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ql b/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ql index 65f447971164..fe412adce903 100644 --- a/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ql +++ b/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ql @@ -5,7 +5,7 @@ private import semmle.code.java.dataflow.ExternalFlow module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node n) { - n.asExpr().(MethodAccess).getCallee().getName() = "source" + n.asExpr().(MethodCall).getCallee().getName() = "source" or sourceNode(n, "kotlinMadFlowTest") } diff --git a/java/ql/integration-tests/all-platforms/kotlin/external-property-overloads/test.ql b/java/ql/integration-tests/all-platforms/kotlin/external-property-overloads/test.ql index 9e692390fa84..ef2918cb9554 100644 --- a/java/ql/integration-tests/all-platforms/kotlin/external-property-overloads/test.ql +++ b/java/ql/integration-tests/all-platforms/kotlin/external-property-overloads/test.ql @@ -1,4 +1,4 @@ import java -from MethodAccess ma +from MethodCall ma select ma, ma.getCallee() diff --git a/java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/PrintAst.expected b/java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/PrintAst.expected index a81cadccd10c..752db3cd6471 100644 --- a/java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/PrintAst.expected +++ b/java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/PrintAst.expected @@ -31,11 +31,11 @@ app/src/main/kotlin/testProject/App.kt: # 7| 0: [IntegerLiteral] 3 # 7| 1: [VarAccess] seen1 # 7| 1: [ExprStmt] ; -# 7| 0: [MethodAccess] throwMissingFieldException(...) +# 7| 0: [MethodCall] throwMissingFieldException(...) # 7| -1: [TypeAccess] PluginExceptionsKt # 7| 0: [VarAccess] seen1 # 7| 1: [IntegerLiteral] 3 -# 7| 2: [MethodAccess] getDescriptor(...) +# 7| 2: [MethodCall] getDescriptor(...) # 7| -1: [VarAccess] INSTANCE # 7| 1: [SuperConstructorInvocationStmt] super(...) # 7| 2: [ExprStmt] ; @@ -118,7 +118,7 @@ app/src/main/kotlin/testProject/App.kt: # 0| 1: [VarAccess] p0.language # 0| -1: [VarAccess] p0 # 0| 2: [ReturnStmt] return ... -# 0| 0: [MethodAccess] copy(...) +# 0| 0: [MethodCall] copy(...) # 0| -1: [VarAccess] p0 # 0| 0: [VarAccess] p1 # 0| 1: [VarAccess] p2 @@ -176,7 +176,7 @@ app/src/main/kotlin/testProject/App.kt: # 0| 5: [BlockStmt] { ... } # 0| 0: [LocalVariableDeclStmt] var ...; # 0| 1: [LocalVariableDeclExpr] result -# 0| 0: [MethodAccess] hashCode(...) +# 0| 0: [MethodCall] hashCode(...) # 0| -1: [VarAccess] this.name # 0| -1: [ThisAccess] this # 0| 1: [ExprStmt] ; @@ -186,7 +186,7 @@ app/src/main/kotlin/testProject/App.kt: # 0| 0: [MulExpr] ... * ... # 0| 0: [VarAccess] result # 0| 1: [IntegerLiteral] 31 -# 0| 1: [MethodAccess] hashCode(...) +# 0| 1: [MethodCall] hashCode(...) # 0| -1: [VarAccess] this.language # 0| -1: [ThisAccess] this # 0| 2: [ReturnStmt] return ... @@ -226,18 +226,18 @@ app/src/main/kotlin/testProject/App.kt: # 0| 0: [TypeAccess] SerialDescriptor # 7| 5: [BlockStmt] { ... } # 7| 0: [ExprStmt] ; -# 7| 0: [MethodAccess] encodeStringElement(...) +# 7| 0: [MethodCall] encodeStringElement(...) # 7| -1: [VarAccess] output # 7| 0: [VarAccess] serialDesc # 7| 1: [IntegerLiteral] 0 -# 7| 2: [MethodAccess] getName(...) +# 7| 2: [MethodCall] getName(...) # 7| -1: [VarAccess] self # 7| 1: [ExprStmt] ; -# 7| 0: [MethodAccess] encodeIntElement(...) +# 7| 0: [MethodCall] encodeIntElement(...) # 7| -1: [VarAccess] output # 7| 0: [VarAccess] serialDesc # 7| 1: [IntegerLiteral] 1 -# 7| 2: [MethodAccess] getLanguage(...) +# 7| 2: [MethodCall] getLanguage(...) # 7| -1: [VarAccess] self # 7| 10: [Class] $serializer #-----| -3: (Annotations) @@ -274,7 +274,7 @@ app/src/main/kotlin/testProject/App.kt: # 7| 5: [BlockStmt] { ... } # 7| 0: [LocalVariableDeclStmt] var ...; # 7| 1: [LocalVariableDeclExpr] tmp0_desc -# 7| 0: [MethodAccess] getDescriptor(...) +# 7| 0: [MethodCall] getDescriptor(...) # 7| -1: [ThisAccess] this # 7| 1: [LocalVariableDeclStmt] var ...; # 7| 1: [LocalVariableDeclExpr] tmp1_flag @@ -293,20 +293,20 @@ app/src/main/kotlin/testProject/App.kt: # 7| 0: [IntegerLiteral] 0 # 7| 6: [LocalVariableDeclStmt] var ...; # 7| 1: [LocalVariableDeclExpr] tmp6_input -# 7| 0: [MethodAccess] beginStructure(...) +# 7| 0: [MethodCall] beginStructure(...) # 7| -1: [VarAccess] decoder # 7| 0: [VarAccess] tmp0_desc # 7| 7: [ExprStmt] ; # 7| 0: [WhenExpr] when ... # 7| 0: [WhenBranch] ... -> ... -# 7| 0: [MethodAccess] decodeSequentially(...) +# 7| 0: [MethodCall] decodeSequentially(...) # 7| -1: [VarAccess] tmp6_input # 7| 1: [BlockStmt] { ... } # 7| 0: [BlockStmt] { ... } # 7| 0: [ExprStmt] ; # 7| 0: [AssignExpr] ...=... # 7| 0: [VarAccess] tmp4_local0 -# 7| 1: [MethodAccess] decodeStringElement(...) +# 7| 1: [MethodCall] decodeStringElement(...) # 7| -1: [VarAccess] tmp6_input # 7| 0: [VarAccess] tmp0_desc # 7| 1: [IntegerLiteral] 0 @@ -320,7 +320,7 @@ app/src/main/kotlin/testProject/App.kt: # 7| 0: [ExprStmt] ; # 7| 0: [AssignExpr] ...=... # 7| 0: [VarAccess] tmp5_local1 -# 7| 1: [MethodAccess] decodeIntElement(...) +# 7| 1: [MethodCall] decodeIntElement(...) # 7| -1: [VarAccess] tmp6_input # 7| 0: [VarAccess] tmp0_desc # 7| 1: [IntegerLiteral] 1 @@ -338,7 +338,7 @@ app/src/main/kotlin/testProject/App.kt: # 7| 0: [ExprStmt] ; # 7| 0: [AssignExpr] ...=... # 7| 0: [VarAccess] tmp2_index -# 7| 1: [MethodAccess] decodeElementIndex(...) +# 7| 1: [MethodCall] decodeElementIndex(...) # 7| -1: [VarAccess] tmp6_input # 7| 0: [VarAccess] tmp0_desc # 7| 1: [ExprStmt] ; @@ -359,7 +359,7 @@ app/src/main/kotlin/testProject/App.kt: # 7| 0: [ExprStmt] ; # 7| 0: [AssignExpr] ...=... # 7| 0: [VarAccess] tmp4_local0 -# 7| 1: [MethodAccess] decodeStringElement(...) +# 7| 1: [MethodCall] decodeStringElement(...) # 7| -1: [VarAccess] tmp6_input # 7| 0: [VarAccess] tmp0_desc # 7| 1: [IntegerLiteral] 0 @@ -377,7 +377,7 @@ app/src/main/kotlin/testProject/App.kt: # 7| 0: [ExprStmt] ; # 7| 0: [AssignExpr] ...=... # 7| 0: [VarAccess] tmp5_local1 -# 7| 1: [MethodAccess] decodeIntElement(...) +# 7| 1: [MethodCall] decodeIntElement(...) # 7| -1: [VarAccess] tmp6_input # 7| 0: [VarAccess] tmp0_desc # 7| 1: [IntegerLiteral] 1 @@ -394,7 +394,7 @@ app/src/main/kotlin/testProject/App.kt: # 7| -3: [TypeAccess] UnknownFieldException # 7| 0: [VarAccess] tmp2_index # 7| 8: [ExprStmt] ; -# 7| 0: [MethodAccess] endStructure(...) +# 7| 0: [MethodCall] endStructure(...) # 7| -1: [VarAccess] tmp6_input # 7| 0: [VarAccess] tmp0_desc # 7| 9: [ReturnStmt] return ... @@ -426,21 +426,21 @@ app/src/main/kotlin/testProject/App.kt: # 7| 5: [BlockStmt] { ... } # 7| 0: [LocalVariableDeclStmt] var ...; # 7| 1: [LocalVariableDeclExpr] tmp0_desc -# 7| 0: [MethodAccess] getDescriptor(...) +# 7| 0: [MethodCall] getDescriptor(...) # 7| -1: [ThisAccess] this # 7| 1: [LocalVariableDeclStmt] var ...; # 7| 1: [LocalVariableDeclExpr] tmp1_output -# 7| 0: [MethodAccess] beginStructure(...) +# 7| 0: [MethodCall] beginStructure(...) # 7| -1: [VarAccess] encoder # 7| 0: [VarAccess] tmp0_desc # 7| 2: [ExprStmt] ; -# 7| 0: [MethodAccess] write$Self(...) +# 7| 0: [MethodCall] write$Self(...) # 7| -1: [TypeAccess] Project # 7| 0: [VarAccess] value # 7| 1: [VarAccess] tmp1_output # 7| 2: [VarAccess] tmp0_desc # 7| 3: [ExprStmt] ; -# 7| 0: [MethodAccess] endStructure(...) +# 7| 0: [MethodCall] endStructure(...) # 7| -1: [VarAccess] tmp1_output # 7| 0: [VarAccess] tmp0_desc # 7| 6: [Constructor] $serializer @@ -456,12 +456,12 @@ app/src/main/kotlin/testProject/App.kt: # 7| 0: [TypeAccess] $serializer # 7| 2: [IntegerLiteral] 2 # 7| 1: [ExprStmt] ; -# 7| 0: [MethodAccess] addElement(...) +# 7| 0: [MethodCall] addElement(...) # 7| -1: [VarAccess] tmp0_serialDesc # 7| 0: [StringLiteral] "name" # 7| 1: [BooleanLiteral] false # 7| 2: [ExprStmt] ; -# 7| 0: [MethodAccess] addElement(...) +# 7| 0: [MethodCall] addElement(...) # 7| -1: [VarAccess] tmp0_serialDesc # 7| 0: [StringLiteral] "language" # 7| 1: [BooleanLiteral] false @@ -477,7 +477,7 @@ app/src/main/kotlin/testProject/App.kt: # 7| 0: [WildcardTypeAccess] ? ... # 7| 5: [BlockStmt] { ... } # 7| 0: [ReturnStmt] return ... -# 7| 0: [MethodAccess] typeParametersSerializers(...) +# 7| 0: [MethodCall] typeParametersSerializers(...) # 7| -1: [SuperAccess] GeneratedSerializer.super # 7| 0: [TypeAccess] GeneratedSerializer # 7| 11: [Class] Companion @@ -564,11 +564,11 @@ app/src/main/kotlin/testProject/App.kt: # 14| 0: [IntegerLiteral] 0 # 14| 1: [VarAccess] seen1 # 14| 1: [ExprStmt] ; -# 14| 0: [MethodAccess] throwMissingFieldException(...) +# 14| 0: [MethodCall] throwMissingFieldException(...) # 14| -1: [TypeAccess] PluginExceptionsKt # 14| 0: [VarAccess] seen1 # 14| 1: [IntegerLiteral] 0 -# 14| 2: [MethodAccess] getDescriptor(...) +# 14| 2: [MethodCall] getDescriptor(...) # 14| -1: [VarAccess] INSTANCE # 14| 1: [SuperConstructorInvocationStmt] super(...) # 14| 2: [ExprStmt] ; @@ -616,7 +616,7 @@ app/src/main/kotlin/testProject/App.kt: # 14| 0: [WhenBranch] ... -> ... # 14| 0: [WhenExpr] when ... # 14| 0: [WhenBranch] ... -> ... -# 14| 0: [MethodAccess] shouldEncodeElementDefault(...) +# 14| 0: [MethodCall] shouldEncodeElementDefault(...) # 14| -1: [VarAccess] output # 14| 0: [VarAccess] serialDesc # 14| 1: [IntegerLiteral] 0 @@ -626,15 +626,15 @@ app/src/main/kotlin/testProject/App.kt: # 14| 0: [BooleanLiteral] true # 14| 1: [ExprStmt] ; # 14| 0: [ValueNEExpr] ... (value not-equals) ... -# 14| 0: [MethodAccess] getId(...) +# 14| 0: [MethodCall] getId(...) # 14| -1: [VarAccess] self # 16| 1: [StringLiteral] "X" # 14| 1: [ExprStmt] ; -# 14| 0: [MethodAccess] encodeStringElement(...) +# 14| 0: [MethodCall] encodeStringElement(...) # 14| -1: [VarAccess] output # 14| 0: [VarAccess] serialDesc # 14| 1: [IntegerLiteral] 0 -# 14| 2: [MethodAccess] getId(...) +# 14| 2: [MethodCall] getId(...) # 14| -1: [VarAccess] self # 14| 3: [Class] $serializer #-----| -3: (Annotations) @@ -671,7 +671,7 @@ app/src/main/kotlin/testProject/App.kt: # 14| 5: [BlockStmt] { ... } # 14| 0: [LocalVariableDeclStmt] var ...; # 14| 1: [LocalVariableDeclExpr] tmp0_desc -# 14| 0: [MethodAccess] getDescriptor(...) +# 14| 0: [MethodCall] getDescriptor(...) # 14| -1: [ThisAccess] this # 14| 1: [LocalVariableDeclStmt] var ...; # 14| 1: [LocalVariableDeclExpr] tmp1_flag @@ -687,20 +687,20 @@ app/src/main/kotlin/testProject/App.kt: # 14| 0: [NullLiteral] null # 14| 5: [LocalVariableDeclStmt] var ...; # 14| 1: [LocalVariableDeclExpr] tmp5_input -# 14| 0: [MethodAccess] beginStructure(...) +# 14| 0: [MethodCall] beginStructure(...) # 14| -1: [VarAccess] decoder # 14| 0: [VarAccess] tmp0_desc # 14| 6: [ExprStmt] ; # 14| 0: [WhenExpr] when ... # 14| 0: [WhenBranch] ... -> ... -# 14| 0: [MethodAccess] decodeSequentially(...) +# 14| 0: [MethodCall] decodeSequentially(...) # 14| -1: [VarAccess] tmp5_input # 14| 1: [BlockStmt] { ... } # 14| 0: [BlockStmt] { ... } # 14| 0: [ExprStmt] ; # 14| 0: [AssignExpr] ...=... # 14| 0: [VarAccess] tmp4_local0 -# 14| 1: [MethodAccess] decodeStringElement(...) +# 14| 1: [MethodCall] decodeStringElement(...) # 14| -1: [VarAccess] tmp5_input # 14| 0: [VarAccess] tmp0_desc # 14| 1: [IntegerLiteral] 0 @@ -718,7 +718,7 @@ app/src/main/kotlin/testProject/App.kt: # 14| 0: [ExprStmt] ; # 14| 0: [AssignExpr] ...=... # 14| 0: [VarAccess] tmp2_index -# 14| 1: [MethodAccess] decodeElementIndex(...) +# 14| 1: [MethodCall] decodeElementIndex(...) # 14| -1: [VarAccess] tmp5_input # 14| 0: [VarAccess] tmp0_desc # 14| 1: [ExprStmt] ; @@ -739,7 +739,7 @@ app/src/main/kotlin/testProject/App.kt: # 14| 0: [ExprStmt] ; # 14| 0: [AssignExpr] ...=... # 14| 0: [VarAccess] tmp4_local0 -# 14| 1: [MethodAccess] decodeStringElement(...) +# 14| 1: [MethodCall] decodeStringElement(...) # 14| -1: [VarAccess] tmp5_input # 14| 0: [VarAccess] tmp0_desc # 14| 1: [IntegerLiteral] 0 @@ -756,7 +756,7 @@ app/src/main/kotlin/testProject/App.kt: # 14| -3: [TypeAccess] UnknownFieldException # 14| 0: [VarAccess] tmp2_index # 14| 7: [ExprStmt] ; -# 14| 0: [MethodAccess] endStructure(...) +# 14| 0: [MethodCall] endStructure(...) # 14| -1: [VarAccess] tmp5_input # 14| 0: [VarAccess] tmp0_desc # 14| 8: [ReturnStmt] return ... @@ -787,21 +787,21 @@ app/src/main/kotlin/testProject/App.kt: # 14| 5: [BlockStmt] { ... } # 14| 0: [LocalVariableDeclStmt] var ...; # 14| 1: [LocalVariableDeclExpr] tmp0_desc -# 14| 0: [MethodAccess] getDescriptor(...) +# 14| 0: [MethodCall] getDescriptor(...) # 14| -1: [ThisAccess] this # 14| 1: [LocalVariableDeclStmt] var ...; # 14| 1: [LocalVariableDeclExpr] tmp1_output -# 14| 0: [MethodAccess] beginStructure(...) +# 14| 0: [MethodCall] beginStructure(...) # 14| -1: [VarAccess] encoder # 14| 0: [VarAccess] tmp0_desc # 14| 2: [ExprStmt] ; -# 14| 0: [MethodAccess] write$Self(...) +# 14| 0: [MethodCall] write$Self(...) # 14| -1: [TypeAccess] X # 14| 0: [VarAccess] value # 14| 1: [VarAccess] tmp1_output # 14| 2: [VarAccess] tmp0_desc # 14| 3: [ExprStmt] ; -# 14| 0: [MethodAccess] endStructure(...) +# 14| 0: [MethodCall] endStructure(...) # 14| -1: [VarAccess] tmp1_output # 14| 0: [VarAccess] tmp0_desc # 14| 6: [Constructor] $serializer @@ -817,7 +817,7 @@ app/src/main/kotlin/testProject/App.kt: # 14| 0: [TypeAccess] $serializer # 14| 2: [IntegerLiteral] 1 # 14| 1: [ExprStmt] ; -# 14| 0: [MethodAccess] addElement(...) +# 14| 0: [MethodCall] addElement(...) # 14| -1: [VarAccess] tmp0_serialDesc # 14| 0: [StringLiteral] "id" # 14| 1: [BooleanLiteral] true @@ -833,7 +833,7 @@ app/src/main/kotlin/testProject/App.kt: # 14| 0: [WildcardTypeAccess] ? ... # 14| 5: [BlockStmt] { ... } # 14| 0: [ReturnStmt] return ... -# 14| 0: [MethodAccess] typeParametersSerializers(...) +# 14| 0: [MethodCall] typeParametersSerializers(...) # 14| -1: [SuperAccess] GeneratedSerializer.super # 14| 0: [TypeAccess] GeneratedSerializer # 14| 4: [Class] Companion diff --git a/java/ql/integration-tests/all-platforms/kotlin/nested_generic_types/test.ql b/java/ql/integration-tests/all-platforms/kotlin/nested_generic_types/test.ql index 5e6bd22674a6..b92e3466a87d 100644 --- a/java/ql/integration-tests/all-platforms/kotlin/nested_generic_types/test.ql +++ b/java/ql/integration-tests/all-platforms/kotlin/nested_generic_types/test.ql @@ -30,9 +30,7 @@ query predicate nestedTypes(NestedType nt, RefType parent) { parent = nt.getEnclosingType() } -query predicate javaKotlinCalleeAgreement( - MethodAccess javaMa, MethodAccess kotlinMa, Callable callee -) { +query predicate javaKotlinCalleeAgreement(MethodCall javaMa, MethodCall kotlinMa, Callable callee) { javaMa.getCallee() = callee and kotlinMa.getCallee() = callee and javaMa.getFile().getExtension() = "java" and diff --git a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/PrintAst.expected b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/PrintAst.expected index 6921b7541ad5..8d6c37e053a2 100644 --- a/java/ql/integration-tests/linux-only/kotlin/custom_plugin/PrintAst.expected +++ b/java/ql/integration-tests/linux-only/kotlin/custom_plugin/PrintAst.expected @@ -39,7 +39,7 @@ c.kt: # 0| 0: [TypeAccess] ProcessBuilder # 0| 5: [BlockStmt] { ... } # 0| 0: [ReturnStmt] return ... -# 0| 0: [MethodAccess] start(...) +# 0| 0: [MethodCall] start(...) # 0| -1: [VarAccess] param # 1| 2: [Constructor] C # 1| 5: [BlockStmt] { ... } @@ -62,7 +62,7 @@ e.kt: # 0| 3: [TypeAccess] boolean # 0| 5: [BlockStmt] { ... } # 0| 0: [ReturnStmt] return ... -# 0| 0: [MethodAccess] add(...) +# 0| 0: [MethodCall] add(...) # 0| -1: [ClassInstanceExpr] new ArrayList(...) # 0| -3: [TypeAccess] ArrayList # 0| 0: [IntegerLiteral] 1 @@ -71,7 +71,7 @@ e.kt: # 0| 3: [TypeAccess] Object # 0| 5: [BlockStmt] { ... } # 0| 0: [ReturnStmt] return ... -# 0| 0: [MethodAccess] put(...) +# 0| 0: [MethodCall] put(...) # 0| -1: [ClassInstanceExpr] new LinkedHashMap(...) # 0| -3: [TypeAccess] LinkedHashMap # 0| 0: [IntegerLiteral] 1 diff --git a/java/ql/integration-tests/posix-only/kotlin/generic-extension-property/test.ql b/java/ql/integration-tests/posix-only/kotlin/generic-extension-property/test.ql index b53b2fb30698..b34f4aa8da7e 100644 --- a/java/ql/integration-tests/posix-only/kotlin/generic-extension-property/test.ql +++ b/java/ql/integration-tests/posix-only/kotlin/generic-extension-property/test.ql @@ -1,4 +1,4 @@ import java -from MethodAccess ma +from MethodCall ma select ma, ma.getCallee().toString(), ma.getCallee().getAParamType().toString() diff --git a/java/ql/lib/change-notes/2023-10-24-java-renames.md b/java/ql/lib/change-notes/2023-10-24-java-renames.md new file mode 100644 index 000000000000..e6aebad211cc --- /dev/null +++ b/java/ql/lib/change-notes/2023-10-24-java-renames.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Java classes `MethodAccess`, `LValue` and `RValue` were renamed to `MethodCall`, `VarWrite` and `VarRead` respectively, along with related predicates and class names. The old names remain usable for the time being but are deprecated and should be replaced. +* New class `NewClassExpr` was added to represent specifically an explicit `new ClassName(...)` invocation, in contrast to `ClassInstanceExpr` which also includes expressions that implicitly instantiate classes, such as defining a lambda or taking a method reference. diff --git a/java/ql/lib/definitions.qll b/java/ql/lib/definitions.qll index b82e19c564d4..e4b93f6f7e14 100644 --- a/java/ql/lib/definitions.qll +++ b/java/ql/lib/definitions.qll @@ -15,7 +15,7 @@ import IDEContextual * the location may be slightly inaccurate and include such whitespace, * but it should suffice for the purpose of avoiding overlapping definitions. */ -private class LocationOverridingMethodAccess extends MethodAccess { +private class LocationOverridingMethodCall extends MethodCall { override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) { exists(MemberRefExpr e | e.getReferencedCallable() = this.getMethod() | exists(int elRef, int ecRef | e.hasLocationInfo(path, _, _, elRef, ecRef) | @@ -152,7 +152,7 @@ private class LocationOverridingImportStaticTypeMember extends ImportStaticTypeM } private Element definition(Element e, string kind) { - e.(MethodAccess).getMethod().getSourceDeclaration() = result and + e.(MethodCall).getMethod().getSourceDeclaration() = result and kind = "M" and not result instanceof InitializerMethod or diff --git a/java/ql/lib/semmle/code/java/Collections.qll b/java/ql/lib/semmle/code/java/Collections.qll index b890c8545e50..9fd64dc60ee3 100644 --- a/java/ql/lib/semmle/code/java/Collections.qll +++ b/java/ql/lib/semmle/code/java/Collections.qll @@ -82,7 +82,7 @@ class CollectionMutator extends CollectionMethod { } /** A method call that mutates a collection. */ -class CollectionMutation extends MethodAccess { +class CollectionMutation extends MethodCall { CollectionMutation() { this.getMethod() instanceof CollectionMutator } /** Holds if the result of this call is not immediately discarded. */ diff --git a/java/ql/lib/semmle/code/java/ControlFlowGraph.qll b/java/ql/lib/semmle/code/java/ControlFlowGraph.qll index 6b3795df2b09..572c8629626e 100644 --- a/java/ql/lib/semmle/code/java/ControlFlowGraph.qll +++ b/java/ql/lib/semmle/code/java/ControlFlowGraph.qll @@ -43,7 +43,7 @@ * * An important goal of the CFG is to get the order of side-effects correct. * Most expressions can have side-effects and must therefore be modeled in the - * CFG in AST post-order. For example, a `MethodAccess` evaluates its arguments + * CFG in AST post-order. For example, a `MethodCall` evaluates its arguments * before the call. Most statements don't have side-effects, but merely affect * the control-flow and some could therefore be excluded from the CFG. However, * as a design choice, all statements are included in the CFG and generally @@ -190,7 +190,7 @@ private module ControlFlowGraphImpl { /** * Bind `t` to an unchecked exception that may occur in a precondition check. */ - private predicate uncheckedExceptionFromMethod(MethodAccess ma, ThrowableType t) { + private predicate uncheckedExceptionFromMethod(MethodCall ma, ThrowableType t) { conditionCheckArgument(ma, _, _) and (t instanceof TypeError or t instanceof TypeRuntimeException) } @@ -349,8 +349,8 @@ private module ControlFlowGraphImpl { forall(Parameter p | p = this.getAParameter() | exists(p.getAnAccess())) } - /** Gets a `MethodAccess` that calls this method. */ - MethodAccess getAnAccess() { result.getMethod().getAPossibleImplementation() = this } + /** Gets a `MethodCall` that calls this method. */ + MethodCall getAnAccess() { result.getMethod().getAPossibleImplementation() = this } } /** Holds if a call to `m` indicates that `m` is expected to return. */ @@ -390,9 +390,9 @@ private module ControlFlowGraphImpl { } /** - * Gets a `MethodAccess` that always throws an exception or calls `exit`. + * Gets a `MethodCall` that always throws an exception or calls `exit`. */ - private MethodAccess nonReturningMethodAccess() { + private MethodCall nonReturningMethodCall() { result.getMethod().getSourceDeclaration() = nonReturningMethod() or result = likelyNonReturningMethod().getAnAccess() } @@ -422,7 +422,7 @@ private module ControlFlowGraphImpl { * Gets an expression that always throws an exception or calls `exit`. */ private Expr nonReturningExpr() { - result = nonReturningMethodAccess() + result = nonReturningMethodCall() or result.(StmtExpr).getStmt() = nonReturningStmt() or @@ -473,7 +473,7 @@ private module ControlFlowGraphImpl { or this instanceof ClassExpr or - this instanceof RValue + this instanceof VarRead or this instanceof Call // includes both expressions and statements or @@ -554,7 +554,7 @@ private module ControlFlowGraphImpl { or index = 0 and result = this.(LocalVariableDeclExpr).getInit() or - index = 0 and result = this.(RValue).getQualifier() and not result instanceof TypeAccess + index = 0 and result = this.(VarRead).getQualifier() and not result instanceof TypeAccess or exists(Call e | e = this | index = -1 and result = e.getQualifier() and not result instanceof TypeAccess @@ -588,7 +588,7 @@ private module ControlFlowGraphImpl { not this instanceof BooleanLiteral and not this instanceof ReturnStmt and not this instanceof ThrowStmt and - not this = nonReturningMethodAccess() + not this = nonReturningMethodCall() } } diff --git a/java/ql/lib/semmle/code/java/Expr.qll b/java/ql/lib/semmle/code/java/Expr.qll index d307e16cad21..ac5d6124328c 100644 --- a/java/ql/lib/semmle/code/java/Expr.qll +++ b/java/ql/lib/semmle/code/java/Expr.qll @@ -1251,6 +1251,14 @@ class ClassInstanceExpr extends Expr, ConstructorCall, @classinstancexpr { override string getAPrimaryQlClass() { result = "ClassInstanceExpr" } } +/** + * An explicit `new TypeName(...)` expression. + * + * Note this does not include implicit instance creation such as lambda expressions + * or `instanceVar::methodName` references. To include those too, use `ClassInstanceExpr`. + */ +class NewClassExpr extends @newexpr, ClassInstanceExpr { } + /** A functional expression is either a lambda expression or a member reference expression. */ abstract class FunctionalExpr extends ClassInstanceExpr { /** Gets the implicit method corresponding to this functional expression. */ @@ -1372,7 +1380,7 @@ class MemberRefExpr extends FunctionalExpr, @memberref { */ RefType getReceiverType() { exists(Expr resultExpr | resultExpr = this.getResultExpr() | - result = resultExpr.(MethodAccess).getReceiverType() or + result = resultExpr.(MethodCall).getReceiverType() or result = resultExpr.(ClassInstanceExpr).getConstructedType() or result = resultExpr.(ArrayCreationExpr).getType() ) @@ -1768,24 +1776,29 @@ class VarAccess extends Expr, @varaccess { Variable getVariable() { variableBinding(this, result) } /** - * Holds if this variable access is an l-value. + * Holds if this variable access is a write access. * - * An l-value is a write access to a variable, which occurs as the destination of an assignment. + * That means the access is the destination of an assignment. */ - predicate isLValue() { + predicate isVarWrite() { exists(Assignment a | a.getDest() = this) or exists(UnaryAssignExpr e | e.getExpr() = this) } + /** DEPRECATED: Alias for `isVarWrite`. */ + deprecated predicate isLValue() { this.isVarWrite() } + /** - * Holds if this variable access is an r-value. + * Holds if this variable access is a read access. * - * An r-value is a read access to a variable. * In other words, it is a variable access that does _not_ occur as the destination of * a simple assignment, but it may occur as the destination of a compound assignment * or a unary assignment. */ - predicate isRValue() { not exists(AssignExpr a | a.getDest() = this) } + predicate isVarRead() { not exists(AssignExpr a | a.getDest() = this) } + + /** DEPRECATED: Alias for `isVarRead`. */ + deprecated predicate isRValue() { this.isVarRead() } /** Gets a printable representation of this expression. */ override string toString() { @@ -1831,37 +1844,46 @@ class ExtensionReceiverAccess extends VarAccess { } /** - * An l-value is a write access to a variable, which occurs as the destination of an assignment. + * A write access to a variable, which occurs as the destination of an assignment. */ -class LValue extends VarAccess { - LValue() { this.isLValue() } +class VarWrite extends VarAccess { + VarWrite() { this.isVarWrite() } /** - * Gets a source expression used in an assignment to this l-value. + * Gets a source of the assignment that executes this variable write. * * For assignments using the `=` operator, the source expression * is simply the RHS of the assignment. * - * Note that for l-values occurring on the LHS of compound assignment operators + * Note that for writes occurring on the LHS of compound assignment operators * (such as (`+=`), both the RHS and the LHS of the compound assignment * are source expressions of the assignment. */ - Expr getRhs() { exists(Assignment e | e.getDest() = this and e.getSource() = result) } + Expr getASource() { exists(Assignment e | e.getDest() = this and e.getSource() = result) } + + /** DEPRECATED: (Inaccurately-named) alias for `getASource` */ + deprecated Expr getRhs() { result = this.getASource() } } +/** DEPRECATED: Alias for `VarWrite`. */ +deprecated class LValue = VarWrite; + /** - * An r-value is a read access to a variable. + * A read access to a variable. * * In other words, it is a variable access that does _not_ occur as the destination of * a simple assignment, but it may occur as the destination of a compound assignment * or a unary assignment. */ -class RValue extends VarAccess { - RValue() { this.isRValue() } +class VarRead extends VarAccess { + VarRead() { this.isVarRead() } } -/** A method access is an invocation of a method with a list of arguments. */ -class MethodAccess extends Expr, Call, @methodaccess { +/** DEPRECATED: Alias for `VarRead`. */ +deprecated class RValue = VarRead; + +/** A method call is an invocation of a method with a list of arguments. */ +class MethodCall extends Expr, Call, @methodaccess { /** Gets the qualifying expression of this method access, if any. */ override Expr getQualifier() { result.isNthChildOf(this, -1) } @@ -1909,21 +1931,30 @@ class MethodAccess extends Expr, Call, @methodaccess { } /** - * Holds if this is a method access to an instance method of `this`. That is, + * Holds if this is a method call to an instance method of `this`. That is, * the qualifier is either an explicit or implicit unqualified `this` or `super`. */ - predicate isOwnMethodAccess() { Qualifier::ownMemberAccess(this) } + predicate isOwnMethodCall() { Qualifier::ownMemberAccess(this) } + + /** DEPRECATED: Alias for `isOwnMethodCall`. */ + deprecated predicate isOwnMethodAccess() { this.isOwnMethodCall() } /** - * Holds if this is a method access to an instance method of the enclosing + * Holds if this is a method call to an instance method of the enclosing * class `t`. That is, the qualifier is either an explicit or implicit * `t`-qualified `this` or `super`. */ - predicate isEnclosingMethodAccess(RefType t) { Qualifier::enclosingMemberAccess(this, t) } + predicate isEnclosingMethodCall(RefType t) { Qualifier::enclosingMemberAccess(this, t) } - override string getAPrimaryQlClass() { result = "MethodAccess" } + /** DEPRECATED: Alias for `isEnclosingMethodCall`. */ + deprecated predicate isEnclosingMethodAccess(RefType t) { this.isEnclosingMethodCall(t) } + + override string getAPrimaryQlClass() { result = "MethodCall" } } +/** DEPRECATED: Alias for `MethodCall`. */ +class MethodAccess = MethodCall; + /** A type access is a (possibly qualified) reference to a type. */ class TypeAccess extends Expr, Annotatable, @typeaccess { /** Gets the qualifier of this type access, if any. */ @@ -2085,23 +2116,32 @@ class Call extends ExprParent, @caller { } /** A polymorphic call to an instance method. */ -class VirtualMethodAccess extends MethodAccess { - VirtualMethodAccess() { +class VirtualMethodCall extends MethodCall { + VirtualMethodCall() { this.getMethod().isVirtual() and not this.getQualifier() instanceof SuperAccess } } +/** DEPRECATED: Alias for `VirtualMethodCall`. */ +deprecated class VirtualMethodAccess = VirtualMethodCall; + /** A static method call. */ -class StaticMethodAccess extends MethodAccess { - StaticMethodAccess() { this.getMethod().isStatic() } +class StaticMethodCall extends MethodCall { + StaticMethodCall() { this.getMethod().isStatic() } } +/** DEPRECATED: Alias for `StaticMethodCall`. */ +deprecated class StaticMethodAccess = StaticMethodCall; + /** A call to a method in the superclass. */ -class SuperMethodAccess extends MethodAccess { - SuperMethodAccess() { this.getQualifier() instanceof SuperAccess } +class SuperMethodCall extends MethodCall { + SuperMethodCall() { this.getQualifier() instanceof SuperAccess } } +/** DEPRECATED: Alias for `SuperMethodCall`. */ +class SuperMethodAccess = SuperMethodCall; + /** * A constructor call, which occurs either as a constructor invocation inside a * constructor, or as part of a class instance expression. @@ -2150,23 +2190,23 @@ private module Qualifier { TThis() or TEnclosing(RefType t) - /** An expression that accesses a member. That is, either a `FieldAccess` or a `MethodAccess`. */ + /** An expression that accesses a member. That is, either a `FieldAccess` or a `MethodCall`. */ class MemberAccess extends Expr { MemberAccess() { this instanceof FieldAccess or - this instanceof MethodAccess + this instanceof MethodCall } /** Gets the member accessed by this member access. */ Member getMember() { result = this.(FieldAccess).getField() or - result = this.(MethodAccess).getMethod() + result = this.(MethodCall).getMethod() } /** Gets the qualifier of this member access, if any. */ Expr getQualifier() { result = this.(FieldAccess).getQualifier() or - result = this.(MethodAccess).getQualifier() + result = this.(MethodCall).getQualifier() } } @@ -2236,10 +2276,10 @@ private module Qualifier { } /** An expression that assigns a value to a field. */ -class FieldWrite extends FieldAccess, LValue { } +class FieldWrite extends FieldAccess, VarWrite { } /** An expression that reads a field. */ -class FieldRead extends FieldAccess, RValue { } +class FieldRead extends FieldAccess, VarRead { } private predicate hasInstantiation(RefType t) { t instanceof TypeVariable or diff --git a/java/ql/lib/semmle/code/java/Generics.qll b/java/ql/lib/semmle/code/java/Generics.qll index affc0132f948..5f67d78b383e 100644 --- a/java/ql/lib/semmle/code/java/Generics.qll +++ b/java/ql/lib/semmle/code/java/Generics.qll @@ -479,7 +479,7 @@ class GenericCall extends Call { } private RefType getAnExplicitTypeArgument(TypeVariable v) { - exists(GenericCallable gen, MethodAccess call, int i | + exists(GenericCallable gen, MethodCall call, int i | this = call and gen = call.getCallee() and v = gen.getTypeParameter(i) and diff --git a/java/ql/lib/semmle/code/java/JDK.qll b/java/ql/lib/semmle/code/java/JDK.qll index 6372b22c8f4e..7623cc87393c 100644 --- a/java/ql/lib/semmle/code/java/JDK.qll +++ b/java/ql/lib/semmle/code/java/JDK.qll @@ -259,10 +259,10 @@ class MethodSystemGetProperty extends ValuePreservingMethod { } /** - * An access to a method named `getProperty` on class `java.lang.System`. + * A call to a method named `getProperty` on class `java.lang.System`. */ -class MethodAccessSystemGetProperty extends MethodAccess { - MethodAccessSystemGetProperty() { this.getMethod() instanceof MethodSystemGetProperty } +class MethodCallSystemGetProperty extends MethodCall { + MethodCallSystemGetProperty() { this.getMethod() instanceof MethodSystemGetProperty } /** * Holds if this call has a compile-time constant first argument with the value `propertyName`. @@ -276,6 +276,9 @@ class MethodAccessSystemGetProperty extends MethodAccess { } } +/** DEPRECATED: Alias for `MethodCallSystemGetProperty`. */ +deprecated class MethodAccessSystemGetProperty = MethodCallSystemGetProperty; + /** * Any method named `exit` on class `java.lang.Runtime` or `java.lang.System`. */ diff --git a/java/ql/lib/semmle/code/java/JMX.qll b/java/ql/lib/semmle/code/java/JMX.qll index 66aa951ba28d..5b4860e64e30 100644 --- a/java/ql/lib/semmle/code/java/JMX.qll +++ b/java/ql/lib/semmle/code/java/JMX.qll @@ -39,7 +39,7 @@ class RegisteredManagedBeanImpl extends Class { /** * A call that registers an object with the `MBeanServer`, directly or indirectly. */ -class JmxRegistrationCall extends MethodAccess { +class JmxRegistrationCall extends MethodCall { JmxRegistrationCall() { this.getCallee() instanceof JmxRegistrationMethod } /** diff --git a/java/ql/lib/semmle/code/java/Maps.qll b/java/ql/lib/semmle/code/java/Maps.qll index 1157cb76f5c5..95a3da1e4c7e 100644 --- a/java/ql/lib/semmle/code/java/Maps.qll +++ b/java/ql/lib/semmle/code/java/Maps.qll @@ -49,7 +49,7 @@ class MapSizeMethod extends MapMethod { } /** A method call that mutates a map. */ -class MapMutation extends MethodAccess { +class MapMutation extends MethodCall { MapMutation() { this.getMethod() instanceof MapMutator } /** Holds if the result of this call is not immediately discarded. */ @@ -76,7 +76,7 @@ class FreshMap extends ClassInstanceExpr { /** * A call to `Map.put(key, value)`. */ -class MapPutCall extends MethodAccess { +class MapPutCall extends MethodCall { MapPutCall() { this.getCallee().(MapMethod).hasName("put") } /** Gets the key argument of this call. */ diff --git a/java/ql/lib/semmle/code/java/Member.qll b/java/ql/lib/semmle/code/java/Member.qll index b871451f408b..49c9107d5d1c 100644 --- a/java/ql/lib/semmle/code/java/Member.qll +++ b/java/ql/lib/semmle/code/java/Member.qll @@ -129,7 +129,7 @@ class Callable extends StmtParent, Member, @callable { * Holds if this callable calls `target` * using a `super` method call. */ - predicate callsSuper(Method target) { this.getACallSite(target) instanceof SuperMethodAccess } + predicate callsSuper(Method target) { this.getACallSite(target) instanceof SuperMethodCall } /** * Holds if this callable calls `c` using @@ -161,13 +161,13 @@ class Callable extends StmtParent, Member, @callable { * Holds if field `f` may be assigned a value * within the body of this callable. */ - predicate writes(Field f) { f.getAnAccess().(LValue).getEnclosingCallable() = this } + predicate writes(Field f) { f.getAnAccess().(VarWrite).getEnclosingCallable() = this } /** * Holds if field `f` may be read * within the body of this callable. */ - predicate reads(Field f) { f.getAnAccess().(RValue).getEnclosingCallable() = this } + predicate reads(Field f) { f.getAnAccess().(VarRead).getEnclosingCallable() = this } /** * Holds if field `f` may be either read or written @@ -526,7 +526,7 @@ class Method extends Callable, @method { this.getSourceDeclaration().getAPossibleImplementationOfSrcMethod() = result } - override MethodAccess getAReference() { result = Callable.super.getAReference() } + override MethodCall getAReference() { result = Callable.super.getAReference() } override predicate isPublic() { Callable.super.isPublic() diff --git a/java/ql/lib/semmle/code/java/NumberFormatException.qll b/java/ql/lib/semmle/code/java/NumberFormatException.qll index e3b83811cf04..2c47eafaa5e4 100644 --- a/java/ql/lib/semmle/code/java/NumberFormatException.qll +++ b/java/ql/lib/semmle/code/java/NumberFormatException.qll @@ -3,7 +3,7 @@ import java /** A call to a string to number conversion. */ -private class SpecialMethodAccess extends MethodAccess { +private class SpecialMethodCall extends MethodCall { predicate isValueOfMethod(string klass) { this.getMethod().getName() = "valueOf" and this.getQualifier().getType().(RefType).hasQualifiedName("java.lang", klass) and @@ -78,7 +78,7 @@ deprecated predicate catchesNFE = catchesNfe/1; /** Holds if `java.lang.NumberFormatException` can be thrown. */ predicate throwsNfe(Expr e) { - e.(SpecialClassInstanceExpr).throwsNfe() or e.(SpecialMethodAccess).throwsNfe() + e.(SpecialClassInstanceExpr).throwsNfe() or e.(SpecialMethodCall).throwsNfe() } /** DEPRECATED: Alias for throwsNfe */ diff --git a/java/ql/lib/semmle/code/java/PrettyPrintAst.qll b/java/ql/lib/semmle/code/java/PrettyPrintAst.qll index 13fb3d85e74f..f7ddbee4abc8 100644 --- a/java/ql/lib/semmle/code/java/PrettyPrintAst.qll +++ b/java/ql/lib/semmle/code/java/PrettyPrintAst.qll @@ -300,7 +300,7 @@ private class PpCall extends PpAst, Call { or i = 2 and ( - result = this.(MethodAccess).getMethod().getName() + result = this.(MethodCall).getMethod().getName() or result = "this" and this instanceof ThisConstructorInvocationStmt or diff --git a/java/ql/lib/semmle/code/java/Reflection.qll b/java/ql/lib/semmle/code/java/Reflection.qll index 48f3d80822a3..d6449dca2230 100644 --- a/java/ql/lib/semmle/code/java/Reflection.qll +++ b/java/ql/lib/semmle/code/java/Reflection.qll @@ -62,8 +62,8 @@ private class ReflectiveClassIdentifierLiteral extends ReflectiveClassIdentifier /** * A call to a Java standard library method which constructs or returns a `Class` from a `String`. */ -class ReflectiveClassIdentifierMethodAccess extends ReflectiveClassIdentifier, MethodAccess { - ReflectiveClassIdentifierMethodAccess() { +class ReflectiveClassIdentifierMethodCall extends ReflectiveClassIdentifier, MethodCall { + ReflectiveClassIdentifierMethodCall() { // A call to `Class.forName(...)`, from which we can infer `T` in the returned type `Class`. this.getCallee().getDeclaringType() instanceof TypeClass and this.getCallee().hasName("forName") or @@ -83,6 +83,9 @@ class ReflectiveClassIdentifierMethodAccess extends ReflectiveClassIdentifier, M } } +/** DEPRECATED: Alias for `ReflectiveClassIdentifierMethodCall`. */ +deprecated class ReflectiveClassIdentifierMethodAccess = ReflectiveClassIdentifierMethodCall; + /** * Gets a `ReflectiveClassIdentifier` that we believe may represent the value of `expr`. */ @@ -92,7 +95,7 @@ private ReflectiveClassIdentifier pointsToReflectiveClassIdentifier(Expr expr) { or // Or if this is an access of a variable which was defined as an expression creating a `Class`, // return the inferred `T` from the definition expression. - exists(RValue use, VariableAssign assign | + exists(VarRead use, VariableAssign assign | use = expr and defUsePair(assign, use) and // The source of the assignment must be a `ReflectiveClassIdentifier`. @@ -211,7 +214,7 @@ private predicate expectsEnclosingInstance(RefType r) { /** * A call to `Class.newInstance()` or `Constructor.newInstance()`. */ -class NewInstance extends MethodAccess { +class NewInstance extends MethodCall { NewInstance() { ( this.getCallee().getDeclaringType() instanceof TypeClass or @@ -301,10 +304,10 @@ class NewInstance extends MethodAccess { } /** - * A `MethodAccess` on a `Class` element. + * A `MethodCall` on a `Class` instance. */ -class ClassMethodAccess extends MethodAccess { - ClassMethodAccess() { this.getCallee().getDeclaringType() instanceof TypeClass } +class ClassMethodCall extends MethodCall { + ClassMethodCall() { this.getCallee().getDeclaringType() instanceof TypeClass } /** * Gets an inferred type for the `Class` represented by this expression. @@ -317,31 +320,40 @@ class ClassMethodAccess extends MethodAccess { } } +/** DEPRECATED: Alias for `ClassMethodCall`. */ +deprecated class ClassMethodAccess = ClassMethodCall; + /** * A call to `Class.getConstructors(..)` or `Class.getDeclaredConstructors(..)`. */ -class ReflectiveConstructorsAccess extends ClassMethodAccess { - ReflectiveConstructorsAccess() { +class ReflectiveGetConstructorsCall extends ClassMethodCall { + ReflectiveGetConstructorsCall() { this.getCallee().hasName("getConstructors") or this.getCallee().hasName("getDeclaredConstructors") } } +/** DEPRECATED: Alias for `ReflectiveGetConstructorsCall`. */ +deprecated class ReflectiveConstructorsAccess = ReflectiveGetConstructorsCall; + /** * A call to `Class.getMethods(..)` or `Class.getDeclaredMethods(..)`. */ -class ReflectiveMethodsAccess extends ClassMethodAccess { - ReflectiveMethodsAccess() { +class ReflectiveGetMethodsCall extends ClassMethodCall { + ReflectiveGetMethodsCall() { this.getCallee().hasName("getMethods") or this.getCallee().hasName("getDeclaredMethods") } } +/** DEPRECATED: Alias for `ReflectiveGetMethodsCall`. */ +deprecated class ReflectiveMethodsAccess = ReflectiveGetMethodsCall; + /** * A call to `Class.getMethod(..)` or `Class.getDeclaredMethod(..)`. */ -class ReflectiveMethodAccess extends ClassMethodAccess { - ReflectiveMethodAccess() { +class ReflectiveGetMethodCall extends ClassMethodCall { + ReflectiveGetMethodCall() { this.getCallee().hasName("getMethod") or this.getCallee().hasName("getDeclaredMethod") } @@ -366,11 +378,14 @@ class ReflectiveMethodAccess extends ClassMethodAccess { } } +/** DEPRECATED: Alias for `ReflectiveGetMethodCall`. */ +deprecated class ReflectiveMethodAccess = ReflectiveGetMethodCall; + /** * A call to `Class.getAnnotation(..)`. */ -class ReflectiveAnnotationAccess extends ClassMethodAccess { - ReflectiveAnnotationAccess() { this.getCallee().hasName("getAnnotation") } +class ReflectiveGetAnnotationCall extends ClassMethodCall { + ReflectiveGetAnnotationCall() { this.getCallee().hasName("getAnnotation") } /** * Gets a possible annotation type for this reflective annotation access. @@ -380,11 +395,14 @@ class ReflectiveAnnotationAccess extends ClassMethodAccess { } } +/** DEPRECATED: Alias for `ReflectiveGetAnnotationCall`. */ +deprecated class ReflectiveAnnotationAccess = ReflectiveGetAnnotationCall; + /** * A call to `Class.getField(..)` that accesses a field. */ -class ReflectiveFieldAccess extends ClassMethodAccess { - ReflectiveFieldAccess() { +class ReflectiveGetFieldCall extends ClassMethodCall { + ReflectiveGetFieldCall() { this.getCallee().hasName("getField") or this.getCallee().hasName("getDeclaredField") } @@ -405,3 +423,6 @@ class ReflectiveFieldAccess extends ClassMethodAccess { result.hasName(this.getArgument(0).(StringLiteral).getValue()) } } + +/** DEPRECATED: Alias for `ReflectiveGetFieldCall`. */ +deprecated class ReflectiveFieldAccess = ReflectiveGetFieldCall; diff --git a/java/ql/lib/semmle/code/java/StringFormat.qll b/java/ql/lib/semmle/code/java/StringFormat.qll index f8ebac41d9ab..4ed39c02a841 100644 --- a/java/ql/lib/semmle/code/java/StringFormat.qll +++ b/java/ql/lib/semmle/code/java/StringFormat.qll @@ -242,7 +242,7 @@ predicate implicitToStringCall(Expr e) { or exists(AddExpr add | add.getType() instanceof TypeString and add.getAnOperand() = e) or - exists(MethodAccess ma, Method m, int i | + exists(MethodCall ma, Method m, int i | ma.getMethod() = m and ma.getArgument(i) = e and printMethod(m, i) @@ -253,7 +253,7 @@ predicate implicitToStringCall(Expr e) { /** * A call to a `format` or `printf` method. */ -class StringFormat extends MethodAccess, FormattingCall { +class StringFormat extends MethodCall, FormattingCall { StringFormat() { this.getCallee() instanceof StringFormatMethod } } diff --git a/java/ql/lib/semmle/code/java/controlflow/Guards.qll b/java/ql/lib/semmle/code/java/controlflow/Guards.qll index 7152c65191c2..25809f4c16af 100644 --- a/java/ql/lib/semmle/code/java/controlflow/Guards.qll +++ b/java/ql/lib/semmle/code/java/controlflow/Guards.qll @@ -187,14 +187,14 @@ private predicate switchCaseControls(SwitchCase sc, BasicBlock bb) { } private predicate preconditionBranchEdge( - MethodAccess ma, BasicBlock bb1, BasicBlock bb2, boolean branch + MethodCall ma, BasicBlock bb1, BasicBlock bb2, boolean branch ) { conditionCheckArgument(ma, _, branch) and bb1.getLastNode() = ma.getControlFlowNode() and bb2 = bb1.getLastNode().getANormalSuccessor() } -private predicate preconditionControls(MethodAccess ma, BasicBlock controlled, boolean branch) { +private predicate preconditionControls(MethodCall ma, BasicBlock controlled, boolean branch) { exists(BasicBlock check, BasicBlock succ | preconditionBranchEdge(ma, check, succ, branch) and dominatingEdge(check, succ) and @@ -249,7 +249,7 @@ private predicate equalityGuard(Guard g, Expr e1, Expr e2, boolean polarity) { eqtest.hasOperands(e1, e2) ) or - exists(MethodAccess ma | + exists(MethodCall ma | ma = g and ma.getMethod() instanceof EqualsMethod and polarity = true and @@ -257,7 +257,7 @@ private predicate equalityGuard(Guard g, Expr e1, Expr e2, boolean polarity) { ma.getQualifier() = e2 ) or - exists(MethodAccess ma, Method equals | + exists(MethodCall ma, Method equals | ma = g and ma.getMethod() = equals and polarity = true and diff --git a/java/ql/lib/semmle/code/java/controlflow/internal/GuardsLogic.qll b/java/ql/lib/semmle/code/java/controlflow/internal/GuardsLogic.qll index bc49f1d3a770..9fed7516ba31 100644 --- a/java/ql/lib/semmle/code/java/controlflow/internal/GuardsLogic.qll +++ b/java/ql/lib/semmle/code/java/controlflow/internal/GuardsLogic.qll @@ -59,7 +59,7 @@ predicate implies_v1(Guard g1, boolean b1, Guard g2, boolean b2) { or g1.(DefaultCase).getSwitchExpr().getAConstCase() = g2 and b1 = true and b2 = false or - exists(MethodAccess check, int argIndex | check = g1 | + exists(MethodCall check, int argIndex | check = g1 | conditionCheckArgument(check, argIndex, _) and g2 = check.getArgument(argIndex) and b1 = [true, false] and diff --git a/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll b/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll index 180d99e7e710..6e6c5ec47f9c 100644 --- a/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll +++ b/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll @@ -17,7 +17,7 @@ predicate conditionCheckMethodArgument(Method m, int argument, boolean checkTrue or condtionCheckMethodTestingFramework(m, argument, checkTrue) or - exists(Parameter p, MethodAccess ma, int argIndex, boolean ct, Expr arg | + exists(Parameter p, MethodCall ma, int argIndex, boolean ct, Expr arg | p = m.getParameter(argument) and not m.isOverridable() and m.getBody().getStmt(0).(ExprStmt).getExpr() = ma and @@ -100,6 +100,6 @@ private predicate condtionCheckMethodTestingFramework(Method m, int argument, bo * Holds if `ma` is an access to a non-overridable method that checks that its * zero-indexed `argument` is equal to `checkTrue` and throws otherwise. */ -predicate conditionCheckArgument(MethodAccess ma, int argument, boolean checkTrue) { +predicate conditionCheckArgument(MethodCall ma, int argument, boolean checkTrue) { conditionCheckMethodArgument(ma.getMethod().getSourceDeclaration(), argument, checkTrue) } diff --git a/java/ql/lib/semmle/code/java/dataflow/DefUse.qll b/java/ql/lib/semmle/code/java/dataflow/DefUse.qll index 3654425738cc..9fa08d62c27f 100644 --- a/java/ql/lib/semmle/code/java/dataflow/DefUse.qll +++ b/java/ql/lib/semmle/code/java/dataflow/DefUse.qll @@ -13,7 +13,7 @@ private import SSA * * This is the transitive closure of `adjacentUseUseSameVar`. */ -predicate useUsePairSameVar(RValue use1, RValue use2) { adjacentUseUseSameVar+(use1, use2) } +predicate useUsePairSameVar(VarRead use1, VarRead use2) { adjacentUseUseSameVar+(use1, use2) } /** * Holds if `use1` and `use2` form a use-use-pair of the same @@ -23,7 +23,7 @@ predicate useUsePairSameVar(RValue use1, RValue use2) { adjacentUseUseSameVar+(u * * This is the transitive closure of `adjacentUseUse`. */ -predicate useUsePair(RValue use1, RValue use2) { adjacentUseUse+(use1, use2) } +predicate useUsePair(VarRead use1, VarRead use2) { adjacentUseUse+(use1, use2) } /** * Holds if there exists a path from `def` to `use` without passing through another @@ -31,7 +31,7 @@ predicate useUsePair(RValue use1, RValue use2) { adjacentUseUse+(use1, use2) } * * Other paths may also exist, so the SSA variables in `def` and `use` can be different. */ -predicate defUsePair(VariableUpdate def, RValue use) { +predicate defUsePair(VariableUpdate def, VarRead use) { exists(SsaVariable v | v.getAUse() = use and v.getAnUltimateDefinition().(SsaExplicitUpdate).getDefiningExpr() = def ) @@ -43,7 +43,7 @@ predicate defUsePair(VariableUpdate def, RValue use) { * * Other paths may also exist, so the SSA variables can be different. */ -predicate parameterDefUsePair(Parameter p, RValue use) { +predicate parameterDefUsePair(Parameter p, VarRead use) { exists(SsaVariable v | v.getAUse() = use and v.getAnUltimateDefinition().(SsaImplicitInit).isParameterDefinition(p) ) diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index d135db168318..cc33ffd12833 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -126,9 +126,9 @@ private predicate variableStep(Expr tracked, VarAccess sink) { private class ReverseDnsSource extends RemoteFlowSource { ReverseDnsSource() { // Try not to trigger on `localhost`. - exists(MethodAccess m | m = this.asExpr() | + exists(MethodCall m | m = this.asExpr() | m.getMethod() instanceof ReverseDnsMethod and - not exists(MethodAccess l | + not exists(MethodCall l | (variableStep(l, m.getQualifier()) or l = m.getQualifier()) and l.getMethod().getName() = "getLocalHost" ) @@ -325,7 +325,7 @@ class AndroidIntentInput extends DataFlow::Node { Type receiverType; AndroidIntentInput() { - exists(MethodAccess ma, AndroidGetIntentMethod m | + exists(MethodCall ma, AndroidGetIntentMethod m | ma.getMethod().overrides*(m) and this.asExpr() = ma and receiverType = ma.getReceiverType() diff --git a/java/ql/lib/semmle/code/java/dataflow/InstanceAccess.qll b/java/ql/lib/semmle/code/java/dataflow/InstanceAccess.qll index b21879dd717a..18bdb879c3cb 100644 --- a/java/ql/lib/semmle/code/java/dataflow/InstanceAccess.qll +++ b/java/ql/lib/semmle/code/java/dataflow/InstanceAccess.qll @@ -58,9 +58,7 @@ private predicate implicitEnclosingThisCopy(ConstructorCall cc, RefType t1, RefT private predicate enclosingInstanceAccess(ExprParent e, RefType t) { e.(InstanceAccess).isEnclosingInstanceAccess(t) or - exists(MethodAccess ma | - ma.isEnclosingMethodAccess(t) and ma = e and not exists(ma.getQualifier()) - ) + exists(MethodCall ma | ma.isEnclosingMethodCall(t) and ma = e and not exists(ma.getQualifier())) or exists(FieldAccess fa | fa.isEnclosingFieldAccess(t) and fa = e and not exists(fa.getQualifier())) or @@ -95,7 +93,7 @@ private newtype TInstanceAccessExt = or c instanceof SuperConstructorInvocationStmt or - c.(MethodAccess).isOwnMethodAccess() and not exists(c.getQualifier()) + c.(MethodCall).isOwnMethodCall() and not exists(c.getQualifier()) } or TThisEnclosingInstanceCapture(ConstructorCall cc) { implicitSetEnclosingInstanceToThis(cc) } or TEnclosingInstanceAccess(ExprParent e, RefType t) { @@ -113,7 +111,7 @@ private newtype TInstanceAccessExt = * - Implicit field qualifier: The implicit access associated with an * unqualified `FieldAccess` to a non-static field. * - Implicit method qualifier: The implicit access associated with an - * unqualified `MethodAccess` to a non-static method. + * unqualified `MethodCall` to a non-static method. * - Implicit this constructor argument: The implicit argument of the value of * `this` to a constructor call of the form `this()` or `super()`. * - Implicit enclosing instance capture: The implicit capture of the value of @@ -180,7 +178,7 @@ class InstanceAccessExt extends TInstanceAccessExt { } /** Holds if this is the implicit qualifier of `ma`. */ - predicate isImplicitMethodQualifier(MethodAccess ma) { + predicate isImplicitMethodQualifier(MethodCall ma) { this = TThisArgument(ma) or this = TEnclosingInstanceAccess(ma, _) } @@ -234,7 +232,7 @@ class InstanceAccessExt extends TInstanceAccessExt { e instanceof InstanceAccess and result = e or exists(FieldAccess fa | fa = e | - if fa instanceof RValue then fa = result else result.(AssignExpr).getDest() = fa + if fa instanceof VarRead then fa = result else result.(AssignExpr).getDest() = fa ) ) } diff --git a/java/ql/lib/semmle/code/java/dataflow/IntegerGuards.qll b/java/ql/lib/semmle/code/java/dataflow/IntegerGuards.qll index 150721b574c1..58d77b649788 100644 --- a/java/ql/lib/semmle/code/java/dataflow/IntegerGuards.qll +++ b/java/ql/lib/semmle/code/java/dataflow/IntegerGuards.qll @@ -15,10 +15,10 @@ private Expr exprWithIntValue(int i) { /** * An expression for which the predicate `integerGuard` is relevant. - * This includes `RValue` and `MethodAccess`. + * This includes `VarRead` and `MethodCall`. */ class IntComparableExpr extends Expr { - IntComparableExpr() { this instanceof RValue or this instanceof MethodAccess } + IntComparableExpr() { this instanceof VarRead or this instanceof MethodCall } /** Gets an integer that is directly assigned to the expression in case of a variable; or zero. */ int relevantInt() { @@ -132,7 +132,7 @@ Expr integerGuard(IntComparableExpr e, boolean branch, int k, boolean is_k) { * If `branch_with_lower_bound_k` is true then `result` is equivalent to `k <= x` * and if it is false then `result` is equivalent to `k > x`. */ -Expr intBoundGuard(RValue x, boolean branch_with_lower_bound_k, int k) { +Expr intBoundGuard(VarRead x, boolean branch_with_lower_bound_k, int k) { exists(ComparisonExpr comp, ConstantIntegerExpr c, int val | comp = result and comp.hasOperands(x, c) and diff --git a/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll b/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll index 011932bc48b2..353d92cadc3b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll +++ b/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll @@ -79,7 +79,7 @@ Expr clearlyNotNullExpr(Expr reason) { (reason = r1 or reason = r2) ) or - exists(SsaVariable v, boolean branch, RValue rval, Guard guard | + exists(SsaVariable v, boolean branch, VarRead rval, Guard guard | guard = directNullGuard(v, branch, false) and guard.controls(rval.getBasicBlock(), branch) and reason = guard and @@ -89,7 +89,7 @@ Expr clearlyNotNullExpr(Expr reason) { or exists(SsaVariable v | clearlyNotNull(v, reason) and result = v.getAUse()) or - exists(Method m | m = result.(MethodAccess).getMethod() and reason = result | + exists(Method m | m = result.(MethodCall).getMethod() and reason = result | m.getDeclaringType().hasQualifiedName("com.google.common.base", "Strings") and m.hasName("nullToEmpty") ) @@ -187,7 +187,7 @@ Expr basicNullGuard(Expr e, boolean branch, boolean isnull) { or result.(InstanceOfExpr).getExpr() = e and branch = true and isnull = false or - exists(MethodAccess call | + exists(MethodCall call | call = result and call.getAnArgument() = e and nullCheckMethod(call.getMethod(), branch, isnull) @@ -212,7 +212,7 @@ Expr basicNullGuard(Expr e, boolean branch, boolean isnull) { Expr basicOrCustomNullGuard(Expr e, boolean branch, boolean isnull) { result = basicNullGuard(e, branch, isnull) or - exists(MethodAccess call, Method m, int ix | + exists(MethodCall call, Method m, int ix | call = result and call.getArgument(ix) = e and call.getMethod().getSourceDeclaration() = m and diff --git a/java/ql/lib/semmle/code/java/dataflow/Nullness.qll b/java/ql/lib/semmle/code/java/dataflow/Nullness.qll index 507da2904f43..4a7596705063 100644 --- a/java/ql/lib/semmle/code/java/dataflow/Nullness.qll +++ b/java/ql/lib/semmle/code/java/dataflow/Nullness.qll @@ -106,7 +106,7 @@ predicate dereference(Expr e) { or exists(FieldAccess fa, Field f | fa.getQualifier() = e and fa.getField() = f and not f.isStatic()) or - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | ma.getQualifier() = e and ma.getMethod() = m and not m.isStatic() ) or @@ -149,10 +149,10 @@ private ControlFlowNode ensureNotNull(SsaVariable v) { or exists(AssertNotNullMethod m | result = m.getACheck(v.getAUse())) or - exists(AssertThatMethod m, MethodAccess ma | + exists(AssertThatMethod m, MethodCall ma | result = m.getACheck(v.getAUse()) and ma.getControlFlowNode() = result | - ma.getAnArgument().(MethodAccess).getMethod().getName() = "notNullValue" + ma.getAnArgument().(MethodCall).getMethod().getName() = "notNullValue" ) } @@ -195,7 +195,7 @@ private predicate varMaybeNull(SsaVariable v, string msg, Expr reason) { not exists(TryStmt try | try.getFinally() = e.getEnclosingStmt().getEnclosingStmt*()) and ( e = any(ConditionalExpr c).getCondition().getAChildExpr*() or - not exists(MethodAccess ma | ma.getAnArgument().getAChildExpr*() = e) + not exists(MethodCall ma | ma.getAnArgument().getAChildExpr*() = e) ) and // Don't use a guard as reason if there is a null assignment. not v.(SsaExplicitUpdate).getDefiningExpr().(VariableAssign).getSource() = nullExpr() @@ -250,7 +250,7 @@ private Expr nonEmptyExpr() { // ...it is guarded by a condition... cond.controls(result.getBasicBlock(), branch) and // ...and it isn't modified in the scope of the condition... - forall(MethodAccess ma, Method m | + forall(MethodCall ma, Method m | m = ma.getMethod() and ma.getQualifier() = v.getSourceVariable().getAnAccess() and cond.controls(ma.getBasicBlock(), branch) @@ -260,12 +260,12 @@ private Expr nonEmptyExpr() { cond.getCondition() = c | // ...and the condition proves that it is non-empty, either by using the `isEmpty` method... - c.(MethodAccess).getMethod().hasName("isEmpty") and + c.(MethodCall).getMethod().hasName("isEmpty") and branch = false and - c.(MethodAccess).getQualifier() = v.getAUse() + c.(MethodCall).getQualifier() = v.getAUse() or // ...or a check on its `size`. - exists(MethodAccess size | + exists(MethodCall size | c = integerGuard(size, branch, 0, false) and size.getMethod().hasName("size") and size.getQualifier() = v.getAUse() @@ -485,7 +485,7 @@ private predicate correlatedConditions( inverted = branch1.booleanXor(branch2) ) or - exists(SsaVariable v, RValue rv1, RValue rv2, int k, boolean branch1, boolean branch2 | + exists(SsaVariable v, VarRead rv1, VarRead rv2, int k, boolean branch1, boolean branch2 | rv1 = v.getAUse() and rv2 = v.getAUse() and cond1.getCondition() = integerGuard(rv1, branch1, k, true) and diff --git a/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll b/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll index 8cdef89c6abf..dcbd39bf331c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll +++ b/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll @@ -490,7 +490,7 @@ private predicate boundFlowStep(Expr e2, Expr e1, int delta, boolean upper) { ) ) or - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | e2 = ma and ma.getMethod() = m and ( @@ -752,9 +752,9 @@ private predicate boundedPhi( * Holds if `e` has a lower bound of zero. */ private predicate lowerBoundZero(Expr e) { - e.(MethodAccess).getMethod() instanceof StringLengthMethod or - e.(MethodAccess).getMethod() instanceof CollectionSizeMethod or - e.(MethodAccess).getMethod() instanceof MapSizeMethod or + e.(MethodCall).getMethod() instanceof StringLengthMethod or + e.(MethodCall).getMethod() instanceof CollectionSizeMethod or + e.(MethodCall).getMethod() instanceof MapSizeMethod or e.(FieldRead).getField() instanceof ArrayLengthField or positive(e.(AndBitwiseExpr).getAnOperand()) } @@ -767,7 +767,7 @@ private predicate baseBound(Expr e, int b, boolean upper) { lowerBoundZero(e) and b = 0 and upper = false or exists(Method read | - e.(MethodAccess).getMethod().overrides*(read) and + e.(MethodCall).getMethod().overrides*(read) and read.getDeclaringType() instanceof TypeInputStream and read.hasName("read") and read.getNumberOfParameters() = 0 diff --git a/java/ql/lib/semmle/code/java/dataflow/SSA.qll b/java/ql/lib/semmle/code/java/dataflow/SSA.qll index fb2e87e9bc77..0fc0da8e8715 100644 --- a/java/ql/lib/semmle/code/java/dataflow/SSA.qll +++ b/java/ql/lib/semmle/code/java/dataflow/SSA.qll @@ -275,7 +275,7 @@ private module SsaImpl { } /** Holds if `VarAccess` `use` of `v` occurs in `b` at index `i`. */ - private predicate variableUse(TrackedVar v, RValue use, BasicBlock b, int i) { + private predicate variableUse(TrackedVar v, VarRead use, BasicBlock b, int i) { v.getAnAccess() = use and b.getNode(i) = use } @@ -381,7 +381,7 @@ private module SsaImpl { * ``` */ private predicate intraInstanceCallEdge(Callable c1, Method m2) { - exists(MethodAccess ma, RefType t1 | + exists(MethodCall ma, RefType t1 | ma.getCaller() = c1 and m2 = viableImpl_v2(ma) and not m2.isStatic() and @@ -652,7 +652,7 @@ private module SsaImpl { * Holds if the SSA definition of `v` at `def` reaches `use` in the same basic block * without crossing another SSA definition of `v`. */ - private predicate ssaDefReachesUseWithinBlock(TrackedVar v, TrackedSsaDef def, RValue use) { + private predicate ssaDefReachesUseWithinBlock(TrackedVar v, TrackedSsaDef def, VarRead use) { exists(BasicBlock b, int rankix, int i | ssaDefReachesRank(v, def, b, rankix) and defUseRank(v, b, rankix, i) and @@ -665,7 +665,7 @@ private module SsaImpl { * SSA definition of `v`. */ cached - predicate ssaDefReachesUse(TrackedVar v, TrackedSsaDef def, RValue use) { + predicate ssaDefReachesUse(TrackedVar v, TrackedSsaDef def, VarRead use) { ssaDefReachesUseWithinBlock(v, def, use) or exists(BasicBlock b | @@ -813,7 +813,7 @@ private module SsaImpl { * any other uses, but possibly through phi nodes and uncertain implicit updates. */ cached - predicate firstUse(TrackedSsaDef def, RValue use) { + predicate firstUse(TrackedSsaDef def, VarRead use) { exists(TrackedVar v, BasicBlock b1, int i1, BasicBlock b2, int i2 | adjacentVarRefs(v, b1, i1, b2, i2) and def.definesAt(v, b1, i1) and @@ -838,7 +838,7 @@ private module SsaImpl { * through any other use or any SSA definition of the variable. */ cached - predicate adjacentUseUseSameVar(RValue use1, RValue use2) { + predicate adjacentUseUseSameVar(VarRead use1, VarRead use2) { exists(TrackedVar v, BasicBlock b1, int i1, BasicBlock b2, int i2 | adjacentVarRefs(v, b1, i1, b2, i2) and variableUse(v, use1, b1, i1) and @@ -853,7 +853,7 @@ private module SsaImpl { * except for phi nodes and uncertain implicit updates. */ cached - predicate adjacentUseUse(RValue use1, RValue use2) { + predicate adjacentUseUse(VarRead use1, VarRead use2) { adjacentUseUseSameVar(use1, use2) or exists(TrackedVar v, TrackedSsaDef def, BasicBlock b1, int i1, BasicBlock b2, int i2 | @@ -938,7 +938,7 @@ class SsaVariable extends TSsaVariable { BasicBlock getBasicBlock() { result = this.getCfgNode().getBasicBlock() } /** Gets an access of this SSA variable. */ - RValue getAUse() { + VarRead getAUse() { ssaDefReachesUse(_, this, result) or this = TSsaUntracked(_, result) } @@ -952,7 +952,7 @@ class SsaVariable extends TSsaVariable { * Subsequent uses can be found by following the steps defined by * `adjacentUseUse`. */ - RValue getAFirstUse() { + VarRead getAFirstUse() { firstUse(this, result) or this = TSsaUntracked(_, result) } diff --git a/java/ql/lib/semmle/code/java/dataflow/StringPrefixes.qll b/java/ql/lib/semmle/code/java/dataflow/StringPrefixes.qll index 9c164f62d8b8..ed10d8aa4bb8 100644 --- a/java/ql/lib/semmle/code/java/dataflow/StringPrefixes.qll +++ b/java/ql/lib/semmle/code/java/dataflow/StringPrefixes.qll @@ -54,7 +54,7 @@ private Expr getAnInterestingPrefix(InterestingPrefix root) { result.(AddExpr).getAnOperand() = getAnInterestingPrefix(root) } -private class StringBuilderAppend extends MethodAccess { +private class StringBuilderAppend extends MethodCall { StringBuilderAppend() { this.getMethod().getDeclaringType() instanceof StringBuildingType and this.getMethod().hasName("append") @@ -68,7 +68,7 @@ private class StringBuilderConstructorOrAppend extends Call { } } -private Expr getQualifier(Expr e) { result = e.(MethodAccess).getQualifier() } +private Expr getQualifier(Expr e) { result = e.(MethodCall).getQualifier() } /** * An extension of `StringBuilderVar` that also accounts for strings appended in StringBuilder/Buffer's constructor diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll b/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll index f4af8f506d62..f33a6d7195f0 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll @@ -118,7 +118,7 @@ private module SsaImpl { } /** Holds if `VarAccess` `use` of `v` occurs in `b` at index `i`. */ - private predicate variableUse(BaseSsaSourceVariable v, RValue use, BasicBlock b, int i) { + private predicate variableUse(BaseSsaSourceVariable v, VarRead use, BasicBlock b, int i) { v.getAnAccess() = use and b.getNode(i) = use } @@ -243,7 +243,7 @@ private module SsaImpl { * without crossing another SSA definition of `v`. */ private predicate ssaDefReachesUseWithinBlock( - BaseSsaSourceVariable v, TrackedSsaDef def, RValue use + BaseSsaSourceVariable v, TrackedSsaDef def, VarRead use ) { exists(BasicBlock b, int rankix, int i | ssaDefReachesRank(v, def, b, rankix) and @@ -257,7 +257,7 @@ private module SsaImpl { * SSA definition of `v`. */ cached - predicate ssaDefReachesUse(BaseSsaSourceVariable v, TrackedSsaDef def, RValue use) { + predicate ssaDefReachesUse(BaseSsaSourceVariable v, TrackedSsaDef def, VarRead use) { ssaDefReachesUseWithinBlock(v, def, use) or exists(BasicBlock b | @@ -378,7 +378,7 @@ private module SsaImpl { * any other uses, but possibly through phi nodes. */ cached - predicate firstUse(TrackedSsaDef def, RValue use) { + predicate firstUse(TrackedSsaDef def, VarRead use) { exists(BaseSsaSourceVariable v, BasicBlock b1, int i1, BasicBlock b2, int i2 | adjacentVarRefs(v, b1, i1, b2, i2) and def.definesAt(v, b1, i1) and @@ -405,7 +405,7 @@ private module SsaImpl { * through any other use or any SSA definition of the variable. */ cached - predicate baseSsaAdjacentUseUseSameVar(RValue use1, RValue use2) { + predicate baseSsaAdjacentUseUseSameVar(VarRead use1, VarRead use2) { exists(BaseSsaSourceVariable v, BasicBlock b1, int i1, BasicBlock b2, int i2 | adjacentVarRefs(v, b1, i1, b2, i2) and variableUse(v, use1, b1, i1) and @@ -420,7 +420,7 @@ private module SsaImpl { * except for phi nodes. */ cached - predicate baseSsaAdjacentUseUse(RValue use1, RValue use2) { + predicate baseSsaAdjacentUseUse(VarRead use1, VarRead use2) { baseSsaAdjacentUseUseSameVar(use1, use2) or exists( @@ -490,7 +490,7 @@ class BaseSsaVariable extends TBaseSsaVariable { BasicBlock getBasicBlock() { result = this.getCfgNode().getBasicBlock() } /** Gets an access of this SSA variable. */ - RValue getAUse() { ssaDefReachesUse(_, this, result) } + VarRead getAUse() { ssaDefReachesUse(_, this, result) } /** * Gets an access of the SSA source variable underlying this SSA variable @@ -500,7 +500,7 @@ class BaseSsaVariable extends TBaseSsaVariable { * Subsequent uses can be found by following the steps defined by * `baseSsaAdjacentUseUse`. */ - RValue getAFirstUse() { firstUse(this, result) } + VarRead getAFirstUse() { firstUse(this, result) } /** Holds if this SSA variable is live at the end of `b`. */ predicate isLiveAtEndOfBlock(BasicBlock b) { ssaDefReachesEndOfBlock(_, this, b) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll b/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll index b53138c74219..70e3258566ce 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll @@ -184,13 +184,13 @@ private predicate taintPreservingQualifierToMethod(Method m) { m.(MapMethod).hasName(["elements", "search", "searchEntries", "searchValues"]) } -private predicate qualifierToMethodStep(Expr tracked, MethodAccess sink) { +private predicate qualifierToMethodStep(Expr tracked, MethodCall sink) { taintPreservingQualifierToMethod(sink.getMethod()) and tracked = sink.getQualifier() } private predicate qualifierToArgumentStep(Expr tracked, Expr sink) { - exists(MethodAccess ma, CollectionMethod method | + exists(MethodCall ma, CollectionMethod method | method = ma.getMethod() and ( // java.util.Vector @@ -350,7 +350,7 @@ private predicate taintPreservingArgToArg(Method method, int input, int output) } private predicate argToQualifierStep(Expr tracked, Expr sink) { - exists(Method m, int i, MethodAccess ma | + exists(Method m, int i, MethodCall ma | taintPreservingArgumentToQualifier(m, i) and ma.getMethod() = m and tracked = ma.getArgument(i) and @@ -359,7 +359,7 @@ private predicate argToQualifierStep(Expr tracked, Expr sink) { } /** Access to a method that passes taint from an argument. */ -private predicate argToMethodStep(Expr tracked, MethodAccess sink) { +private predicate argToMethodStep(Expr tracked, MethodCall sink) { exists(Method m | m = sink.getMethod() and ( @@ -383,7 +383,7 @@ private predicate argToMethodStep(Expr tracked, MethodAccess sink) { * between arguments. */ private predicate argToArgStep(Expr tracked, Expr sink) { - exists(MethodAccess ma, Method method, int input, int output | + exists(MethodCall ma, Method method, int input, int output | ma.getMethod() = method and ma.getArgument(input) = tracked and ma.getArgument(output) = sink and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll index e72cc75fc598..f5b437c83729 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll @@ -38,7 +38,7 @@ private module DispatchImpl { * might be improved by knowing the call context. This is the case if the * qualifier is the `i`th parameter of the enclosing callable `c`. */ - private predicate mayBenefitFromCallContext(MethodAccess ma, Callable c, int i) { + private predicate mayBenefitFromCallContext(MethodCall ma, Callable c, int i) { exists(Parameter p | 2 <= strictcount(sourceDispatch(ma)) and ma.getQualifier().(VarAccess).getVariable() = p and @@ -58,7 +58,7 @@ private module DispatchImpl { /** * Holds if the call `ctx` might act as a context that improves the set of - * dispatch targets of a `MethodAccess` that occurs in a viable target of + * dispatch targets of a `MethodCall` that occurs in a viable target of * `ctx`. */ pragma[nomagic] @@ -128,7 +128,7 @@ private module DispatchImpl { */ DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) { result = viableCallable(call) and - exists(int i, Callable c, Method def, RefType t, boolean exact, MethodAccess ma | + exists(int i, Callable c, Method def, RefType t, boolean exact, MethodCall ma | ma = call.asCall() and mayBenefitFromCallContext(ma, c, i) and c = viableCallable(ctx).asCallable() and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll index 44061e1cd000..415929f4f72c 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll @@ -84,7 +84,7 @@ private module Cached { import Cached private predicate explicitInstanceArgument(Call call, Expr instarg) { - call instanceof MethodAccess and + call instanceof MethodCall and instarg = call.getQualifier() and not call.getCallee().isStatic() } @@ -463,7 +463,7 @@ module Private { /** A data flow node that represents the output of a call. */ class OutNode extends Node { OutNode() { - this.asExpr() instanceof MethodAccess + this.asExpr() instanceof MethodCall or this.(FlowSummaryNode).isOut(_) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll index ce7a9ffa2b2d..01ba8cfd26aa 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll @@ -114,7 +114,7 @@ private module CaptureInput implements VariableCapture::InputSig { CapturedVariable getVariable() { result = v } } - class VariableRead extends Expr instanceof RValue { + class VariableRead extends Expr instanceof VarRead { CapturedVariable v; VariableRead() { super.getVariable() = v } @@ -246,7 +246,7 @@ predicate readStep(Node node1, ContentSet f, Node node2) { fr = node2.asExpr() ) or - exists(Record r, Method getter, Field recf, MethodAccess get | + exists(Record r, Method getter, Field recf, MethodCall get | getter.getDeclaringType() = r and recf.getDeclaringType() = r and getter.getNumberOfParameters() = 0 and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll index 1e8a3bbcb882..af86063caddf 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll @@ -169,7 +169,7 @@ predicate localMustFlowStep(Node node1, Node node2) { import Cached private predicate capturedVariableRead(Node n) { - n.asExpr().(RValue).getVariable() instanceof CapturedVariable + n.asExpr().(VarRead).getVariable() instanceof CapturedVariable } /** @@ -225,7 +225,7 @@ private predicate simpleLocalFlowStep0(Node node1, Node node2) { or simpleAstFlowStep(node1.asExpr(), node2.asExpr()) or - exists(MethodAccess ma, ValuePreservingMethod m, int argNo | + exists(MethodCall ma, ValuePreservingMethod m, int argNo | ma.getCallee().getSourceDeclaration() = m and m.returnsValue(argNo) | node2.asExpr() = ma and @@ -379,7 +379,7 @@ signature predicate guardChecksSig(Guard g, Expr e, boolean branch); module BarrierGuard { /** Gets a node that is safely guarded by the given guard check. */ Node getABarrierNode() { - exists(Guard g, SsaVariable v, boolean branch, RValue use | + exists(Guard g, SsaVariable v, boolean branch, VarRead use | guardChecks(g, v.getAUse(), branch) and use = v.getAUse() and g.controls(use.getBasicBlock(), branch) and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll index fb260d5cdd69..996e791d4421 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll @@ -333,7 +333,7 @@ predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode n) { exists(FieldWrite fw | c = "" and fw.getField() = mid.asElement() and - n.asNode().asExpr() = fw.getRhs() + n.asNode().asExpr() = fw.getASource() ) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index d08cb8df57ee..00415e93d534 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -290,7 +290,7 @@ private int argToParam(Call call, int argIdx) { /** Access to a method that passes taint from qualifier to argument. */ private predicate qualifierToArgumentStep(Expr tracked, Expr sink) { - exists(MethodAccess ma, int arg | + exists(MethodCall ma, int arg | ma.getMethod().(TaintPreservingCallable).transfersTaint(-1, argToParam(ma, arg)) and tracked = ma.getQualifier() and sink = ma.getArgument(arg) @@ -298,7 +298,7 @@ private predicate qualifierToArgumentStep(Expr tracked, Expr sink) { } /** Access to a method that passes taint from the qualifier. */ -private predicate qualifierToMethodStep(Expr tracked, MethodAccess sink) { +private predicate qualifierToMethodStep(Expr tracked, MethodCall sink) { taintPreservingQualifierToMethod(sink.getMethod()) and tracked = sink.getQualifier() } @@ -331,7 +331,7 @@ private predicate taintPreservingQualifierToMethod(Method m) { } /** Access to a method that passes taint from an argument. */ -private predicate argToMethodStep(Expr tracked, MethodAccess sink) { +private predicate argToMethodStep(Expr tracked, MethodCall sink) { exists(Method m, int i | m = sink.getMethod() and taintPreservingArgumentToMethod(m, argToParam(sink, i)) and @@ -375,7 +375,7 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) { * between arguments. */ private predicate argToArgStep(Expr tracked, Expr sink) { - exists(MethodAccess ma, Method method, int input, int output | + exists(MethodCall ma, Method method, int input, int output | method.(TaintPreservingCallable).transfersTaint(argToParam(ma, input), argToParam(ma, output)) and ma.getMethod() = method and ma.getArgument(input) = tracked and @@ -388,7 +388,7 @@ private predicate argToArgStep(Expr tracked, Expr sink) { * from the argument to the qualifier and `sink` is the qualifier. */ private predicate argToQualifierStep(Expr tracked, Expr sink) { - exists(Method m, int i, MethodAccess ma | + exists(Method m, int i, MethodCall ma | taintPreservingArgumentToQualifier(m, argToParam(ma, i)) and ma.getMethod() = m and tracked = ma.getArgument(i) and @@ -412,7 +412,7 @@ private predicate comparisonStep(Expr tracked, Expr sink) { e.hasOperands(tracked, other) ) or - exists(MethodAccess m | m.getMethod() instanceof EqualsMethod | + exists(MethodCall m | m.getMethod() instanceof EqualsMethod | m = sink and ( m.getQualifier() = tracked and m.getArgument(0) = other @@ -429,13 +429,13 @@ private predicate comparisonStep(Expr tracked, Expr sink) { private predicate serializationStep(Expr tracked, Expr sink) { exists(ObjectOutputStreamVar v, VariableAssign def | def = v.getADef() and - exists(MethodAccess ma, RValue use | + exists(MethodCall ma, VarRead use | ma.getArgument(0) = tracked and - ma = v.getAWriteObjectMethodAccess() and + ma = v.getAWriteObjectMethodCall() and use = ma.getQualifier() and defUsePair(def, use) ) and - exists(RValue outputstream, ClassInstanceExpr cie | + exists(VarRead outputstream, ClassInstanceExpr cie | cie = def.getSource() and outputstream = cie.getArgument(0) and adjacentUseUse(outputstream, sink) @@ -460,23 +460,27 @@ class ObjectOutputStreamVar extends LocalVariableDecl { result.getDestVar() = this } - MethodAccess getAWriteObjectMethodAccess() { + /** Gets a call to `writeObject` called against this variable. */ + MethodCall getAWriteObjectMethodCall() { result.getQualifier() = this.getAnAccess() and result.getMethod().hasName("writeObject") } + + /** DEPRECATED: Alias for `getAWriteObjectMethodCall`. */ + deprecated MethodCall getAWriteObjectMethodAccess() { result = this.getAWriteObjectMethodCall() } } /** Flow through string formatting. */ private predicate formatStep(Expr tracked, Expr sink) { exists(FormatterVar v, VariableAssign def | def = v.getADef() and - exists(MethodAccess ma, RValue use | + exists(MethodCall ma, VarRead use | ma.getAnArgument() = tracked and - ma = v.getAFormatMethodAccess() and + ma = v.getAFormatMethodCall() and use = ma.getQualifier() and defUsePair(def, use) ) and - exists(RValue output, ClassInstanceExpr cie | + exists(VarRead output, ClassInstanceExpr cie | cie = def.getSource() and output = cie.getArgument(0) and adjacentUseUse(output, sink) and @@ -505,7 +509,7 @@ private class FormatterVar extends LocalVariableDecl { result.getDestVar() = this } - MethodAccess getAFormatMethodAccess() { + MethodCall getAFormatMethodCall() { result.getQualifier() = this.getAnAccess() and result.getMethod().hasName("format") } @@ -555,7 +559,7 @@ module StringBuilderVarModule { /** * Gets a call that adds something to this string builder, from the argument at the given index. */ - MethodAccess getAnInput(int arg) { + MethodCall getAnInput(int arg) { result.getQualifier() = this.getAChainedReference() and ( result.getMethod().getName() = "append" and arg = 0 @@ -569,19 +573,19 @@ module StringBuilderVarModule { /** * Gets a call that appends something to this string builder. */ - MethodAccess getAnAppend() { + MethodCall getAnAppend() { result.getQualifier() = this.getAChainedReference() and result.getMethod().getName() = "append" } - MethodAccess getNextAppend(MethodAccess append) { + MethodCall getNextAppend(MethodCall append) { result = this.getAnAppend() and append = this.getAnAppend() and ( result.getQualifier() = append or - not exists(MethodAccess chainAccess | chainAccess.getQualifier() = append) and - exists(RValue sbva1, RValue sbva2 | + not exists(MethodCall chainAccess | chainAccess.getQualifier() = append) and + exists(VarRead sbva1, VarRead sbva2 | adjacentUseUse(sbva1, sbva2) and append.getQualifier() = this.getAChainedReference(sbva1) and result.getQualifier() = sbva2 @@ -592,7 +596,7 @@ module StringBuilderVarModule { /** * Gets a call that converts this string builder to a string. */ - MethodAccess getToStringCall() { + MethodCall getToStringCall() { result.getQualifier() = this.getAChainedReference() and result.getMethod().getName() = "toString" } @@ -612,7 +616,7 @@ module StringBuilderVarModule { } } -private MethodAccess callReturningSameType(Expr ref) { +private MethodCall callReturningSameType(Expr ref) { ref = result.getQualifier() and result.getMethod().getReturnType() = ref.getType() } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll index 59f7f4580a88..253506347f30 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll @@ -200,11 +200,11 @@ private module Impl { * `Collection`). */ predicate containerSizeAccess(Expr e) { - e.(MethodAccess).getMethod() instanceof StringLengthMethod + e.(MethodCall).getMethod() instanceof StringLengthMethod or - e.(MethodAccess).getMethod() instanceof CollectionSizeMethod + e.(MethodCall).getMethod() instanceof CollectionSizeMethod or - e.(MethodAccess).getMethod() instanceof MapSizeMethod + e.(MethodCall).getMethod() instanceof MapSizeMethod } /** Holds if `e` is by definition strictly positive. */ @@ -218,7 +218,7 @@ private module Impl { // types handled in `specificSubExprSign`. e instanceof ArrayAccess and e.getType() instanceof NumericOrCharType or - e instanceof MethodAccess and e.getType() instanceof NumericOrCharType + e instanceof MethodCall and e.getType() instanceof NumericOrCharType or e instanceof ClassInstanceExpr and e.getType() instanceof NumericOrCharType } @@ -267,7 +267,7 @@ private module Impl { /** Holds if `f` can have any sign. */ predicate fieldWithUnknownSign(Field f) { - exists(ReflectiveFieldAccess rfa | rfa.inferAccessedField() = f) + exists(ReflectiveGetFieldCall rfa | rfa.inferAccessedField() = f) } /** Holds if `f` is accessed in an increment operation. */ diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll b/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll index 709911046568..cab159b18043 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll @@ -173,9 +173,9 @@ class LiveClass extends SourceClassOrInterface { exists(NestedType r | r.getEnclosingType() = this | r instanceof LiveClass) or // An annotation on the class is reflectively accessed. - exists(ReflectiveAnnotationAccess reflectiveAnnotationAccess | - this = reflectiveAnnotationAccess.getInferredClassType() and - isLive(reflectiveAnnotationAccess.getEnclosingCallable()) + exists(ReflectiveGetAnnotationCall reflectiveAnnotationCall | + this = reflectiveAnnotationCall.getInferredClassType() and + isLive(reflectiveAnnotationCall.getEnclosingCallable()) ) or this instanceof AnonymousClass diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll b/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll index 506da3803f77..e87671dba714 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll @@ -19,7 +19,7 @@ VarAccess valueAccess(EnumConstant e) { ( exists(Call c | c.getAnArgument() = valueFlow+(result) or - c.(MethodAccess).getQualifier() = valueFlow+(result) + c.(MethodCall).getQualifier() = valueFlow+(result) ) or exists(Assignment a | a.getSource() = valueFlow+(result)) @@ -47,14 +47,14 @@ predicate exception(EnumConstant e) { ) or // A method iterates over the values of an enum. - exists(MethodAccess values | values.getMethod().getDeclaringType() = t | + exists(MethodCall values | values.getMethod().getDeclaringType() = t | values.getParent() instanceof EnhancedForStmt or - values.getParent().(MethodAccess).getMethod().hasName("findThisIn") + values.getParent().(MethodCall).getMethod().hasName("findThisIn") ) or // The `valueOf` method is called, meaning that depending on the string any constant // could be retrieved. - exists(MethodAccess valueOf | valueOf.getMethod().getDeclaringType() = t | + exists(MethodCall valueOf | valueOf.getMethod().getDeclaringType() = t | valueOf.getMethod().hasName("valueOf") ) or diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll index e5bbb7e9ee32..231a81758048 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll @@ -130,7 +130,7 @@ class JUnitAnnotatedField extends ReflectivelyReadField { */ class ClassReflectivelyReadField extends ReflectivelyReadField { ClassReflectivelyReadField() { - exists(ReflectiveFieldAccess fieldAccess | this = fieldAccess.inferAccessedField()) + exists(ReflectiveGetFieldCall fieldAccess | this = fieldAccess.inferAccessedField()) } } diff --git a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll index 8ee23098eefa..e2323e738eb5 100644 --- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll @@ -142,7 +142,7 @@ deprecated class JAXAnnotationReflectivelyConstructedClass = class DeserializedClass extends ReflectivelyConstructedClass { DeserializedClass() { exists(CastingExpr cast, ReadObjectMethod readObject | - cast.getExpr().(MethodAccess).getMethod() = readObject + cast.getExpr().(MethodCall).getMethod() = readObject | hasDescendant(cast.getType(), this) ) @@ -164,7 +164,7 @@ class NewInstanceCall extends EntryPoint, NewInstance { /** * A call to either `Class.getMethod(...)` or `Class.getDeclaredMethod(...)`. */ -class ReflectiveMethodAccessEntryPoint extends EntryPoint, ReflectiveMethodAccess { +class ReflectiveGetMethodCallEntryPoint extends EntryPoint, ReflectiveGetMethodCall { override Method getALiveCallable() { result = this.inferAccessedMethod() and // The `getMethod(...)` call must be used in a live context. @@ -172,6 +172,9 @@ class ReflectiveMethodAccessEntryPoint extends EntryPoint, ReflectiveMethodAcces } } +/** DEPRECATED: Alias for `ReflectiveGetMethodCallEntryPoint`. */ +deprecated class ReflectiveMethodAccessEntryPoint = ReflectiveGetMethodCallEntryPoint; + /** * Classes that are entry points recognised by annotations. */ diff --git a/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll b/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll index e3eb298dd139..82bda033bc6d 100644 --- a/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll +++ b/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll @@ -19,7 +19,7 @@ private import codeql.typetracking.TypeTracking /** * Gets a viable dispatch target for `ma`. This is the input dispatch relation. */ -private Method viableImpl_inp(MethodAccess ma) { result = viableImpl_v2(ma) } +private Method viableImpl_inp(MethodCall ma) { result = viableImpl_v2(ma) } private Callable dispatchCand(Call c) { c instanceof ConstructorCall and result = c.getCallee().getSourceDeclaration() @@ -99,7 +99,7 @@ private predicate trackedMethodOnType(Method m, SrcRefType t) { * by the type constructed by `cie`. Thus the dispatch from `ma` to `m` will * only be included if `cie` flows to the qualifier of `ma`. */ -private predicate dispatchOrigin(ClassInstanceExpr cie, MethodAccess ma, Method m) { +private predicate dispatchOrigin(ClassInstanceExpr cie, MethodCall ma, Method m) { m = viableImpl_inp(ma) and not m = ma.getMethod().getSourceDeclaration() and trackedMethodOnType(m, cie.getConstructedType().getSourceDeclaration()) @@ -133,7 +133,7 @@ private module TypeTrackingSteps { class LocalSourceNode extends RelevantNode { LocalSourceNode() { this.asExpr() instanceof Call or - this.asExpr() instanceof RValue or + this.asExpr() instanceof VarRead or this instanceof DataFlow::ParameterNode or this instanceof DataFlow::ImplicitVarargsArray or this.asExpr() instanceof ArrayInit or @@ -197,10 +197,10 @@ private module TypeTrackingSteps { enum.getAnEnumConstant().getAnAssignedValue() = n1.asExpr() and getValue.getDeclaringType() = enum and getValue.hasName("valueOf") and - n2.asExpr().(MethodAccess).getMethod() = getValue + n2.asExpr().(MethodCall).getMethod() = getValue ) or - exists(Variable v, MethodAccess put, MethodAccess get | + exists(Variable v, MethodCall put, MethodCall get | put.getArgument(1) = n1.asExpr() and put.getMethod().(MapMethod).hasName("put") and put.getQualifier() = v.getAnAccess() and @@ -209,12 +209,12 @@ private module TypeTrackingSteps { n2.asExpr() = get ) or - exists(Variable v, MethodAccess add | + exists(Variable v, MethodCall add | add.getAnArgument() = n1.asExpr() and add.getMethod().(CollectionMethod).hasName("add") and add.getQualifier() = v.getAnAccess() | - exists(MethodAccess get | + exists(MethodCall get | get.getQualifier() = v.getAnAccess() and get.getMethod().(CollectionMethod).hasName("get") and n2.asExpr() = get @@ -236,7 +236,7 @@ private module TypeTrackingSteps { enum.getAnEnumConstant().getAnAssignedValue() = n1.asExpr() and getValue.getDeclaringType() = enum and getValue.hasName("values") and - n2.asExpr().(MethodAccess).getMethod() = getValue and + n2.asExpr().(MethodCall).getMethod() = getValue and f = ContentArray() ) or @@ -253,7 +253,7 @@ private module TypeTrackingSteps { exists(AssignExpr a, Variable v | a.getSource() = n1.asExpr() and a.getDest().(ArrayAccess).getArray() = v.getAnAccess() and - n2.asExpr() = v.getAnAccess().(RValue) and + n2.asExpr() = v.getAnAccess().(VarRead) and f = ContentArray() ) } @@ -300,10 +300,10 @@ private module TypeTrackingSteps { private predicate lambdaSource(RelevantNode n) { dispatchOrigin(n.asExpr(), _, _) } private predicate lambdaSink(RelevantNode n) { - exists(MethodAccess ma | dispatchOrigin(_, ma, _) | n = DataFlow::getInstanceArgument(ma)) + exists(MethodCall ma | dispatchOrigin(_, ma, _) | n = DataFlow::getInstanceArgument(ma)) } -private signature Method methodDispatchSig(MethodAccess ma); +private signature Method methodDispatchSig(MethodCall ma); private module TrackLambda { private Callable dispatch(Call c) { @@ -352,7 +352,7 @@ private module TrackLambda { private predicate edgePlus(PathNode n1, PathNode n2) = fastTC(edges/2)(n1, n2) - private predicate pairCand(PathNode p1, PathNode p2, Method m, MethodAccess ma) { + private predicate pairCand(PathNode p1, PathNode p2, Method m, MethodCall ma) { exists(ClassInstanceExpr cie | dispatchOrigin(cie, ma, m) and p1.getNode() = DataFlow::exprNode(cie) and @@ -367,7 +367,7 @@ private module TrackLambda { * declares or inherits the tracked method `result` to the qualifier of `ma` such * that `ma` may dispatch to `result`. */ - Method lambdaDispatch(MethodAccess ma) { + Method lambdaDispatch(MethodCall ma) { exists(PathNode p1, PathNode p2 | (p1 = p2 or edgePlus(p1, p2)) and pairCand(p1, p2, result, ma) @@ -375,30 +375,30 @@ private module TrackLambda { } } -private Method noDisp(MethodAccess ma) { none() } +private Method noDisp(MethodCall ma) { none() } pragma[nomagic] -private Method d1(MethodAccess ma) { result = TrackLambda::lambdaDispatch(ma) } +private Method d1(MethodCall ma) { result = TrackLambda::lambdaDispatch(ma) } pragma[nomagic] -private Method d2(MethodAccess ma) { result = TrackLambda::lambdaDispatch(ma) } +private Method d2(MethodCall ma) { result = TrackLambda::lambdaDispatch(ma) } pragma[nomagic] -private Method d3(MethodAccess ma) { result = TrackLambda::lambdaDispatch(ma) } +private Method d3(MethodCall ma) { result = TrackLambda::lambdaDispatch(ma) } pragma[nomagic] -private Method d4(MethodAccess ma) { result = TrackLambda::lambdaDispatch(ma) } +private Method d4(MethodCall ma) { result = TrackLambda::lambdaDispatch(ma) } pragma[nomagic] -private Method d5(MethodAccess ma) { result = TrackLambda::lambdaDispatch(ma) } +private Method d5(MethodCall ma) { result = TrackLambda::lambdaDispatch(ma) } pragma[nomagic] -private Method d6(MethodAccess ma) { result = TrackLambda::lambdaDispatch(ma) } +private Method d6(MethodCall ma) { result = TrackLambda::lambdaDispatch(ma) } /** * Gets a viable dispatch target for `ma`. This is the output dispatch relation. */ -Method viableImpl_out(MethodAccess ma) { +Method viableImpl_out(MethodCall ma) { result = viableImpl_inp(ma) and (result = d6(ma) or not dispatchOrigin(_, ma, result)) } diff --git a/java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll b/java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll index 14ea6e81718e..293ba894fdfb 100644 --- a/java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll +++ b/java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll @@ -20,7 +20,7 @@ private import semmle.code.java.dispatch.internal.Unification /** * Gets a viable dispatch target for `ma`. This is the input dispatch relation. */ -private Method viableImpl_inp(MethodAccess ma) { result = viableImpl_v3(ma) } +private Method viableImpl_inp(MethodCall ma) { result = viableImpl_v3(ma) } private Callable dispatchCand(Call c) { c instanceof ConstructorCall and result = c.getCallee().getSourceDeclaration() @@ -118,7 +118,7 @@ private predicate step(Node n1, Node n2) { exists(AssignExpr a, Field v | a.getSource() = n1.asExpr() and a.getDest().(ArrayAccess).getArray() = v.getAnAccess() and - n2.asExpr() = v.getAnAccess().(RValue) + n2.asExpr() = v.getAnAccess().(VarRead) ) or exists(AssignExpr a | @@ -193,7 +193,7 @@ private predicate source(RefType t, ObjNode n) { * Holds if `n` is the qualifier of an `Object.toString()` call. */ private predicate sink(ObjNode n) { - exists(MethodAccess toString | + exists(MethodCall toString | toString.getQualifier() = n.asExpr() and toString.getMethod() instanceof ToStringMethod ) and @@ -231,7 +231,7 @@ private predicate objType(ObjNode n, RefType t) { ) } -private VirtualMethodAccess objectToString(ObjNode n) { +private VirtualMethodCall objectToString(ObjNode n) { result.getQualifier() = n.asExpr() and sink(n) } @@ -239,16 +239,16 @@ private VirtualMethodAccess objectToString(ObjNode n) { * Holds if `ma` is an `Object.toString()` call taking possibly improved type * bounds into account. */ -predicate objectToStringCall(VirtualMethodAccess ma) { ma = objectToString(_) } +predicate objectToStringCall(VirtualMethodCall ma) { ma = objectToString(_) } /** * Holds if the qualifier of the `Object.toString()` call `ma` might have type `t`. */ -private predicate objectToStringQualType(MethodAccess ma, RefType t) { +private predicate objectToStringQualType(MethodCall ma, RefType t) { exists(ObjNode n | ma = objectToString(n) and objType(n, t)) } -private Method viableImplObjectToString(MethodAccess ma) { +private Method viableImplObjectToString(MethodCall ma) { exists(Method def, RefType t | objectToStringQualType(ma, t) and def = ma.getMethod() and @@ -265,7 +265,7 @@ private Method viableImplObjectToString(MethodAccess ma) { * The set of dispatch targets for `Object.toString()` calls are reduced based * on possible data flow from objects of more specific types to the qualifier. */ -Method viableImpl_out(MethodAccess ma) { +Method viableImpl_out(MethodCall ma) { result = viableImpl_inp(ma) and ( result = viableImplObjectToString(ma) or diff --git a/java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll b/java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll index 64f26685b681..4f05dedb1767 100644 --- a/java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll +++ b/java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll @@ -15,7 +15,7 @@ private import semmle.code.java.dispatch.internal.Unification * A conservative analysis that returns a single method - if we can establish * one - that will be the target of the virtual dispatch. */ -Method exactVirtualMethod(MethodAccess c) { +Method exactVirtualMethod(MethodCall c) { // If there are multiple potential implementations, return nothing. implCount(c, 1) and result = viableImpl(c) @@ -31,7 +31,7 @@ Callable exactCallable(Call c) { c instanceof ConstructorCall and result = c.getCallee() } -private predicate implCount(MethodAccess m, int c) { strictcount(viableImpl(m)) = c } +private predicate implCount(MethodCall m, int c) { strictcount(viableImpl(m)) = c } /** Gets a viable implementation of the target of the given `Call`. */ Callable viableCallable(Call c) { @@ -44,7 +44,7 @@ Callable viableCallable(Call c) { class VirtCalledSrcMethod extends SrcMethod { pragma[nomagic] VirtCalledSrcMethod() { - exists(VirtualMethodAccess ma | ma.getMethod().getSourceDeclaration() = this) + exists(VirtualMethodCall ma | ma.getMethod().getSourceDeclaration() = this) } } @@ -52,7 +52,7 @@ cached private module Dispatch { /** Gets a viable implementation of the method called in the given method access. */ cached - Method viableImpl(MethodAccess ma) { result = ObjFlow::viableImpl_out(ma) } + Method viableImpl(MethodCall ma) { result = ObjFlow::viableImpl_out(ma) } /** * Holds if `m` is a viable implementation of the method called in `ma` for @@ -60,7 +60,7 @@ private module Dispatch { * the dispatch type is likely to yield implausible dispatch targets. */ cached - predicate lowConfidenceDispatchTarget(MethodAccess ma, Method m) { + predicate lowConfidenceDispatchTarget(MethodCall ma, Method m) { m = viableImpl(ma) and lowConfidenceDispatch(ma) } @@ -70,13 +70,13 @@ private module Dispatch { * Gets a viable implementation of the method called in the given method access. */ cached - Method viableImpl_v3(MethodAccess ma) { result = DispatchFlow::viableImpl_out(ma) } + Method viableImpl_v3(MethodCall ma) { result = DispatchFlow::viableImpl_out(ma) } /** * Holds if the best type bounds for the qualifier of `ma` are likely to * contain implausible dispatch targets. */ - private predicate lowConfidenceDispatch(VirtualMethodAccess ma) { + private predicate lowConfidenceDispatch(VirtualMethodCall ma) { exists(RefType t | hasQualifierType(ma, t, false) | lowConfidenceDispatchType(t.getSourceDeclaration()) ) and @@ -121,7 +121,7 @@ private module Dispatch { * Gets a viable implementation of the method called in the given method access. */ cached - Method viableImpl_v2(MethodAccess ma) { + Method viableImpl_v2(MethodCall ma) { result = viableImpl_v2_cand(pragma[only_bind_into](ma)) and exists(Method def, RefType t, boolean exact | qualUnionType(pragma[only_bind_into](ma), pragma[only_bind_into](t), @@ -141,7 +141,7 @@ private module Dispatch { not qualUnionType(ma, _, _) } - private predicate qualUnionType(VirtualMethodAccess ma, RefType t, boolean exact) { + private predicate qualUnionType(VirtualMethodCall ma, RefType t, boolean exact) { exprUnionTypeFlow(ma.getQualifier(), t, exact) } @@ -150,7 +150,7 @@ private module Dispatch { private module Unification_v2 = MkUnification; - private Method viableImpl_v2_cand(MethodAccess ma) { + private Method viableImpl_v2_cand(MethodCall ma) { result = viableImpl_v1(ma) and ( exists(Method def, RefType t, boolean exact | @@ -170,7 +170,7 @@ private module Dispatch { ) } - private predicate qualType(VirtualMethodAccess ma, RefType t, boolean exact) { + private predicate qualType(VirtualMethodCall ma, RefType t, boolean exact) { exprTypeFlow(ma.getQualifier(), t, exact) } @@ -185,7 +185,7 @@ private module Dispatch { * Gets a viable implementation of the method called in the given method access. */ cached - Method viableImpl_v1(MethodAccess source) { + Method viableImpl_v1(MethodCall source) { result = viableImpl_v1_cand(source) and not impossibleDispatchTarget(source, result) } @@ -193,7 +193,7 @@ private module Dispatch { /** * Holds if `source` cannot dispatch to `tgt` due to a negative `instanceof` guard. */ - private predicate impossibleDispatchTarget(MethodAccess source, Method tgt) { + private predicate impossibleDispatchTarget(MethodCall source, Method tgt) { tgt = viableImpl_v1_cand(source) and exists(InstanceOfExpr ioe, BaseSsaVariable v, Expr q, RefType t | source.getQualifier() = q and @@ -208,9 +208,9 @@ private module Dispatch { /** * Gets a viable implementation of the method called in the given method access. */ - private Method viableImpl_v1_cand(MethodAccess source) { + private Method viableImpl_v1_cand(MethodCall source) { not result.isAbstract() and - if source instanceof VirtualMethodAccess + if source instanceof VirtualMethodCall then exists(VirtCalledSrcMethod def, RefType t, boolean exact | source.getMethod().getSourceDeclaration() = def and @@ -242,7 +242,7 @@ private module Dispatch { not e instanceof FunctionalExpr and result = e.getType() } - private predicate hasQualifierType(VirtualMethodAccess ma, RefType t, boolean exact) { + private predicate hasQualifierType(VirtualMethodCall ma, RefType t, boolean exact) { exists(Expr src | src = ma.getQualifier() | // If we have a qualifier, then we take its type. exists(RefType srctype | srctype = getPreciseType(src) | @@ -264,9 +264,9 @@ private module Dispatch { not exists(ma.getQualifier()) and exact = false and ( - ma.isOwnMethodAccess() and t = ma.getEnclosingCallable().getDeclaringType() + ma.isOwnMethodCall() and t = ma.getEnclosingCallable().getDeclaringType() or - ma.isEnclosingMethodAccess(t) + ma.isEnclosingMethodCall(t) ) } diff --git a/java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll b/java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll index 77f3ff11291b..f41c79f92065 100644 --- a/java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll +++ b/java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll @@ -16,7 +16,7 @@ private predicate runner(Method m, int n, Method runmethod) { ( m.isNative() or - exists(Parameter p, MethodAccess ma, int j | + exists(Parameter p, MethodCall ma, int j | p = m.getParameter(n) and ma.getEnclosingCallable() = m and runner(pragma[only_bind_into](ma.getMethod().getSourceDeclaration()), @@ -31,7 +31,7 @@ private predicate runner(Method m, int n, Method runmethod) { * through a functional interface. The argument is traced backwards through * casts and variable assignments. */ -private Expr getRunnerArgument(MethodAccess ma, Method runmethod) { +private Expr getRunnerArgument(MethodCall ma, Method runmethod) { exists(Method runner, int param | runner(runner, param, runmethod) and viableImpl_v2(ma) = runner and @@ -50,7 +50,7 @@ private Expr getRunnerArgument(MethodAccess ma, Method runmethod) { * Gets a method that can be invoked through a functional interface as an * argument to `ma`. */ -Method getRunnerTarget(MethodAccess ma) { +Method getRunnerTarget(MethodCall ma) { exists(Expr action, Method runmethod | action = getRunnerArgument(ma, runmethod) | action.(FunctionalExpr).asMethod().getSourceDeclaration() = result or diff --git a/java/ql/lib/semmle/code/java/environment/SystemProperty.qll b/java/ql/lib/semmle/code/java/environment/SystemProperty.qll index 6a3ffde76ebe..63ded626c115 100644 --- a/java/ql/lib/semmle/code/java/environment/SystemProperty.qll +++ b/java/ql/lib/semmle/code/java/environment/SystemProperty.qll @@ -23,8 +23,8 @@ Expr getSystemProperty(string propertyName) { result = getSystemPropertyFromSpringProperties(propertyName) } -private MethodAccess getSystemPropertyFromSystem(string propertyName) { - result.(MethodAccessSystemGetProperty).hasCompileTimeConstantGetPropertyName(propertyName) +private MethodCall getSystemPropertyFromSystem(string propertyName) { + result.(MethodCallSystemGetProperty).hasCompileTimeConstantGetPropertyName(propertyName) or result.getMethod().hasName("lineSeparator") and propertyName = "line.separator" } @@ -34,7 +34,7 @@ private MethodAccess getSystemPropertyFromSystem(string propertyName) { * - `System.getProperties().getProperty(...)` * - `System.getProperties().get(...)` */ -private MethodAccess getSystemPropertyFromSystemGetProperties(string propertyName) { +private MethodCall getSystemPropertyFromSystemGetProperties(string propertyName) { exists(Method getMethod | getMethod instanceof PropertiesGetMethod or @@ -42,7 +42,7 @@ private MethodAccess getSystemPropertyFromSystemGetProperties(string propertyNam result.getMethod() = getMethod ) and result.getArgument(0).(CompileTimeConstantExpr).getStringValue() = propertyName and - localExprFlowPlusInitializers(any(MethodAccess m | + localExprFlowPlusInitializers(any(MethodCall m | m.getMethod().getDeclaringType() instanceof TypeSystem and m.getMethod().hasName("getProperties") ), result.getQualifier()) @@ -156,7 +156,7 @@ private FieldAccess getSystemPropertyFromApacheSystemUtils(string propertyName) ) } -private MethodAccess getSystemPropertyFromApacheFileUtils(string propertyName) { +private MethodCall getSystemPropertyFromApacheFileUtils(string propertyName) { exists(Method m | result.getMethod() = m and m.getDeclaringType().hasQualifiedName("org.apache.commons.io", "FileUtils") @@ -167,7 +167,7 @@ private MethodAccess getSystemPropertyFromApacheFileUtils(string propertyName) { ) } -private MethodAccess getSystemPropertyFromGuava(string propertyName) { +private MethodCall getSystemPropertyFromGuava(string propertyName) { exists(EnumConstant ec | ec.getDeclaringType().hasQualifiedName("com.google.common.base", "StandardSystemProperty") and // Example: `StandardSystemProperty.JAVA_IO_TMPDIR.value()` @@ -177,10 +177,10 @@ private MethodAccess getSystemPropertyFromGuava(string propertyName) { ) or // Example: `System.getProperty(StandardSystemProperty.JAVA_IO_TMPDIR.key())` - exists(MethodAccess keyMa | + exists(MethodCall keyMa | localExprFlowPlusInitializers(ec.getAnAccess(), keyMa.getQualifier()) and keyMa.getMethod().hasName("key") and - localExprFlowPlusInitializers(keyMa, result.(MethodAccessSystemGetProperty).getArgument(0)) + localExprFlowPlusInitializers(keyMa, result.(MethodCallSystemGetProperty).getArgument(0)) ) | ec.hasName("JAVA_VERSION") and propertyName = "java.version" @@ -241,7 +241,7 @@ private MethodAccess getSystemPropertyFromGuava(string propertyName) { ) } -private MethodAccess getSystemPropertyFromOperatingSystemMXBean(string propertyName) { +private MethodCall getSystemPropertyFromOperatingSystemMXBean(string propertyName) { exists(Method m | m = result.getMethod() and m.getDeclaringType().hasQualifiedName("java.lang.management", "OperatingSystemMXBean") @@ -254,7 +254,7 @@ private MethodAccess getSystemPropertyFromOperatingSystemMXBean(string propertyN ) } -private MethodAccess getSystemPropertyFromSpringProperties(string propertyName) { +private MethodCall getSystemPropertyFromSpringProperties(string propertyName) { exists(Method m | m = result.getMethod() and m.getDeclaringType().hasQualifiedName("org.springframework.core", "SpringProperties") and diff --git a/java/ql/lib/semmle/code/java/frameworks/Assertions.qll b/java/ql/lib/semmle/code/java/frameworks/Assertions.qll index 80126f107e9c..287346b85360 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Assertions.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Assertions.qll @@ -60,10 +60,10 @@ class AssertionMethod extends Method { AssertionMethod() { assertionMethod(this, _) } /** Gets a call to the assertion method. */ - MethodAccess getACheck() { result.getMethod().getSourceDeclaration() = this } + MethodCall getACheck() { result.getMethod().getSourceDeclaration() = this } /** Gets a call to the assertion method with `checkedArg` as argument. */ - MethodAccess getACheck(Expr checkedArg) { + MethodCall getACheck(Expr checkedArg) { result = this.getACheck() and checkedArg = result.getAnArgument() } } diff --git a/java/ql/lib/semmle/code/java/frameworks/FastJson.qll b/java/ql/lib/semmle/code/java/frameworks/FastJson.qll index 99eb47d76f03..c9f7d9e8b89d 100644 --- a/java/ql/lib/semmle/code/java/frameworks/FastJson.qll +++ b/java/ql/lib/semmle/code/java/frameworks/FastJson.qll @@ -24,7 +24,7 @@ class FastJsonParseMethod extends Method { /** * A call to `ParserConfig.setSafeMode`. */ -class FastJsonSetSafeMode extends MethodAccess { +class FastJsonSetSafeMode extends MethodCall { FastJsonSetSafeMode() { exists(Method m | this.getMethod() = m and diff --git a/java/ql/lib/semmle/code/java/frameworks/Jackson.qll b/java/ql/lib/semmle/code/java/frameworks/Jackson.qll index 39ee238fe355..605370ec594f 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Jackson.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Jackson.qll @@ -44,7 +44,7 @@ class ObjectMapperReadMethod extends Method { } /** A call that enables the default typing in `ObjectMapper`. */ -class EnableJacksonDefaultTyping extends MethodAccess { +class EnableJacksonDefaultTyping extends MethodCall { EnableJacksonDefaultTyping() { this.getMethod().getDeclaringType() instanceof ObjectMapper and this.getMethod().hasName("enableDefaultTyping") @@ -54,7 +54,7 @@ class EnableJacksonDefaultTyping extends MethodAccess { /** A qualifier of a call to one of the methods in `ObjectMapper` that deserialize data. */ class ObjectMapperReadQualifier extends DataFlow::ExprNode { ObjectMapperReadQualifier() { - exists(MethodAccess ma | ma.getQualifier() = this.asExpr() | + exists(MethodCall ma | ma.getQualifier() = this.asExpr() | ma.getMethod() instanceof ObjectMapperReadMethod ) } @@ -63,7 +63,7 @@ class ObjectMapperReadQualifier extends DataFlow::ExprNode { /** A source that sets a type validator. */ class SetPolymorphicTypeValidatorSource extends DataFlow::ExprNode { SetPolymorphicTypeValidatorSource() { - exists(MethodAccess ma, Method m | m = ma.getMethod() | + exists(MethodCall ma, Method m | m = ma.getMethod() | ( m.getDeclaringType() instanceof ObjectMapper and m.hasName("setPolymorphicTypeValidator") @@ -83,7 +83,7 @@ class SetPolymorphicTypeValidatorSource extends DataFlow::ExprNode { * if passed to an unsafely-configured `ObjectMapper`'s `readValue` method. */ predicate createJacksonJsonParserStep(DataFlow::Node fromNode, DataFlow::Node toNode) { - exists(MethodAccess ma, Method m | m = ma.getMethod() | + exists(MethodCall ma, Method m | m = ma.getMethod() | (m.getDeclaringType() instanceof ObjectMapper or m.getDeclaringType() instanceof JsonFactory) and m.hasName("createParser") and ma.getArgument(0) = fromNode.asExpr() and @@ -98,14 +98,14 @@ predicate createJacksonJsonParserStep(DataFlow::Node fromNode, DataFlow::Node to * if passed to an unsafely-configured `ObjectMapper`'s `treeToValue` method. */ predicate createJacksonTreeNodeStep(DataFlow::Node fromNode, DataFlow::Node toNode) { - exists(MethodAccess ma, Method m | m = ma.getMethod() | + exists(MethodCall ma, Method m | m = ma.getMethod() | m.getDeclaringType() instanceof ObjectMapper and m.hasName("readTree") and ma.getArgument(0) = fromNode.asExpr() and ma = toNode.asExpr() ) or - exists(MethodAccess ma, Method m | m = ma.getMethod() | + exists(MethodCall ma, Method m | m = ma.getMethod() | m.getDeclaringType() instanceof JsonParser and m.hasName("readValueAsTree") and ma.getQualifier() = fromNode.asExpr() and @@ -138,7 +138,7 @@ private predicate hasFieldWithJsonTypeAnnotation(RefType type) { * Holds if `call` is a method call to a Jackson deserialization method such as `ObjectMapper.readValue(String, Class)`, * and the target deserialized class has a field with a `JsonTypeInfo` annotation that enables polymorphic typing. */ -predicate hasArgumentWithUnsafeJacksonAnnotation(MethodAccess call) { +predicate hasArgumentWithUnsafeJacksonAnnotation(MethodCall call) { call.getMethod() instanceof ObjectMapperReadMethod and exists(RefType argType, int i | i > 0 and argType = call.getArgument(i).getType() | hasJsonTypeInfoAnnotation(argType.(ParameterizedType).getATypeArgument()) diff --git a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll index 18a5d800df5a..f627a576c06b 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll @@ -437,7 +437,7 @@ private predicate isXssSafeContentTypeExpr(Expr e) { isXssSafeContentType(getCon private DataFlow::Node getABuilderWithExplicitContentType(Expr contentType) { // Base case: ResponseBuilder.type(contentType) result.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ma.getCallee().hasQualifiedName(getAJaxRsPackage("core"), "Response$ResponseBuilder", "type") and contentType = ma.getArgument(0) ) @@ -451,7 +451,7 @@ private DataFlow::Node getABuilderWithExplicitContentType(Expr contentType) { or // Base case: Variant[.VariantListBuilder].mediaTypes(...) result.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ma.getCallee() .hasQualifiedName(getAJaxRsPackage("core"), ["Variant", "Variant$VariantListBuilder"], "mediaTypes") and @@ -460,7 +460,7 @@ private DataFlow::Node getABuilderWithExplicitContentType(Expr contentType) { or // Recursive case: propagate through variant list building: result.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ( ma.getType() .(RefType) @@ -475,14 +475,14 @@ private DataFlow::Node getABuilderWithExplicitContentType(Expr contentType) { or // Recursive case: propagate through a List.get operation result.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ma.getMethod().hasQualifiedName("java.util", "List", "get") and ma.getQualifier() = getABuilderWithExplicitContentType(contentType).asExpr() ) or // Recursive case: propagate through Response.ResponseBuilder operations, including the `variant(...)` operation. result.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ma.getType().(RefType).hasQualifiedName(getAJaxRsPackage("core"), "Response$ResponseBuilder") and [ma.getQualifier(), ma.getArgument(0)] = getABuilderWithExplicitContentType(contentType).asExpr() @@ -518,7 +518,7 @@ private class SanitizedResponseBuilder extends XssSanitizer { this = getASanitizedBuilder() or this.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ma.getMethod().hasQualifiedName(getAJaxRsPackage("core"), "Response", "ok") and ( // e.g. Response.ok(sanitizeMe, new Variant("application/json", ...)) @@ -542,19 +542,19 @@ private class SanitizedResponseBuilder extends XssSanitizer { private class VulnerableEntity extends XssSinkBarrier { VulnerableEntity() { this.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ( // Vulnerable content-type already set: ma.getQualifier() = getAVulnerableBuilder().asExpr() or // Vulnerable content-type set in the future: - getAVulnerableBuilder().asExpr().(MethodAccess).getQualifier*() = ma + getAVulnerableBuilder().asExpr().(MethodCall).getQualifier*() = ma ) and ma.getMethod().hasName("entity") ).getArgument(0) or this.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ( isXssVulnerableContentTypeExpr(ma.getArgument(1)) or diff --git a/java/ql/lib/semmle/code/java/frameworks/JsonIo.qll b/java/ql/lib/semmle/code/java/frameworks/JsonIo.qll index aa332bd78ed5..19a4c4d2a634 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JsonIo.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JsonIo.qll @@ -33,7 +33,7 @@ class JsonIoReadObjectMethod extends Method { /** * A call to `Map.put` method, set the value of the `USE_MAPS` key to `true`. */ -class JsonIoUseMapsSetter extends MethodAccess { +class JsonIoUseMapsSetter extends MethodCall { JsonIoUseMapsSetter() { this.getMethod().getDeclaringType().getASourceSupertype*() instanceof MapType and this.getMethod().hasName("put") and @@ -51,14 +51,14 @@ deprecated class SafeJsonIoConfig extends DataFlow2::Configuration { SafeJsonIoConfig() { this = "UnsafeDeserialization::SafeJsonIoConfig" } override predicate isSource(DataFlow::Node src) { - exists(MethodAccess ma | + exists(MethodCall ma | ma instanceof JsonIoUseMapsSetter and src.asExpr() = ma.getQualifier() ) } override predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof JsonIoJsonToJavaMethod and sink.asExpr() = ma.getArgument(1) ) @@ -75,14 +75,14 @@ deprecated class SafeJsonIoConfig extends DataFlow2::Configuration { */ module SafeJsonIoConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { - exists(MethodAccess ma | + exists(MethodCall ma | ma instanceof JsonIoUseMapsSetter and src.asExpr() = ma.getQualifier() ) } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof JsonIoJsonToJavaMethod and sink.asExpr() = ma.getArgument(1) ) diff --git a/java/ql/lib/semmle/code/java/frameworks/Kryo.qll b/java/ql/lib/semmle/code/java/frameworks/Kryo.qll index 057b10de6327..7dde62c4ba4b 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Kryo.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Kryo.qll @@ -76,7 +76,7 @@ class KryoReadObjectMethod extends Method { /** * A call to `Kryo.setRegistrationRequired` that enables white-listing. */ -class KryoEnableWhiteListing extends MethodAccess { +class KryoEnableWhiteListing extends MethodCall { KryoEnableWhiteListing() { exists(Method m | m = this.getMethod() and diff --git a/java/ql/lib/semmle/code/java/frameworks/Mockito.qll b/java/ql/lib/semmle/code/java/frameworks/Mockito.qll index 47074f9547bc..38af7eb8575f 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Mockito.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Mockito.qll @@ -17,14 +17,17 @@ class MockitoVerifyMethod extends Method { } /** - * A MethodAccess which is called as part of a Mockito verification setup. + * A MethodCall which is called as part of a Mockito verification setup. */ -class MockitoVerifiedMethodAccess extends MethodAccess { - MockitoVerifiedMethodAccess() { - this.getQualifier().(MethodAccess).getMethod() instanceof MockitoVerifyMethod +class MockitoVerifiedMethodCall extends MethodCall { + MockitoVerifiedMethodCall() { + this.getQualifier().(MethodCall).getMethod() instanceof MockitoVerifyMethod } } +/** DEPRECATED: Alias for `MockitoVerifiedMethodCall`. */ +deprecated class MockitoVerifiedMethodAccess = MockitoVerifiedMethodCall; + /** * A type that can be mocked by Mockito. */ @@ -75,9 +78,7 @@ class MockitoInitedTest extends Class { m.calls*(initMocks) ) or - exists(MethodAccess call | call.getCallee() = initMocks | - call.getArgument(0).getType() = this - ) + exists(MethodCall call | call.getCallee() = initMocks | call.getArgument(0).getType() = this) ) } } @@ -383,12 +384,12 @@ class MockitoMockMethod extends Method { class MockitoMockedObject extends Expr { MockitoMockedObject() { - this.(MethodAccess).getMethod() instanceof MockitoMockMethod + this.(MethodCall).getMethod() instanceof MockitoMockMethod or this.(VarAccess).getVariable().getAnAssignedValue() instanceof MockitoMockedObject or exists(ReturnStmt ret | - this.(MethodAccess).getMethod() = ret.getEnclosingCallable() and + this.(MethodCall).getMethod() = ret.getEnclosingCallable() and ret.getResult() instanceof MockitoMockedObject ) } diff --git a/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll b/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll index 4c1244ca1d5d..01c8b829de6b 100644 --- a/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll +++ b/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll @@ -114,7 +114,7 @@ class MyBatisInjectionSink extends DataFlow::Node { private class MyBatisProviderStep extends TaintTracking::AdditionalValueStep { override predicate step(DataFlow::Node n1, DataFlow::Node n2) { - exists(MethodAccess ma, Annotation a, Method providerMethod | + exists(MethodCall ma, Annotation a, Method providerMethod | exists(int i | ma.getArgument(pragma[only_bind_into](i)) = n1.asExpr() and providerMethod.getParameter(pragma[only_bind_into](i)) = n2.asParameter() diff --git a/java/ql/lib/semmle/code/java/frameworks/Selenium.qll b/java/ql/lib/semmle/code/java/frameworks/Selenium.qll index e3e98738fd6d..0ea61ae0ecfe 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Selenium.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Selenium.qll @@ -16,7 +16,7 @@ class SeleniumPageFactory extends Class { /** * A call to the Selenium `PageFactory.initElements` method, to construct a page object. */ -class SeleniumInitElementsAccess extends MethodAccess { +class SeleniumInitElementsAccess extends MethodCall { SeleniumInitElementsAccess() { this.getMethod().getDeclaringType() instanceof SeleniumPageFactory and this.getMethod().hasName("initElements") diff --git a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll index 9c195ecea8dd..88b8c5c5d976 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll @@ -345,7 +345,7 @@ predicate isServletRequestMethod(Method m) { } /** Holds if `ma` is a call that gets a request parameter. */ -predicate isRequestGetParamMethod(MethodAccess ma) { +predicate isRequestGetParamMethod(MethodCall ma) { ma.getMethod() instanceof ServletRequestGetParameterMethod or ma.getMethod() instanceof ServletRequestGetParameterMapMethod or ma.getMethod() instanceof HttpServletRequestGetQueryStringMethod diff --git a/java/ql/lib/semmle/code/java/frameworks/SnakeYaml.qll b/java/ql/lib/semmle/code/java/frameworks/SnakeYaml.qll index f21b95520619..3bde32912180 100644 --- a/java/ql/lib/semmle/code/java/frameworks/SnakeYaml.qll +++ b/java/ql/lib/semmle/code/java/frameworks/SnakeYaml.qll @@ -53,7 +53,7 @@ private class SafeYaml extends ClassInstanceExpr { } /** A call to a parse method of `Yaml`. */ -private class SnakeYamlParse extends MethodAccess { +private class SnakeYamlParse extends MethodCall { SnakeYamlParse() { exists(Method m | m.getDeclaringType() instanceof Yaml and diff --git a/java/ql/lib/semmle/code/java/frameworks/Stream.qll b/java/ql/lib/semmle/code/java/frameworks/Stream.qll index f68cd6c844e1..96d74d1473a7 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Stream.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Stream.qll @@ -2,7 +2,7 @@ private import semmle.code.java.dataflow.FlowSummary -private class CollectCall extends MethodAccess { +private class CollectCall extends MethodCall { CollectCall() { this.getMethod() .getSourceDeclaration() @@ -10,7 +10,7 @@ private class CollectCall extends MethodAccess { } } -private class Collector extends MethodAccess { +private class Collector extends MethodCall { Collector() { this.getMethod().getDeclaringType().hasQualifiedName("java.util.stream", "Collectors") } diff --git a/java/ql/lib/semmle/code/java/frameworks/XStream.qll b/java/ql/lib/semmle/code/java/frameworks/XStream.qll index facc4a67914d..0e62459e13d8 100644 --- a/java/ql/lib/semmle/code/java/frameworks/XStream.qll +++ b/java/ql/lib/semmle/code/java/frameworks/XStream.qll @@ -27,7 +27,7 @@ class XStreamReadObjectMethod extends Method { /** * A call to `XStream.addPermission(NoTypePermission.NONE)`, which enables white-listing. */ -class XStreamEnableWhiteListing extends MethodAccess { +class XStreamEnableWhiteListing extends MethodCall { XStreamEnableWhiteListing() { exists(Method m | m = this.getMethod() and diff --git a/java/ql/lib/semmle/code/java/frameworks/android/AsyncTask.qll b/java/ql/lib/semmle/code/java/frameworks/android/AsyncTask.qll index 1e739bcba2b7..226a80709456 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/AsyncTask.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/AsyncTask.qll @@ -15,7 +15,7 @@ private import semmle.code.java.dataflow.FlowSteps */ private class AsyncTaskExecuteAdditionalValueStep extends AdditionalTaintStep { override predicate step(DataFlow::Node node1, DataFlow::Node node2) { - exists(ExecuteAsyncTaskMethodAccess ma, AsyncTaskRunInBackgroundMethod m | + exists(ExecuteAsyncTaskMethodCall ma, AsyncTaskRunInBackgroundMethod m | DataFlow::getInstanceArgument(ma).getType() = m.getDeclaringType() | node1.asExpr() = ma.getParamsArgument() and @@ -76,8 +76,8 @@ private class AsyncTaskInit extends Callable { } /** A call to the `execute` or `executeOnExecutor` methods of the `android.os.AsyncTask` class. */ -private class ExecuteAsyncTaskMethodAccess extends MethodAccess { - ExecuteAsyncTaskMethodAccess() { +private class ExecuteAsyncTaskMethodCall extends MethodCall { + ExecuteAsyncTaskMethodCall() { this.getMethod().hasName(["execute", "executeOnExecutor"]) and this.getMethod().getDeclaringType().getSourceDeclaration().getASourceSupertype*() instanceof AsyncTask diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Compose.qll b/java/ql/lib/semmle/code/java/frameworks/android/Compose.qll index c511d3601a55..0e6399cba1f0 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Compose.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Compose.qll @@ -8,7 +8,7 @@ import java * A call to a live literal method. * This always returns a constant expression and can be considered as such. */ -class LiveLiteral extends MethodAccess { +class LiveLiteral extends MethodCall { LiveLiteral() { this.getMethod() instanceof LiveLiteralMethod and not this.getEnclosingCallable() instanceof LiveLiteralMethod @@ -25,7 +25,7 @@ class LiveLiteral extends MethodAccess { * This predicate gets the constant value held by the private field. */ CompileTimeConstantExpr getValue() { - exists(MethodAccess getterCall, VarAccess va | + exists(MethodCall getterCall, VarAccess va | methodReturns(this.getMethod(), getterCall) and methodReturns(getterCall.getMethod(), va) and result = va.getVariable().getInitializer() diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll b/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll index 104fd74b5f2c..1aba2be33c06 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll @@ -154,7 +154,7 @@ class AndroidBundle extends Class { */ class ExplicitIntent extends Expr { ExplicitIntent() { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | ma.getMethod() = m and m.getDeclaringType() instanceof TypeIntent and m.hasName(["setPackage", "setClass", "setClassName", "setComponent"]) and @@ -237,8 +237,8 @@ private class NewIntent extends ClassInstanceExpr { } /** A call to a method that starts an Android component. */ -private class StartComponentMethodAccess extends MethodAccess { - StartComponentMethodAccess() { +private class StartComponentMethodCall extends MethodCall { + StartComponentMethodCall() { this.getMethod().overrides*(any(StartActivityMethod m)) or this.getMethod().overrides*(any(StartServiceMethod m)) or this.getMethod().overrides*(any(SendBroadcastMethod m)) @@ -263,11 +263,11 @@ private class StartComponentMethodAccess extends MethodAccess { } /** - * Holds if `src` reaches the intent argument `arg` of `StartComponentMethodAccess` + * Holds if `src` reaches the intent argument `arg` of `StartComponentMethodCall` * through intra-procedural steps. */ private predicate reaches(Expr src, Argument arg) { - any(StartComponentMethodAccess ma).getIntentArg() = arg and + any(StartComponentMethodCall ma).getIntentArg() = arg and src = arg or exists(Expr mid, BaseSsa::BaseSsaVariable ssa, BaseSsa::BaseSsaUpdate upd | @@ -298,7 +298,7 @@ private predicate reaches(Expr src, Argument arg) { */ private class StartActivityIntentStep extends AdditionalValueStep { override predicate step(DataFlow::Node n1, DataFlow::Node n2) { - exists(StartComponentMethodAccess startActivity, MethodAccess getIntent | + exists(StartComponentMethodCall startActivity, MethodCall getIntent | startActivity.getMethod().overrides*(any(StartActivityMethod m)) and getIntent.getMethod().overrides*(any(AndroidGetIntentMethod m)) and startActivity.targetsComponentType(getIntent.getReceiverType()) and @@ -309,11 +309,11 @@ private class StartActivityIntentStep extends AdditionalValueStep { } /** - * Holds if `targetType` is targeted by an existing `StartComponentMethodAccess` call + * Holds if `targetType` is targeted by an existing `StartComponentMethodCall` call * and it's identified by `id`. */ private predicate isTargetableType(AndroidComponent targetType, string id) { - exists(StartComponentMethodAccess ma | ma.targetsComponentType(targetType)) and + exists(StartComponentMethodCall ma | ma.targetsComponentType(targetType)) and targetType.getQualifiedName() = id } @@ -327,7 +327,7 @@ private class StartActivitiesSyntheticCallable extends SyntheticCallable { ) } - override StartComponentMethodAccess getACall() { + override StartComponentMethodCall getACall() { result.getMethod().hasName("startActivities") and result.targetsComponentType(targetType) } @@ -396,7 +396,7 @@ private class RequiredComponentStackForStartActivities extends RequiredSummaryCo */ private class SendBroadcastReceiverIntentStep extends AdditionalValueStep { override predicate step(DataFlow::Node n1, DataFlow::Node n2) { - exists(StartComponentMethodAccess sendBroadcast, Method onReceive | + exists(StartComponentMethodCall sendBroadcast, Method onReceive | sendBroadcast.getMethod().overrides*(any(SendBroadcastMethod m)) and onReceive.overrides*(any(AndroidReceiveIntentMethod m)) and sendBroadcast.targetsComponentType(onReceive.getDeclaringType()) and @@ -413,7 +413,7 @@ private class SendBroadcastReceiverIntentStep extends AdditionalValueStep { */ private class StartServiceIntentStep extends AdditionalValueStep { override predicate step(DataFlow::Node n1, DataFlow::Node n2) { - exists(StartComponentMethodAccess startService, Method serviceIntent | + exists(StartComponentMethodCall startService, Method serviceIntent | startService.getMethod().overrides*(any(StartServiceMethod m)) and serviceIntent.overrides*(any(AndroidServiceIntentMethod m)) and startService.targetsComponentType(serviceIntent.getDeclaringType()) and diff --git a/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll b/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll index c487c6cecc26..5253526f0fd1 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll @@ -37,7 +37,7 @@ class OnActivityResultIncomingIntent extends DataFlow::Node { or // A fragment calls `startActivityForResult` // and the activity it belongs to defines `onActivityResult`. - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasName(["add", "attach", "replace"]) and ma.getMethod() .getDeclaringType() @@ -71,7 +71,7 @@ private module ImplicitStartActivityForResultConfig implements DataFlow::ConfigS } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess startActivityForResult | + exists(MethodCall startActivityForResult | startActivityForResult.getMethod().hasName("startActivityForResult") and startActivityForResult.getMethod().getDeclaringType().getAnAncestor() instanceof ActivityOrFragment and @@ -83,7 +83,7 @@ private module ImplicitStartActivityForResultConfig implements DataFlow::ConfigS predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // Wrapping the Intent in a chooser - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | ma.getMethod() = m and m.hasName("createChooser") and m.getDeclaringType() instanceof TypeIntent diff --git a/java/ql/lib/semmle/code/java/frameworks/android/PendingIntent.qll b/java/ql/lib/semmle/code/java/frameworks/android/PendingIntent.qll index 544097061511..1c17d3c9b8df 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/PendingIntent.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/PendingIntent.qll @@ -8,7 +8,7 @@ class PendingIntent extends Class { } /** A call to a method that creates a `PendingIntent`. */ -class PendingIntentCreation extends MethodAccess { +class PendingIntentCreation extends MethodCall { PendingIntentCreation() { exists(Method m | this.getMethod() = m and diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll index 9cb39ed83a73..9a2729f5b794 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll @@ -6,7 +6,7 @@ private import semmle.code.java.dataflow.FlowSources private class EditableToStringStep extends AdditionalTaintStep { override predicate step(DataFlow::Node n1, DataFlow::Node n2) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasName("toString") and ma.getReceiverType().getASourceSupertype*().hasQualifiedName("android.text", "Editable") and n1.asExpr() = ma.getQualifier() and diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/CommonsXml.qll b/java/ql/lib/semmle/code/java/frameworks/apache/CommonsXml.qll index 42ecc946e504..5e72b26e009b 100644 --- a/java/ql/lib/semmle/code/java/frameworks/apache/CommonsXml.qll +++ b/java/ql/lib/semmle/code/java/frameworks/apache/CommonsXml.qll @@ -79,7 +79,7 @@ private module SafeDigesterFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeDigester } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | + exists(MethodCall ma | sink.asExpr() = ma.getQualifier() and ma.getMethod().getDeclaringType() instanceof Digester ) } diff --git a/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll b/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll index ab72d80d2e51..a7747857fdd6 100644 --- a/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll +++ b/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll @@ -21,7 +21,7 @@ import semmle.code.java.frameworks.spring.Spring /** * A method call to a ProcessorDefinition element. */ -class ProcessorDefinitionElement extends MethodAccess { +class ProcessorDefinitionElement extends MethodCall { ProcessorDefinitionElement() { this.getMethod() .getDeclaringType() @@ -114,7 +114,7 @@ deprecated class CamelJavaDSLBeanRefDecl = CamelJavaDslBeanRefDecl; * * An expression that represents a call to a bean, or particular method on a bean. */ -class CamelJavaDslMethodDecl extends MethodAccess { +class CamelJavaDslMethodDecl extends MethodCall { CamelJavaDslMethodDecl() { this.getMethod() .getDeclaringType() diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll b/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll index 2793f1980c5c..db8bc2574c13 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll @@ -14,7 +14,7 @@ private module TypeLiteralToParseAsFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() instanceof TypeLiteral } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getAnArgument() = sink.asExpr() and ma.getMethod() instanceof ParseAsMethod ) diff --git a/java/ql/lib/semmle/code/java/frameworks/google/Gson.qll b/java/ql/lib/semmle/code/java/frameworks/google/Gson.qll index b9329182ec9a..9dc38a529415 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/Gson.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/Gson.qll @@ -26,7 +26,7 @@ class GsonDeserializeMethod extends Method { * where `T` is a concrete type implementing `Parcelable`. */ predicate intentFlowsToParcel(DataFlow::Node intentNode, DataFlow::Node parcelNode) { - exists(MethodAccess getParcelableExtraCall, CreateFromParcelMethod cfpm, Type createdType | + exists(MethodCall getParcelableExtraCall, CreateFromParcelMethod cfpm, Type createdType | intentNode.asExpr() = getParcelableExtraCall.getQualifier() and getParcelableExtraCall.getMethod() instanceof IntentGetParcelableExtraMethod and DataFlow::localExprFlow(getParcelableExtraCall, any(Expr e | e.getType() = createdType)) and diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll index 8a286c93a16f..6abaee8ff720 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll @@ -22,7 +22,7 @@ abstract class GsonDeserializableType extends Type { } /** A type whose values are explicitly deserialized in a call to a Gson method. */ private class ExplicitlyReadGsonDeserializableType extends GsonDeserializableType { ExplicitlyReadGsonDeserializableType() { - exists(MethodAccess ma | + exists(MethodCall ma | // A call to a Gson read method... ma.getMethod() instanceof GsonReadValueMethod and // ...where `this` is used in the final argument, indicating that this type will be deserialized. diff --git a/java/ql/lib/semmle/code/java/frameworks/hudson/Hudson.qll b/java/ql/lib/semmle/code/java/frameworks/hudson/Hudson.qll index c2a7272a9f5d..ae316cf649e5 100644 --- a/java/ql/lib/semmle/code/java/frameworks/hudson/Hudson.qll +++ b/java/ql/lib/semmle/code/java/frameworks/hudson/Hudson.qll @@ -16,7 +16,7 @@ class HudsonWebMethod extends Method { private class HudsonUtilXssSanitizer extends XssSanitizer { HudsonUtilXssSanitizer() { this.asExpr() - .(MethodAccess) + .(MethodCall) .getMethod() // Not including xmlEscape because it only accounts for >, <, and &. // It does not account for ", or ', which makes it an incomplete XSS sanitizer. diff --git a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll index 4f857afb6608..8e1077d8bc01 100644 --- a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll @@ -68,7 +68,7 @@ private class JacksonReadValueMethod extends Method, TaintPreservingCallable { /** A type whose values are explicitly serialized in a call to a Jackson method. */ private class ExplicitlyWrittenJacksonSerializableType extends JacksonSerializableType { ExplicitlyWrittenJacksonSerializableType() { - exists(MethodAccess ma | + exists(MethodCall ma | // A call to a Jackson write method... ma.getMethod() instanceof JacksonWriteValueMethod and // ...where `this` is used in the final argument, indicating that this type will be serialized. @@ -91,7 +91,7 @@ private module TypeLiteralToJacksonDatabindFlowConfig implements DataFlow::Confi predicate isSource(DataFlow::Node source) { source.asExpr() instanceof TypeLiteral } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma, Method m, int i | + exists(MethodCall ma, Method m, int i | ma.getArgument(i) = sink.asExpr() and m = ma.getMethod() and m.getParameterType(i) instanceof TypeClass and @@ -116,7 +116,7 @@ private class ExplicitlyReadJacksonDeserializableType extends JacksonDeserializa ExplicitlyReadJacksonDeserializableType() { usesType(getSourceWithFlowToJacksonDatabind().getReferencedType(), this) or - exists(MethodAccess ma | + exists(MethodCall ma | // A call to a Jackson read method... ma.getMethod() instanceof JacksonReadValueMethod and // ...where `this` is used in the final argument, indicating that this type will be deserialized. @@ -177,7 +177,7 @@ private class JacksonDeserializedTaintStep extends AdditionalTaintStep { * This informs Jackson to treat the annotations on the second class argument as if they were on * the first class argument. This allows adding annotations to library classes, for example. */ -class JacksonAddMixinCall extends MethodAccess { +class JacksonAddMixinCall extends MethodCall { JacksonAddMixinCall() { exists(Method m | m = this.getMethod() and diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll index 590b172bffa8..c1a0b08d8e7c 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll @@ -52,7 +52,7 @@ private module SafeValidatorFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeValidator } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | + exists(MethodCall ma | sink.asExpr() = ma.getQualifier() and ma.getMethod().getDeclaringType() instanceof Validator ) diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll index 461a7dc8208f..f5a52490768c 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll @@ -135,7 +135,7 @@ class ForbiddenThisCallable extends ForbiddenCallable { ThisAccess forbiddenThisUse(Callable c) { result.getEnclosingCallable() = c and ( - exists(MethodAccess ma | ma.getAnArgument() = result) or + exists(MethodCall ma | ma.getAnArgument() = result) or exists(ReturnStmt rs | rs.getResult() = result) ) } diff --git a/java/ql/lib/semmle/code/java/frameworks/kotlin/Kotlin.qll b/java/ql/lib/semmle/code/java/frameworks/kotlin/Kotlin.qll index 71e0af2018dd..206996af321d 100644 --- a/java/ql/lib/semmle/code/java/frameworks/kotlin/Kotlin.qll +++ b/java/ql/lib/semmle/code/java/frameworks/kotlin/Kotlin.qll @@ -3,7 +3,7 @@ import java /** A call to Kotlin's `apply` method. */ -class KotlinApply extends MethodAccess { +class KotlinApply extends MethodCall { ExtensionMethod m; KotlinApply() { diff --git a/java/ql/lib/semmle/code/java/frameworks/kotlin/Text.qll b/java/ql/lib/semmle/code/java/frameworks/kotlin/Text.qll index 62eafa9565ec..8521b2847848 100644 --- a/java/ql/lib/semmle/code/java/frameworks/kotlin/Text.qll +++ b/java/ql/lib/semmle/code/java/frameworks/kotlin/Text.qll @@ -8,7 +8,7 @@ class StringsKt extends RefType { } /** A call to the extension method `String.toRegex` from `kotlin.text`. */ -class KtToRegex extends MethodAccess { +class KtToRegex extends MethodCall { KtToRegex() { this.getMethod().getDeclaringType() instanceof StringsKt and this.getMethod().hasName("toRegex") diff --git a/java/ql/lib/semmle/code/java/frameworks/play/Play.qll b/java/ql/lib/semmle/code/java/frameworks/play/Play.qll index 695f64f53d19..7b99b23704e3 100644 --- a/java/ql/lib/semmle/code/java/frameworks/play/Play.qll +++ b/java/ql/lib/semmle/code/java/frameworks/play/Play.qll @@ -126,7 +126,7 @@ class PlayMvcHttpRequestHeaderMethods extends Method { /** * Gets a reference to the `getQueryString` method. */ - MethodAccess getAQueryStringAccess() { + MethodCall getAQueryStringAccess() { this.hasName("getQueryString") and result = this.getAReference() } } @@ -140,10 +140,10 @@ class PlayMvcResultsMethods extends Method { /** * Gets a reference to the `play.mvc.Results.ok` method. */ - MethodAccess getAnOkAccess() { this.hasName("ok") and result = this.getAReference() } + MethodCall getAnOkAccess() { this.hasName("ok") and result = this.getAReference() } /** * Gets a reference to the `play.mvc.Results.redirect` method. */ - MethodAccess getARedirectAccess() { this.hasName("redirect") and result = this.getAReference() } + MethodCall getARedirectAccess() { this.hasName("redirect") and result = this.getAReference() } } diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll index f2611d6e2d10..9195a3878342 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll @@ -307,7 +307,7 @@ class SpringModelPlainMap extends SpringModel { SpringModelPlainMap() { this.getType() instanceof MapType } override RefType getATypeInModel() { - exists(MethodAccess methodCall | + exists(MethodCall methodCall | methodCall.getQualifier() = this.getAnAccess() and methodCall.getCallee().hasName("put") | @@ -327,7 +327,7 @@ class SpringModelModel extends SpringModel { } override RefType getATypeInModel() { - exists(MethodAccess methodCall | + exists(MethodCall methodCall | methodCall.getQualifier() = this.getAnAccess() and methodCall.getCallee().hasName("addAttribute") | diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll index 4e91c1f18a2f..84c428e6fefa 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll @@ -164,14 +164,14 @@ private predicate isXssSafeContentTypeExpr(Expr e) { private DataFlow::Node getABodyBuilderWithExplicitContentType(Expr contentType) { result.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ma.getCallee() .hasQualifiedName("org.springframework.http", "ResponseEntity$BodyBuilder", "contentType") and contentType = ma.getArgument(0) ) or result.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ma.getQualifier() = getABodyBuilderWithExplicitContentType(contentType).asExpr() and ma.getType() .(RefType) @@ -192,7 +192,7 @@ private DataFlow::Node getAVulnerableBodyBuilder() { private class SanitizedBodyCall extends XSS::XssSanitizer { SanitizedBodyCall() { this.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ma.getQualifier() = getASanitizedBodyBuilder().asExpr() and ma.getCallee().hasName("body") ).getArgument(0) @@ -210,7 +210,7 @@ private class SanitizedBodyCall extends XSS::XssSanitizer { private class ExplicitlyVulnerableBodyArgument extends XSS::XssSinkBarrier { ExplicitlyVulnerableBodyArgument() { this.asExpr() = - any(MethodAccess ma | + any(MethodCall ma | ma.getQualifier() = getAVulnerableBodyBuilder().asExpr() and ma.getCallee().hasName("body") ).getArgument(0) diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWeb.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWeb.qll index faa6b75853da..88db87e7e21e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWeb.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWeb.qll @@ -31,7 +31,7 @@ class ModelAndView extends Class { } /** A call to the Spring `ModelAndView.setViewName` method. */ -class SpringModelAndViewSetViewNameCall extends MethodAccess { +class SpringModelAndViewSetViewNameCall extends MethodCall { SpringModelAndViewSetViewNameCall() { this.getMethod().getDeclaringType() instanceof ModelAndView and this.getMethod().hasName("setViewName") diff --git a/java/ql/lib/semmle/code/java/os/OSCheck.qll b/java/ql/lib/semmle/code/java/os/OSCheck.qll index eade97a6e53b..19dd15b0b894 100644 --- a/java/ql/lib/semmle/code/java/os/OSCheck.qll +++ b/java/ql/lib/semmle/code/java/os/OSCheck.qll @@ -40,7 +40,7 @@ abstract class IsSpecificUnixVariant extends Guard { } /** * Holds when `ma` compares the current OS against the string constant `osString`. */ -private predicate isOsFromSystemProp(MethodAccess ma, string osString) { +private predicate isOsFromSystemProp(MethodCall ma, string osString) { TaintTracking::localExprTaint(getSystemProperty("os.name"), ma.getQualifier()) and // Call from System.getProperty (or equivalent) to some partial match method exists(StringPartialMatchMethod m, CompileTimeConstantExpr matchedStringConstant | m = ma.getMethod() and @@ -50,7 +50,7 @@ private predicate isOsFromSystemProp(MethodAccess ma, string osString) { ) } -private class IsWindowsFromSystemProp extends IsWindowsGuard instanceof MethodAccess { +private class IsWindowsFromSystemProp extends IsWindowsGuard instanceof MethodCall { IsWindowsFromSystemProp() { isOsFromSystemProp(this, any(string s | s.regexpMatch("windows?"))) } } @@ -97,7 +97,7 @@ private class IsUnixFromFileSeparator extends IsUnixGuard { } } -private class IsUnixFromSystemProp extends IsSpecificUnixVariant instanceof MethodAccess { +private class IsUnixFromSystemProp extends IsSpecificUnixVariant instanceof MethodCall { IsUnixFromSystemProp() { isOsFromSystemProp(this, any(string s | s.regexpMatch(["mac.*", "linux.*"]))) } @@ -144,7 +144,7 @@ private class IsSpecificUnixVariantFromApacheCommons extends IsSpecificUnixVaria * ([source](https://en.wikipedia.org/wiki/POSIX#POSIX-oriented_operating_systems)). * Looks for calls to `contains("posix")` on the `supportedFileAttributeViews()` method returned by `FileSystem`. */ -private class IsUnixFromPosixFromFileSystem extends IsUnixGuard instanceof MethodAccess { +private class IsUnixFromPosixFromFileSystem extends IsUnixGuard instanceof MethodCall { IsUnixFromPosixFromFileSystem() { exists(Method m | m = this.getMethod() | m.getDeclaringType() @@ -158,9 +158,8 @@ private class IsUnixFromPosixFromFileSystem extends IsUnixGuard instanceof Metho supportedFileAttributeViewsMethod.hasName("supportedFileAttributeViews") and supportedFileAttributeViewsMethod.getDeclaringType() instanceof TypeFileSystem | - DataFlow::localExprFlow(any(MethodAccess ma | - ma.getMethod() = supportedFileAttributeViewsMethod - ), super.getQualifier()) + DataFlow::localExprFlow(any(MethodCall ma | ma.getMethod() = supportedFileAttributeViewsMethod), + super.getQualifier()) ) } } diff --git a/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll b/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll index a2db234bd36e..2af0a4e63c56 100644 --- a/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll +++ b/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll @@ -54,14 +54,14 @@ private class RegexFlowSink extends DataFlow::Node { /** Gets the string expression that a regex that flows here is matched against, if any. */ Expr getStringArgument() { - exists(MethodAccess ma | + exists(MethodCall ma | this.asExpr() = argOf(ma, _) and result = argOf(ma, strArg) ) } } -private Expr argOf(MethodAccess ma, int arg) { +private Expr argOf(MethodCall ma, int arg) { arg = -1 and result = ma.getQualifier() or result = ma.getArgument(arg) @@ -83,7 +83,7 @@ class RegexAdditionalFlowStep extends Unit { // TODO: This may be able to be done with models-as-data if query-specific flow steps beome supported. private class JdkRegexFlowStep extends RegexAdditionalFlowStep { override predicate step(DataFlow::Node node1, DataFlow::Node node2) { - exists(MethodAccess ma, Method m, string package, string type, string name, int arg | + exists(MethodCall ma, Method m, string package, string type, string name, int arg | ma.getMethod().getSourceDeclaration().overrides*(m) and m.hasQualifiedName(package, type, name) and node1.asExpr() = argOf(ma, arg) and @@ -109,7 +109,7 @@ private class JdkRegexFlowStep extends RegexAdditionalFlowStep { private class GuavaRegexFlowStep extends RegexAdditionalFlowStep { override predicate step(DataFlow::Node node1, DataFlow::Node node2) { - exists(MethodAccess ma, Method m, string package, string type, string name, int arg | + exists(MethodCall ma, Method m, string package, string type, string name, int arg | ma.getMethod().getSourceDeclaration().overrides*(m) and m.hasQualifiedName(package, type, name) and node1.asExpr() = argOf(ma, arg) and diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll index 86779a4a9116..4c42e5a39032 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll @@ -40,7 +40,7 @@ private predicate trustedDomainViaXml(string domainName) { /** Holds if the given domain name is trusted by an OkHttp `CertificatePinner`. */ private predicate trustedDomainViaOkHttp(string domainName) { - exists(CompileTimeConstantExpr domainExpr, MethodAccess certPinnerAdd | + exists(CompileTimeConstantExpr domainExpr, MethodCall certPinnerAdd | domainExpr.getStringValue().replaceAll("*.", "") = domainName and // strip wildcard patterns like *.example.com certPinnerAdd.getMethod().hasQualifiedName("okhttp3", "CertificatePinner$Builder", "add") and DataFlow::localExprFlow(domainExpr, certPinnerAdd.getArgument(0)) @@ -59,8 +59,8 @@ predicate trustedDomain(string domainName) { * that uses a socket factory derived from a `TrustManager`. * `default` is true if the default SSL socket factory for all URLs is being set. */ -private predicate trustedSocketFactory(MethodAccess setSocketFactory, boolean default) { - exists(MethodAccess getSocketFactory, MethodAccess initSslContext | +private predicate trustedSocketFactory(MethodCall setSocketFactory, boolean default) { + exists(MethodCall getSocketFactory, MethodCall initSslContext | exists(Method m | setSocketFactory.getMethod() = m | default = true and m instanceof SetDefaultConnectionFactoryMethod or @@ -80,17 +80,17 @@ private predicate trustedSocketFactory(MethodAccess setSocketFactory, boolean de * that is trusted due to its SSL socket factory being set. */ private predicate trustedUrlConnection(Expr url) { - exists(MethodAccess openCon | + exists(MethodCall openCon | openCon.getMethod().getASourceOverriddenMethod*() instanceof UrlOpenConnectionMethod and url = openCon.getQualifier() and - exists(MethodAccess setSocketFactory | + exists(MethodCall setSocketFactory | trustedSocketFactory(setSocketFactory, false) and TaintTracking::localExprTaint(openCon, setSocketFactory.getQualifier()) ) ) or trustedSocketFactory(_, true) and - exists(MethodAccess open, Method m | + exists(MethodCall open, Method m | m instanceof UrlOpenConnectionMethod or m instanceof UrlOpenStreamMethod | open.getMethod().getASourceOverriddenMethod*() = m and diff --git a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll index ef5f84001f00..56c45611b142 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll @@ -41,14 +41,14 @@ private class DefaultIntentRedirectionSink extends IntentRedirectionSink { private class DefaultIntentRedirectionSanitizer extends IntentRedirectionSanitizer { DefaultIntentRedirectionSanitizer() { this.getType() instanceof TypeIntent and - exists(MethodAccess ma, Method m, Guard g, boolean branch | + exists(MethodCall ma, Method m, Guard g, boolean branch | ma.getMethod() = m and m.getDeclaringType() instanceof TypeComponentName and m.hasName("getPackageName") and g.isEquality(ma, _, branch) and g.controls(this.asExpr().getBasicBlock(), branch) ) and - exists(MethodAccess ma, Method m, Guard g, boolean branch | + exists(MethodCall ma, Method m, Guard g, boolean branch | ma.getMethod() = m and m.getDeclaringType() instanceof TypeComponentName and m.hasName("getClassName") and diff --git a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll index ed47b6df8c95..f049995b15ca 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll @@ -103,7 +103,7 @@ private module TaintedIntentComponentConfig implements DataFlow::ConfigSig { private module TaintedIntentComponentFlow = TaintTracking::Global; /** A call to a method that changes the component of an `Intent`. */ -private class IntentSetComponent extends MethodAccess { +private class IntentSetComponent extends MethodCall { int sinkArg; IntentSetComponent() { diff --git a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll index e8d5a6d42d11..53adc7132c5e 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll @@ -20,7 +20,7 @@ private class SensitiveInfoExpr extends Expr { } private predicate maybeNullArg(Expr ex) { - exists(DataFlow::Node src, DataFlow::Node sink, MethodAccess ma | + exists(DataFlow::Node src, DataFlow::Node sink, MethodCall ma | ex = ma.getAnArgument() and sink.asExpr() = ex and src.asExpr() instanceof NullLiteral @@ -30,7 +30,7 @@ private predicate maybeNullArg(Expr ex) { } private predicate maybeEmptyArrayArg(Expr ex) { - exists(DataFlow::Node src, DataFlow::Node sink, MethodAccess ma | + exists(DataFlow::Node src, DataFlow::Node sink, MethodCall ma | ex = ma.getAnArgument() and sink.asExpr() = ex and src.asExpr().(ArrayCreationExpr).getFirstDimensionSize() = 0 @@ -43,7 +43,7 @@ private predicate maybeEmptyArrayArg(Expr ex) { * Holds if a `sendBroadcast` call doesn't specify receiver permission. */ private predicate isSensitiveBroadcastSink(DataFlow::Node sendBroadcastCallArg) { - exists(MethodAccess ma, string name | ma.getMethod().hasName(name) | + exists(MethodCall ma, string name | ma.getMethod().hasName(name) | ma.getMethod().getDeclaringType().getASourceSupertype*() instanceof TypeContext and sendBroadcastCallArg.asExpr() = ma.getAnArgument() and ( @@ -105,7 +105,7 @@ private predicate isSensitiveBroadcastSink(DataFlow::Node sendBroadcastCallArg) * Holds if `arg` is an argument in a use of a `startActivity` or `startService` method that sends an Intent to another application. */ private predicate isStartActivityOrServiceSink(DataFlow::Node arg) { - exists(MethodAccess ma, string name | ma.getMethod().hasName(name) | + exists(MethodCall ma, string name | ma.getMethod().hasName(name) | arg.asExpr() = ma.getArgument(0) and ma.getMethod().getDeclaringType().getASourceSupertype*() instanceof TypeContext and // startActivity(Intent intent) diff --git a/java/ql/lib/semmle/code/java/security/AndroidWebViewCertificateValidationQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidWebViewCertificateValidationQuery.qll index 3d47f77a2bbb..8e6a9c30141f 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidWebViewCertificateValidationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidWebViewCertificateValidationQuery.qll @@ -15,7 +15,7 @@ class OnReceivedSslErrorMethod extends Method { } /** A call to `SslErrorHandler.proceed` */ -private class SslProceedCall extends MethodAccess { +private class SslProceedCall extends MethodCall { SslProceedCall() { this.getMethod().hasQualifiedName("android.webkit", "SslErrorHandler", "proceed") } diff --git a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll index d91910b546cb..3aa59286fcd0 100644 --- a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll +++ b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll @@ -50,7 +50,7 @@ class SetDataMethod extends Method { /** A dataflow sink for the URI of an intent. */ class SetDataSink extends DataFlow::ExprNode { SetDataSink() { - exists(MethodAccess ma | + exists(MethodCall ma | this.getExpr() = ma.getQualifier() and ma.getMethod() instanceof SetDataMethod ) @@ -72,7 +72,7 @@ class UriConstructorMethod extends Method { class ExternalApkSource extends DataFlow::Node { ExternalApkSource() { sourceNode(this, "android-external-storage-dir") or - this.asExpr().(MethodAccess).getMethod() instanceof UriConstructorMethod or + this.asExpr().(MethodCall).getMethod() instanceof UriConstructorMethod or this.asExpr().(StringLiteral).getValue().matches("file://%") or this instanceof ThreatModelFlowSource } diff --git a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll index fa3dbdb44746..be8eea879c50 100644 --- a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll @@ -13,7 +13,7 @@ module ApkInstallationConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { node instanceof ExternalApkSource } predicate isSink(DataFlow::Node node) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof SetDataMethod and ma.getArgument(0) = node.asExpr() and ( @@ -57,7 +57,7 @@ private module InstallPackageActionConfig implements DataFlow::StateConfigSig { node2.asExpr() = cc ) or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof SetActionMethod and node1.asExpr() = ma.getArgument(0) and node2.asExpr() = ma.getQualifier() @@ -95,7 +95,7 @@ private module PackageArchiveMimeTypeConfig implements DataFlow::StateConfigSig ) { state1 instanceof MimeTypeUnset and state2 instanceof HasPackageArchiveMimeType and - exists(MethodAccess ma | + exists(MethodCall ma | ma.getQualifier() = node2.asExpr() and ( ma.getMethod() instanceof SetTypeMethod and diff --git a/java/ql/lib/semmle/code/java/security/ArithmeticCommon.qll b/java/ql/lib/semmle/code/java/security/ArithmeticCommon.qll index ab0f7afd2aa4..785dce3da7ed 100644 --- a/java/ql/lib/semmle/code/java/security/ArithmeticCommon.qll +++ b/java/ql/lib/semmle/code/java/security/ArithmeticCommon.qll @@ -35,7 +35,7 @@ private Guard sizeGuard(SsaVariable v, boolean branch, boolean upper) { branch = false and upper = true ) or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof MethodAbs and ma.getArgument(0) = ssaRead(v, 0) and ( @@ -47,7 +47,7 @@ private Guard sizeGuard(SsaVariable v, boolean branch, boolean upper) { ) or // overflow test - exists(AddExpr add, RValue use, Expr pos | + exists(AddExpr add, VarRead use, Expr pos | use = ssaRead(v, 0) and add.hasOperands(use, pos) and positive(use) and @@ -67,7 +67,7 @@ private Guard sizeGuard(SsaVariable v, boolean branch, boolean upper) { result.isEquality(ssaRead(v, 0), _, branch) and (upper = true or upper = false) or - exists(MethodAccess call, Method m, int ix | + exists(MethodCall call, Method m, int ix | call = result and call.getArgument(ix) = ssaRead(v, 0) and call.getMethod().getSourceDeclaration() = m and @@ -112,7 +112,7 @@ predicate guardedLessThanSomething(Expr e) { or negative(e) or - e.(MethodAccess).getMethod() instanceof MethodMathMin + e.(MethodCall).getMethod() instanceof MethodMathMin } /** @@ -127,7 +127,7 @@ predicate guardedGreaterThanSomething(Expr e) { or positive(e) or - e.(MethodAccess).getMethod() instanceof MethodMathMax + e.(MethodCall).getMethod() instanceof MethodMathMax } /** Holds if `e` occurs in a context where it will be upcast to a wider type. */ diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll index d995d11ce5bd..b42389a1df6e 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll @@ -12,9 +12,9 @@ private class LocalDatabaseCleartextStorageSink extends CleartextStorageSink { } /** The creation of an object that can be used to store data in a local database. */ -class LocalDatabaseOpenMethodAccess extends Storable, Call { - LocalDatabaseOpenMethodAccess() { - exists(Method m | this.(MethodAccess).getMethod() = m | +class LocalDatabaseOpenMethodCall extends Storable, Call { + LocalDatabaseOpenMethodCall() { + exists(Method m | this.(MethodCall).getMethod() = m | m.getDeclaringType().getASupertype*() instanceof TypeSQLiteOpenHelper and m.hasName("getWritableDatabase") or @@ -43,6 +43,9 @@ class LocalDatabaseOpenMethodAccess extends Storable, Call { } } +/** DEPRECATED: Alias for `LocalDatabaseOpenMethodCall`. */ +deprecated class LocalDatabaseOpenMethodAccess = LocalDatabaseOpenMethodCall; + /** A method that is both a database input and a database store. */ private class LocalDatabaseInputStoreMethod extends Method { LocalDatabaseInputStoreMethod() { @@ -77,7 +80,7 @@ private predicate localDatabaseInput(DataFlow::Node database, Argument input) { * either through the use of prepared statements, via the `ContentValues` class, or * directly executing a raw SQL query. */ -private predicate localDatabaseStore(DataFlow::Node database, MethodAccess store) { +private predicate localDatabaseStore(DataFlow::Node database, MethodCall store) { exists(Method m | store.getMethod() = m | m instanceof LocalDatabaseInputStoreMethod and database.asExpr() = store.getQualifier() @@ -95,7 +98,7 @@ private predicate localDatabaseStore(DataFlow::Node database, MethodAccess store private module LocalDatabaseFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source.asExpr() instanceof LocalDatabaseOpenMethodAccess + source.asExpr() instanceof LocalDatabaseOpenMethodCall } predicate isSink(DataFlow::Node sink) { diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageClassQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageClassQuery.qll index 41e5c0608164..65e7aeb256bb 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageClassQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageClassQuery.qll @@ -88,7 +88,7 @@ private module ClassStoreFlowConfig implements DataFlow::ConfigSig { private module ClassStoreFlow = DataFlow::Global; private predicate serializableStore(DataFlow::Node instance, Expr store) { - exists(MethodAccess m | + exists(MethodCall m | store = m and m.getMethod() instanceof WriteObjectMethod and instance.asExpr() = m.getArgument(0) @@ -96,7 +96,7 @@ private predicate serializableStore(DataFlow::Node instance, Expr store) { } private predicate marshallableStore(DataFlow::Node instance, Expr store) { - exists(MethodAccess m | + exists(MethodCall m | store = m and m.getMethod() instanceof JaxbMarshalMethod and instance.asExpr() = m.getArgument(0) diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll index 59c098281f12..3e327c6dc5fe 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll @@ -28,7 +28,7 @@ class Cookie extends Storable, ClassInstanceExpr { } private predicate cookieStore(DataFlow::Node cookie, Expr store) { - exists(MethodAccess m, Method def | + exists(MethodCall m, Method def | m.getMethod() = def and def.getName() = "addCookie" and def.getDeclaringType().hasQualifiedName("javax.servlet.http", "HttpServletResponse") and diff --git a/java/ql/lib/semmle/code/java/security/CleartextStoragePropertiesQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStoragePropertiesQuery.qll index f262104078e1..d0531f4b1c27 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStoragePropertiesQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStoragePropertiesQuery.qll @@ -7,7 +7,7 @@ import semmle.code.java.security.CleartextStorageQuery private class PropertiesCleartextStorageSink extends CleartextStorageSink { PropertiesCleartextStorageSink() { - exists(MethodAccess m | + exists(MethodCall m | m.getMethod() instanceof PropertiesSetPropertyMethod and this.asExpr() = m.getArgument(1) ) } @@ -35,7 +35,7 @@ class Properties extends Storable, ClassInstanceExpr { } private predicate propertiesInput(DataFlow::Node prop, Expr input) { - exists(MethodAccess m | + exists(MethodCall m | m.getMethod() instanceof PropertiesSetPropertyMethod and input = m.getArgument(1) and prop.asExpr() = m.getQualifier() @@ -43,7 +43,7 @@ private predicate propertiesInput(DataFlow::Node prop, Expr input) { } private predicate propertiesStore(DataFlow::Node prop, Expr store) { - exists(MethodAccess m | + exists(MethodCall m | m.getMethod() instanceof PropertiesStoreMethod and store = m and prop.asExpr() = m.getQualifier() diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll index 0fdf69eb8a3c..e68398c098e9 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll @@ -65,15 +65,15 @@ private class DefaultCleartextStorageSanitizer extends CleartextStorageSanitizer * encryption (reversible and non-reversible) from both JDK and third parties, this class simply * checks method name to take a best guess to reduce false positives. */ -private class EncryptedSensitiveMethodAccess extends MethodAccess { - EncryptedSensitiveMethodAccess() { +private class EncryptedSensitiveMethodCall extends MethodCall { + EncryptedSensitiveMethodCall() { this.getMethod().getName().toLowerCase().matches(["%encrypt%", "%hash%", "%digest%"]) } } /** Flow configuration for encryption methods flowing to inputs of persistent storage. */ private module EncryptedValueFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src.asExpr() instanceof EncryptedSensitiveMethodAccess } + predicate isSource(DataFlow::Node src) { src.asExpr() instanceof EncryptedSensitiveMethodCall } predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof SensitiveExpr } } diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll index 07764a251f71..39e1ffa3c75d 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll @@ -7,7 +7,7 @@ import semmle.code.java.security.CleartextStorageQuery private class SharedPrefsCleartextStorageSink extends CleartextStorageSink { SharedPrefsCleartextStorageSink() { - exists(MethodAccess m | + exists(MethodCall m | m.getMethod() instanceof PutSharedPreferenceMethod and this.asExpr() = m.getArgument(1) ) @@ -18,10 +18,10 @@ private class SharedPrefsCleartextStorageSink extends CleartextStorageSink { * The call to get a `SharedPreferences.Editor` object, which can set shared preferences and be * stored to the device. */ -class SharedPreferencesEditorMethodAccess extends Storable, MethodAccess { - SharedPreferencesEditorMethodAccess() { +class SharedPreferencesEditorMethodCall extends Storable, MethodCall { + SharedPreferencesEditorMethodCall() { this.getMethod() instanceof GetSharedPreferencesEditorMethod and - not DataFlow::localExprFlow(any(MethodAccess ma | + not DataFlow::localExprFlow(any(MethodCall ma | ma.getMethod() instanceof CreateEncryptedSharedPreferencesMethod ), this.getQualifier()) } @@ -43,12 +43,15 @@ class SharedPreferencesEditorMethodAccess extends Storable, MethodAccess { } } +/** DEPRECATED: Alias for `SharedPreferencesEditorMethodCall`. */ +deprecated class SharedPreferencesEditorMethodAccess = SharedPreferencesEditorMethodCall; + /** * Holds if `input` is the second argument of a setter method * called on `editor`, which is an instance of `SharedPreferences$Editor`. */ private predicate sharedPreferencesInput(DataFlow::Node editor, Expr input) { - exists(MethodAccess m | + exists(MethodCall m | m.getMethod() instanceof PutSharedPreferenceMethod and input = m.getArgument(1) and editor.asExpr() = m.getQualifier().getUnderlyingExpr() @@ -59,7 +62,7 @@ private predicate sharedPreferencesInput(DataFlow::Node editor, Expr input) { * Holds if `m` is a store method called on `editor`, * which is an instance of `SharedPreferences$Editor`. */ -private predicate sharedPreferencesStore(DataFlow::Node editor, MethodAccess m) { +private predicate sharedPreferencesStore(DataFlow::Node editor, MethodCall m) { m.getMethod() instanceof StoreSharedPreferenceMethod and editor.asExpr() = m.getQualifier().getUnderlyingExpr() } @@ -67,7 +70,7 @@ private predicate sharedPreferencesStore(DataFlow::Node editor, MethodAccess m) /** Flow from `SharedPreferences.Editor` to either a setter or a store method. */ private module SharedPreferencesFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { - src.asExpr() instanceof SharedPreferencesEditorMethodAccess + src.asExpr() instanceof SharedPreferencesEditorMethodCall } predicate isSink(DataFlow::Node sink) { diff --git a/java/ql/lib/semmle/code/java/security/CommandArguments.qll b/java/ql/lib/semmle/code/java/security/CommandArguments.qll index 45bbe94dfc71..eb4f589ac7f7 100644 --- a/java/ql/lib/semmle/code/java/security/CommandArguments.qll +++ b/java/ql/lib/semmle/code/java/security/CommandArguments.qll @@ -68,13 +68,13 @@ private class CommandArgumentList extends SsaExplicitUpdate { } /** Gets a use of the variable for which the list could be empty. */ - private RValue getAUseBeforeFirstAdd() { + private VarRead getAUseBeforeFirstAdd() { result = this.getAFirstUse() or - exists(RValue mid | + exists(VarRead mid | mid = this.getAUseBeforeFirstAdd() and adjacentUseUse(mid, result) and - not exists(MethodAccess ma | + not exists(MethodCall ma | mid = ma.getQualifier() and ma.getMethod().hasName("add") ) @@ -84,26 +84,26 @@ private class CommandArgumentList extends SsaExplicitUpdate { /** * Gets an addition to this list, i.e. a call to an `add` or `addAll` method. */ - MethodAccess getAnAdd() { + MethodCall getAnAdd() { result.getQualifier() = this.getAUse() and result.getMethod().getName().matches("add%") } /** Gets an addition to this list which could be its first element. */ - MethodAccess getAFirstAdd() { + MethodCall getAFirstAdd() { result = this.getAnAdd() and result.getQualifier() = this.getAUseBeforeFirstAdd() } /** Gets an addition to this list which is not the first element. */ - MethodAccess getASubsequentAdd() { + MethodCall getASubsequentAdd() { result = this.getAnAdd() and not result = this.getAFirstAdd() } /** Holds if the first element of this list is a shell command. */ predicate isShell() { - exists(MethodAccess ma | ma = this.getAFirstAdd() and isShell(ma.getArgument(0))) + exists(MethodCall ma | ma = this.getAFirstAdd() and isShell(ma.getArgument(0))) } } @@ -114,7 +114,7 @@ private class ArrayOfStringType extends Array { ArrayOfStringType() { this.getElementType() instanceof TypeString } } -private predicate arrayLValue(ArrayAccess acc) { exists(Assignment a | a.getDest() = acc) } +private predicate arrayVarWrite(ArrayAccess acc) { exists(Assignment a | a.getDest() = acc) } /** * A variable that could be an array of arguments to a command. @@ -122,13 +122,13 @@ private predicate arrayLValue(ArrayAccess acc) { exists(Assignment a | a.getDest private class CommandArgumentArray extends SsaExplicitUpdate { CommandArgumentArray() { this.getSourceVariable().getType() instanceof ArrayOfStringType and - forall(ArrayAccess a | a.getArray() = this.getAUse() and arrayLValue(a) | + forall(ArrayAccess a | a.getArray() = this.getAUse() and arrayVarWrite(a) | a.getIndexExpr() instanceof CompileTimeConstantExpr ) } /** Gets an expression that is written to the given index of this array at the given use. */ - Expr getAWrite(int index, RValue use) { + Expr getAWrite(int index, VarRead use) { exists(Assignment a, ArrayAccess acc | acc.getArray() = use and use = this.getAUse() and @@ -148,7 +148,7 @@ private class CommandArgumentArray extends SsaExplicitUpdate { private class CommandArgArrayImmutableFirst extends CommandArgumentArray { CommandArgArrayImmutableFirst() { (exists(this.getAWrite(0)) or exists(firstElementOf(this.getDefiningExpr()))) and - forall(RValue use | exists(this.getAWrite(0, use)) | use = this.getAFirstUse()) + forall(VarRead use | exists(this.getAWrite(0, use)) | use = this.getAFirstUse()) } /** Gets the first element of this array. */ @@ -173,7 +173,7 @@ private Expr firstElementOf(Expr arr) { or exists(CommandArgArrayImmutableFirst caa | arr = caa.getAUse() | result = caa.getFirstElement()) or - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | arr = ma and ma.getMethod() = m and m.getDeclaringType().hasQualifiedName("java.util", "Arrays") and diff --git a/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll b/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll index 705e9527944e..63a931345120 100644 --- a/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll @@ -11,7 +11,7 @@ import semmle.code.java.controlflow.Guards /** * Holds if `ma` is controlled by the condition expression `e`. */ -predicate conditionControlsMethod(MethodAccess ma, Expr e) { +predicate conditionControlsMethod(MethodCall ma, Expr e) { exists(ConditionBlock cb, SensitiveExecutionMethod m, boolean cond | ma.getMethod() = m and cb.controls(ma.getBasicBlock(), cond) and @@ -28,7 +28,7 @@ predicate conditionControlsMethod(MethodAccess ma, Expr e) { * `endsWith` method of the `java.lang.String` class. */ private predicate endsWithStep(DataFlow::Node node1, DataFlow::Node node2) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().getDeclaringType() instanceof TypeString and ma.getMethod().getName() = "endsWith" and ma.getQualifier() = node1.asExpr() and diff --git a/java/ql/lib/semmle/code/java/security/ControlledString.qll b/java/ql/lib/semmle/code/java/security/ControlledString.qll index 4d808f3a0a2a..c760bf14e855 100644 --- a/java/ql/lib/semmle/code/java/security/ControlledString.qll +++ b/java/ql/lib/semmle/code/java/security/ControlledString.qll @@ -35,7 +35,7 @@ private predicate controlledStringProp(Expr src, Expr dest) { exists(Variable var | var.getAnAccess() = dest | src = var.getAnAssignedValue()) or // Propagation through method parameters. - exists(Parameter param, MethodAccess call, int i | + exists(Parameter param, MethodCall call, int i | src = call.getArgument(i) and param = call.getMethod().getParameter(i) and dest = param.getAnAccess() @@ -45,7 +45,7 @@ private predicate controlledStringProp(Expr src, Expr dest) { exists(AddExpr concatOp | concatOp = dest | src = concatOp.getAnOperand()) or // `toString()` on a safe string is safe. - exists(MethodAccess toStringCall | + exists(MethodCall toStringCall | src = toStringCall.getQualifier() and toStringCall.getMethod() instanceof ToStringMethod and dest = toStringCall @@ -83,7 +83,7 @@ predicate controlledString(Expr expr) { or expr.getType() instanceof BoxedType or - exists(Method method | method = expr.(MethodAccess).getMethod() | + exists(Method method | method = expr.(MethodCall).getMethod() | method instanceof ClassNameMethod or method instanceof ClassSimpleNameMethod or boxedToString(method) diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll index 28d1f8c1f499..3ed66bf4d28b 100644 --- a/java/ql/lib/semmle/code/java/security/Encryption.qll +++ b/java/ql/lib/semmle/code/java/security/Encryption.qll @@ -310,7 +310,7 @@ class JavaxCryptoCipher extends JavaxCryptoAlgoSpec { ) } - override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) } + override Expr getAlgoSpec() { result = this.(MethodCall).getArgument(0) } } class JavaxCryptoSecretKey extends JavaxCryptoAlgoSpec { @@ -335,7 +335,7 @@ class JavaxCryptoKeyGenerator extends JavaxCryptoAlgoSpec { ) } - override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) } + override Expr getAlgoSpec() { result = this.(MethodCall).getArgument(0) } } class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec { @@ -346,7 +346,7 @@ class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec { ) } - override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) } + override Expr getAlgoSpec() { result = this.(MethodCall).getArgument(0) } } class JavaxCryptoKeyFactory extends JavaxCryptoAlgoSpec { @@ -357,7 +357,7 @@ class JavaxCryptoKeyFactory extends JavaxCryptoAlgoSpec { ) } - override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) } + override Expr getAlgoSpec() { result = this.(MethodCall).getArgument(0) } } abstract class JavaSecurityAlgoSpec extends CryptoAlgoSpec { } @@ -396,7 +396,7 @@ class JavaSecurityKeyPairGenerator extends JavaSecurityAlgoSpec { ) } - override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) } + override Expr getAlgoSpec() { result = this.(MethodCall).getArgument(0) } } /** The Java class `java.security.AlgorithmParameterGenerator`. */ @@ -423,7 +423,7 @@ class JavaSecurityAlgoParamGenerator extends JavaSecurityAlgoSpec { ) } - override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) } + override Expr getAlgoSpec() { result = this.(MethodCall).getArgument(0) } } /** An implementation of the `java.security.spec.AlgorithmParameterSpec` interface. */ diff --git a/java/ql/lib/semmle/code/java/security/FileReadWrite.qll b/java/ql/lib/semmle/code/java/security/FileReadWrite.qll index dce63384b0c6..34d7ca1f2014 100644 --- a/java/ql/lib/semmle/code/java/security/FileReadWrite.qll +++ b/java/ql/lib/semmle/code/java/security/FileReadWrite.qll @@ -13,9 +13,7 @@ private predicate directFileRead(Expr fileAccess, Expr fileReadingExpr) { .hasQualifiedName("java.io", ["RandomAccessFile", "FileReader", "FileInputStream"]) ) or - exists(MethodAccess ma, Method filesMethod | - ma = fileReadingExpr and filesMethod = ma.getMethod() - | + exists(MethodCall ma, Method filesMethod | ma = fileReadingExpr and filesMethod = ma.getMethod() | ( // Identify all method calls on the `Files` class that imply that we are reading the file // represented by the first argument. diff --git a/java/ql/lib/semmle/code/java/security/FileWritable.qll b/java/ql/lib/semmle/code/java/security/FileWritable.qll index ace123db5bf9..bb5d952802d1 100644 --- a/java/ql/lib/semmle/code/java/security/FileWritable.qll +++ b/java/ql/lib/semmle/code/java/security/FileWritable.qll @@ -22,7 +22,7 @@ private EnumConstant getAContainedEnumConstant(Expr enumSetRef) { .hasQualifiedName("java.util", "Set") and ( // The set is defined inline using `EnumSet.of(...)`. - exists(MethodAccess enumSetOf | + exists(MethodCall enumSetOf | enumSetOf = enumSetRef and enumSetOf.getMethod().hasName("of") and enumSetOf @@ -41,7 +41,7 @@ private EnumConstant getAContainedEnumConstant(Expr enumSetRef) { result = getAContainedEnumConstant(enumSetAccess.getVariable().getAnAssignedValue()) or // ...or the value is added to the set. - exists(MethodAccess addToSet | + exists(MethodCall addToSet | addToSet.getQualifier() = enumSetAccess.getVariable().getAnAccess() | // Call to `add(..)` on the enum set variable. @@ -63,7 +63,7 @@ private VarAccess getFileForPathConversion(Expr pathExpr) { pathExpr.getType().(RefType).hasQualifiedName("java.nio.file", "Path") and ( // Look for conversion from `File` to `Path` using `file.toPath()`. - exists(MethodAccess fileToPath | + exists(MethodCall fileToPath | fileToPath = pathExpr and result = fileToPath.getQualifier() and fileToPath.getMethod().hasName("toPath") and @@ -71,7 +71,7 @@ private VarAccess getFileForPathConversion(Expr pathExpr) { ) or // Look for the pattern `Paths.get(file.get*Path())` for converting between a `File` and a `Path`. - exists(MethodAccess pathsGet, MethodAccess fileGetPath | + exists(MethodCall pathsGet, MethodCall fileGetPath | pathsGet = pathExpr and pathsGet.getMethod().hasName("get") and pathsGet.getMethod().getDeclaringType().hasQualifiedName("java.nio.file", "Paths") and @@ -90,7 +90,7 @@ private VarAccess getFileForPathConversion(Expr pathExpr) { */ private predicate fileSetWorldWritable(VarAccess fileAccess, Expr setWorldWritable) { // Calls to `File.setWritable(.., false)`. - exists(MethodAccess fileSetWritable | + exists(MethodCall fileSetWritable | // A call to the `setWritable` method. fileSetWritable.getMethod() instanceof SetWritable and // Where we may be setting `writable` to `true`. @@ -102,7 +102,7 @@ private predicate fileSetWorldWritable(VarAccess fileAccess, Expr setWorldWritab ) or // Calls to `Files.setPosixFilePermissions(...)`. - exists(MethodAccess setPosixPerms | + exists(MethodCall setPosixPerms | setPosixPerms = setWorldWritable and setPosixPerms.getMethod().hasName("setPosixFilePermissions") and setPosixPerms.getMethod().getDeclaringType().hasQualifiedName("java.nio.file", "Files") and diff --git a/java/ql/lib/semmle/code/java/security/FragmentInjection.qll b/java/ql/lib/semmle/code/java/security/FragmentInjection.qll index aa2a5f3dbfa3..a22fad4d85e7 100644 --- a/java/ql/lib/semmle/code/java/security/FragmentInjection.qll +++ b/java/ql/lib/semmle/code/java/security/FragmentInjection.qll @@ -50,7 +50,7 @@ private class DefaultFragmentInjectionSink extends FragmentInjectionSink { private class DefaultFragmentInjectionAdditionalTaintStep extends FragmentInjectionAdditionalTaintStep { override predicate step(DataFlow::Node n1, DataFlow::Node n2) { - exists(ReflectiveClassIdentifierMethodAccess ma | + exists(ReflectiveClassIdentifierMethodCall ma | ma.getArgument(0) = n1.asExpr() and ma = n2.asExpr() ) or @@ -59,7 +59,7 @@ private class DefaultFragmentInjectionAdditionalTaintStep extends FragmentInject ni = n2.asExpr() ) or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof FragmentInstantiateMethod and ma.getArgument(1) = n1.asExpr() and ma = n2.asExpr() diff --git a/java/ql/lib/semmle/code/java/security/GroovyInjection.qll b/java/ql/lib/semmle/code/java/security/GroovyInjection.qll index b4fe2fd5e841..ea688a26f6ec 100644 --- a/java/ql/lib/semmle/code/java/security/GroovyInjection.qll +++ b/java/ql/lib/semmle/code/java/security/GroovyInjection.qll @@ -51,7 +51,7 @@ private predicate groovyCodeSourceTaintStep(DataFlow::Node fromNode, DataFlow::N * a `CompilationUnit` instance by calling `compilationUnit.addSource(..., tainted)`. */ private predicate groovyCompilationUnitTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | ma.getMethod() = m and m.hasName("addSource") and m.getDeclaringType() instanceof TypeGroovyCompilationUnit @@ -84,7 +84,7 @@ private predicate groovySourceUnitTaintStep(DataFlow::Node fromNode, DataFlow::N toNode.asExpr() = cie ) or - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | ma.getMethod() = m and m.hasName("create") and m.getDeclaringType() instanceof TypeGroovySourceUnit diff --git a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll index 6080cd188b30..92d4f2a22aa1 100644 --- a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll +++ b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll @@ -24,7 +24,7 @@ deprecated class HardcodedCredentialApiCallConfiguration extends DataFlow::Confi override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { node1.asExpr().getType() instanceof TypeString and ( - exists(MethodAccess ma | ma.getMethod().hasName(["getBytes", "toCharArray"]) | + exists(MethodCall ma | ma.getMethod().hasName(["getBytes", "toCharArray"]) | node2.asExpr() = ma and ma.getQualifier() = node1.asExpr() ) @@ -32,7 +32,7 @@ deprecated class HardcodedCredentialApiCallConfiguration extends DataFlow::Confi // These base64 routines are usually taint propagators, and this is not a general // TaintTracking::Configuration, so we must specifically include them here // as a common transform applied to a constant before passing to a remote API. - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() .hasQualifiedName([ "java.util", "cn.hutool.core.codec", "org.apache.shiro.codec", @@ -51,7 +51,7 @@ deprecated class HardcodedCredentialApiCallConfiguration extends DataFlow::Confi } override predicate isBarrier(DataFlow::Node n) { - n.asExpr().(MethodAccess).getMethod() instanceof MethodSystemGetenv + n.asExpr().(MethodCall).getMethod() instanceof MethodSystemGetenv } } @@ -69,7 +69,7 @@ module HardcodedCredentialApiCallConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { node1.asExpr().getType() instanceof TypeString and ( - exists(MethodAccess ma | ma.getMethod().hasName(["getBytes", "toCharArray"]) | + exists(MethodCall ma | ma.getMethod().hasName(["getBytes", "toCharArray"]) | node2.asExpr() = ma and ma.getQualifier() = node1.asExpr() ) @@ -77,7 +77,7 @@ module HardcodedCredentialApiCallConfig implements DataFlow::ConfigSig { // These base64 routines are usually taint propagators, and this is not a general // TaintTracking::Configuration, so we must specifically include them here // as a common transform applied to a constant before passing to a remote API. - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() .hasQualifiedName([ "java.util", "cn.hutool.core.codec", "org.apache.shiro.codec", @@ -96,7 +96,7 @@ module HardcodedCredentialApiCallConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node n) { - n.asExpr().(MethodAccess).getMethod() instanceof MethodSystemGetenv + n.asExpr().(MethodCall).getMethod() instanceof MethodSystemGetenv } } diff --git a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsComparison.qll b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsComparison.qll index 3302fd7445a9..f76385ecb68a 100644 --- a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsComparison.qll +++ b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsComparison.qll @@ -8,16 +8,17 @@ import HardcodedCredentials /** * A call to a method that is or overrides `java.lang.Object.equals`. */ -class EqualsAccess extends MethodAccess { - EqualsAccess() { this.getMethod() instanceof EqualsMethod } +class EqualsCall extends MethodCall { + EqualsCall() { this.getMethod() instanceof EqualsMethod } } +/** DEPRECATED: Alias for `EqualsCall`. */ +deprecated class EqualsAccess = EqualsCall; + /** * Holds if `sink` compares password `p` against a hardcoded expression `source`. */ -predicate isHardcodedCredentialsComparison( - EqualsAccess sink, HardcodedExpr source, PasswordVariable p -) { +predicate isHardcodedCredentialsComparison(EqualsCall sink, HardcodedExpr source, PasswordVariable p) { source = sink.getQualifier() and p.getAnAccess() = sink.getArgument(0) or diff --git a/java/ql/lib/semmle/code/java/security/HttpsUrls.qll b/java/ql/lib/semmle/code/java/security/HttpsUrls.qll index 07435889fd9c..b56b8ba9c9f5 100644 --- a/java/ql/lib/semmle/code/java/security/HttpsUrls.qll +++ b/java/ql/lib/semmle/code/java/security/HttpsUrls.qll @@ -84,7 +84,7 @@ private predicate createUrlStep(DataFlow::Node node1, DataFlow::Node node2) { /** Method call of `HttpURLOpenMethod` */ private predicate urlOpenStep(DataFlow::Node node1, DataFlow::Node node2) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof UrlOpenConnectionMethod and node1.asExpr() = ma.getQualifier() and ma = node2.asExpr() diff --git a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll index 41985affc0e5..f26cef372511 100644 --- a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll +++ b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll @@ -57,7 +57,7 @@ private class SendPendingIntent extends ImplicitPendingIntentSink { // intent redirection sinks are method calls that start Android components sinkNode(this, "intent-redirection") and // implicit intents can't be started as services since API 21 - not exists(MethodAccess ma, Method m | + not exists(MethodCall ma, Method m | ma.getMethod() = m and m.getDeclaringType().getAnAncestor() instanceof TypeContext and m.getName().matches(["start%Service%", "bindService%"]) and diff --git a/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll b/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll index db59c5c5291c..bca045bc8e42 100644 --- a/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll @@ -20,7 +20,7 @@ private module VerifiedIntentConfig implements DataFlow::ConfigSig { } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasQualifiedName("android.content", "Intent", "getAction") and sink.asExpr() = ma.getQualifier() ) diff --git a/java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll b/java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll index 93722eb01e6f..df9b6bdf4a11 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll @@ -25,7 +25,7 @@ abstract class InsecureBasicAuthSink extends DataFlow::Node { } /** A default sink representing methods that set an Authorization header. */ private class DefaultInsecureBasicAuthSink extends InsecureBasicAuthSink { DefaultInsecureBasicAuthSink() { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasName("addHeader") or ma.getMethod().hasName("setHeader") or ma.getMethod().hasName("setRequestProperty") diff --git a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll index 4e2b85d56c2b..1ad0677ca615 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll @@ -19,7 +19,7 @@ private class ELMessageInterpolatorType extends RefType { /** * A method call that sets the application's default message interpolator. */ -class SetMessageInterpolatorCall extends MethodAccess { +class SetMessageInterpolatorCall extends MethodCall { SetMessageInterpolatorCall() { exists(Method m, RefType t | this.getMethod() = m and diff --git a/java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll index aacfa09e73f0..e8c3052acdfb 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll @@ -11,14 +11,14 @@ private predicate isSafeSecureCookieSetting(Expr e) { isSecure.hasName("isSecure") and isSecure.getDeclaringType().getASourceSupertype*() instanceof ServletRequest | - e.(MethodAccess).getMethod() = isSecure + e.(MethodCall).getMethod() = isSecure ) } /** A dataflow configuration to reason about the failure to use secure cookies. */ module SecureCookieConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - exists(MethodAccess ma, Method m | ma.getMethod() = m | + exists(MethodCall ma, Method m | ma.getMethod() = m | m.getDeclaringType() instanceof TypeCookie and m.getName() = "setSecure" and source.asExpr() = ma.getQualifier() and @@ -33,7 +33,7 @@ module SecureCookieConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink.asExpr() = - any(MethodAccess add | add.getMethod() instanceof ResponseAddCookieMethod).getArgument(0) + any(MethodCall add | add.getMethod() instanceof ResponseAddCookieMethod).getArgument(0) } } diff --git a/java/ql/lib/semmle/code/java/security/InsecureLdapAuth.qll b/java/ql/lib/semmle/code/java/security/InsecureLdapAuth.qll index 80007650c633..9a8cd91b1fcf 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureLdapAuth.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureLdapAuth.qll @@ -44,7 +44,7 @@ class InsecureLdapUrlSink extends DataFlow::Node { /** * Holds if `ma` sets `java.naming.security.authentication` (also known as `Context.SECURITY_AUTHENTICATION`) to `simple` in some `Hashtable`. */ -predicate isBasicAuthEnv(MethodAccess ma) { +predicate isBasicAuthEnv(MethodCall ma) { hasFieldValueEnv(ma, "java.naming.security.authentication", "simple") or hasFieldNameEnv(ma, "SECURITY_AUTHENTICATION", "simple") } @@ -52,7 +52,7 @@ predicate isBasicAuthEnv(MethodAccess ma) { /** * Holds if `ma` sets `java.naming.security.protocol` (also known as `Context.SECURITY_PROTOCOL`) to `ssl` in some `Hashtable`. */ -predicate isSslEnv(MethodAccess ma) { +predicate isSslEnv(MethodCall ma) { hasFieldValueEnv(ma, "java.naming.security.protocol", "ssl") or hasFieldNameEnv(ma, "SECURITY_PROTOCOL", "ssl") } @@ -60,7 +60,7 @@ predicate isSslEnv(MethodAccess ma) { /** * Holds if `ma` writes the `java.naming.provider.url` (also known as `Context.PROVIDER_URL`) key of a `Hashtable`. */ -predicate isProviderUrlSetter(MethodAccess ma) { +predicate isProviderUrlSetter(MethodCall ma) { ma.getMethod().getDeclaringType().getAnAncestor() instanceof TypeHashtable and ma.getMethod().hasName(["put", "setProperty"]) and ( @@ -103,7 +103,7 @@ private string getHostname(Expr expr) { * Holds if `ma` sets `fieldValue` to `envValue` in some `Hashtable`. */ bindingset[fieldValue, envValue] -private predicate hasFieldValueEnv(MethodAccess ma, string fieldValue, string envValue) { +private predicate hasFieldValueEnv(MethodCall ma, string fieldValue, string envValue) { // environment.put("java.naming.security.authentication", "simple") ma.getMethod().getDeclaringType().getAnAncestor() instanceof TypeHashtable and ma.getMethod().hasName(["put", "setProperty"]) and @@ -115,7 +115,7 @@ private predicate hasFieldValueEnv(MethodAccess ma, string fieldValue, string en * Holds if `ma` sets attribute name `fieldName` to `envValue` in some `Hashtable`. */ bindingset[fieldName, envValue] -private predicate hasFieldNameEnv(MethodAccess ma, string fieldName, string envValue) { +private predicate hasFieldNameEnv(MethodCall ma, string fieldName, string envValue) { // environment.put(Context.SECURITY_AUTHENTICATION, "simple") ma.getMethod().getDeclaringType().getAnAncestor() instanceof TypeHashtable and ma.getMethod().hasName(["put", "setProperty"]) and diff --git a/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll index 6fb53b769e49..498a9401071a 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll @@ -16,7 +16,7 @@ module InsecureLdapUrlConfig implements DataFlow::ConfigSig { /** Method call of `env.put()`. */ predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { - exists(MethodAccess ma | + exists(MethodCall ma | pred.asExpr() = ma.getArgument(1) and isProviderUrlSetter(ma) and succ.asExpr() = ma.getQualifier() @@ -31,7 +31,7 @@ module InsecureLdapUrlFlow = TaintTracking::Global; */ private module BasicAuthConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { - exists(MethodAccess ma | + exists(MethodCall ma | isBasicAuthEnv(ma) and ma.getQualifier() = src.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() ) @@ -47,7 +47,7 @@ module BasicAuthFlow = DataFlow::Global; */ private module RequiresSslConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { - exists(MethodAccess ma | + exists(MethodCall ma | isSslEnv(ma) and ma.getQualifier() = src.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() ) diff --git a/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll b/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll index ebc8615befb7..d82f088cf155 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll @@ -24,7 +24,7 @@ abstract class InsecureTrustManagerSink extends DataFlow::Node { private class DefaultInsecureTrustManagerSink extends InsecureTrustManagerSink { DefaultInsecureTrustManagerSink() { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | m.hasName("init") and m.getDeclaringType() instanceof SslContext and ma.getMethod() = m diff --git a/java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll b/java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll index b156b594a70e..949657df6540 100644 --- a/java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll +++ b/java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll @@ -144,7 +144,7 @@ private module Asymmetric { * A call to the `initialize` method declared in `java.security.KeyPairGenerator` * or to the `init` method declared in `java.security.AlgorithmParameterGenerator`. */ - private class KeyPairGenInit extends MethodAccess { + private class KeyPairGenInit extends MethodCall { KeyPairGenInit() { this.getMethod() instanceof KeyPairGeneratorInitMethod or this.getMethod() instanceof AlgoParamGeneratorInitMethod @@ -200,7 +200,7 @@ private module Symmetric { private int getMinKeySize() { result = minSecureKeySizeAes() } /** A call to the `init` method declared in `javax.crypto.KeyGenerator`. */ - private class KeyGenInit extends MethodAccess { + private class KeyGenInit extends MethodCall { KeyGenInit() { this.getMethod() instanceof KeyGeneratorInitMethod } /** Gets the `keysize` argument of this call. */ diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll index fc897dcc97d8..4309af8b3c80 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll @@ -38,7 +38,7 @@ class IntentUriPermissionManipulationAdditionalTaintStep extends Unit { private class DefaultIntentUriPermissionManipulationSink extends IntentUriPermissionManipulationSink { DefaultIntentUriPermissionManipulationSink() { - exists(MethodAccess ma | ma.getMethod() instanceof ActivitySetResultMethod | + exists(MethodCall ma | ma.getMethod() instanceof ActivitySetResultMethod | ma.getArgument(1) = this.asExpr() ) } @@ -54,7 +54,7 @@ private class DefaultIntentUriPermissionManipulationSink extends IntentUriPermis */ private class IntentFlagsOrDataChangedSanitizer extends IntentUriPermissionManipulationSanitizer { IntentFlagsOrDataChangedSanitizer() { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | ma.getMethod() = m and m.getDeclaringType() instanceof TypeIntent and this.asExpr() = ma.getQualifier() @@ -99,7 +99,7 @@ private class IntentFlagsOrDataCheckedSanitizer extends IntentUriPermissionManip * is equality-tested. */ private predicate intentFlagsOrDataChecked(Guard g, Expr intent, boolean branch) { - exists(MethodAccess ma, Method m, Expr checkedValue | + exists(MethodCall ma, Method m, Expr checkedValue | ma.getQualifier() = intent and ma.getMethod() = m and m.getDeclaringType() instanceof TypeIntent and @@ -109,9 +109,9 @@ private predicate intentFlagsOrDataChecked(Guard g, Expr intent, boolean branch) bitwiseCheck(g, branch) and checkedValue = g.(EqualityTest).getAnOperand().(AndBitwiseExpr) or - g.(MethodAccess).getMethod() instanceof EqualsMethod and + g.(MethodCall).getMethod() instanceof EqualsMethod and branch = true and - checkedValue = [g.(MethodAccess).getArgument(0), g.(MethodAccess).getQualifier()] + checkedValue = [g.(MethodCall).getArgument(0), g.(MethodCall).getQualifier()] ) } diff --git a/java/ql/lib/semmle/code/java/security/JWT.qll b/java/ql/lib/semmle/code/java/security/JWT.qll index 7056c7567f20..183495d85652 100644 --- a/java/ql/lib/semmle/code/java/security/JWT.qll +++ b/java/ql/lib/semmle/code/java/security/JWT.qll @@ -6,7 +6,7 @@ private import semmle.code.java.dataflow.DataFlow /** A method access that assigns signing keys to a JWT parser. */ class JwtParserWithInsecureParseSource extends DataFlow::Node { JwtParserWithInsecureParseSource() { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | m.getDeclaringType().getAnAncestor() instanceof TypeJwtParser or m.getDeclaringType().getAnAncestor() instanceof TypeJwtParserBuilder | @@ -25,7 +25,7 @@ class JwtParserWithInsecureParseSource extends DataFlow::Node { * where the `handler` is considered insecure. */ class JwtParserWithInsecureParseSink extends DataFlow::Node { - MethodAccess insecureParseMa; + MethodCall insecureParseMa; JwtParserWithInsecureParseSink() { insecureParseMa.getQualifier() = this.asExpr() and @@ -42,7 +42,10 @@ class JwtParserWithInsecureParseSink extends DataFlow::Node { } /** Gets the method access that does the insecure parsing. */ - MethodAccess getParseMethodAccess() { result = insecureParseMa } + MethodCall getParseMethodCall() { result = insecureParseMa } + + /** DEPRECATED: Alias for `getParseMethodCall`. */ + deprecated MethodCall getParseMethodAccess() { result = this.getParseMethodCall() } } /** @@ -63,7 +66,7 @@ private class DefaultJwtParserWithInsecureParseAdditionalFlowStep extends JwtPar } /** Models the builder style of `JwtParser` and `JwtParserBuilder`. */ -private predicate jwtParserStep(Expr parser, MethodAccess ma) { +private predicate jwtParserStep(Expr parser, MethodCall ma) { ( parser.getType().(RefType).getASourceSupertype*() instanceof TypeJwtParser or parser.getType().(RefType).getASourceSupertype*() instanceof TypeJwtParserBuilder diff --git a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll index 8f08eee44a45..6f3a7ad00afd 100644 --- a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll @@ -83,7 +83,7 @@ module JexlInjectionFlow = TaintTracking::Global; * by calling `tainted.createScript(jexlExpr)`. */ private predicate createJexlScriptStep(DataFlow::Node n1, DataFlow::Node n2) { - exists(MethodAccess ma, Method m | m = ma.getMethod() and n2.asExpr() = ma | + exists(MethodCall ma, Method m | m = ma.getMethod() and n2.asExpr() = ma | not isSafeEngine(ma.getQualifier()) and m instanceof CreateJexlScriptMethod and n1.asExpr() = ma.getArgument(0) and @@ -96,7 +96,7 @@ private predicate createJexlScriptStep(DataFlow::Node n1, DataFlow::Node n2) { * by calling `tainted.createExpression(jexlExpr)`. */ private predicate createJexlExpressionStep(DataFlow::Node n1, DataFlow::Node n2) { - exists(MethodAccess ma, Method m | m = ma.getMethod() and n2.asExpr() = ma | + exists(MethodCall ma, Method m | m = ma.getMethod() and n2.asExpr() = ma | not isSafeEngine(ma.getQualifier()) and m instanceof CreateJexlExpressionMethod and n1.asExpr() = ma.getAnArgument() and @@ -109,7 +109,7 @@ private predicate createJexlExpressionStep(DataFlow::Node n1, DataFlow::Node n2) * by calling `tainted.createTemplate(jexlExpr)`. */ private predicate createJexlTemplateStep(DataFlow::Node n1, DataFlow::Node n2) { - exists(MethodAccess ma, Method m, RefType taintType | + exists(MethodCall ma, Method m, RefType taintType | m = ma.getMethod() and n2.asExpr() = ma and taintType = n1.asExpr().getType() | not isSafeEngine(ma.getQualifier()) and @@ -131,7 +131,7 @@ private module SandboxedJexlFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { node instanceof SandboxedJexlSource } predicate isSink(DataFlow::Node node) { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | m instanceof CreateJexlScriptMethod or m instanceof CreateJexlExpressionMethod or m instanceof CreateJexlTemplateMethod @@ -152,7 +152,7 @@ private module SandboxedJexlFlow = DataFlow::Global; */ private class SandboxedJexlSource extends DataFlow::ExprNode { SandboxedJexlSource() { - exists(MethodAccess ma, Method m | m = ma.getMethod() | + exists(MethodCall ma, Method m | m = ma.getMethod() | m.getDeclaringType() instanceof JexlBuilder and m.hasName(["uberspect", "sandbox"]) and m.getReturnType() instanceof JexlBuilder and @@ -171,7 +171,7 @@ private class SandboxedJexlSource extends DataFlow::ExprNode { * Holds if `fromNode` to `toNode` is a dataflow step that creates one of the JEXL engines. */ private predicate createJexlEngineStep(DataFlow::Node fromNode, DataFlow::Node toNode) { - exists(MethodAccess ma, Method m | m = ma.getMethod() | + exists(MethodCall ma, Method m | m = ma.getMethod() | (m.getDeclaringType() instanceof JexlBuilder or m.getDeclaringType() instanceof JexlEngine) and m.hasName(["create", "createJxltEngine"]) and ma.getQualifier() = fromNode.asExpr() and diff --git a/java/ql/lib/semmle/code/java/security/JndiInjection.qll b/java/ql/lib/semmle/code/java/security/JndiInjection.qll index 6a05bbfdc2cd..d7282996057d 100644 --- a/java/ql/lib/semmle/code/java/security/JndiInjection.qll +++ b/java/ql/lib/semmle/code/java/security/JndiInjection.qll @@ -36,7 +36,7 @@ private class DefaultJndiInjectionSink extends JndiInjectionSink { */ private class ConditionedJndiInjectionSink extends JndiInjectionSink, DataFlow::ExprNode { ConditionedJndiInjectionSink() { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | ma.getMethod() = m and ma.getArgument(0) = this.asExpr() and m.getDeclaringType().getASourceSupertype*() instanceof TypeLdapOperations @@ -56,7 +56,7 @@ private class ConditionedJndiInjectionSink extends JndiInjectionSink, DataFlow:: */ private class ProviderUrlJndiInjectionSink extends JndiInjectionSink, DataFlow::ExprNode { ProviderUrlJndiInjectionSink() { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | ma.getMethod() = m and ma.getArgument(1) = this.getExpr() | @@ -105,7 +105,7 @@ private predicate nameStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2) { * `CompoundName` by calling `new CompositeName().add(tainted)` or `new CompoundName().add(tainted)`. */ private predicate nameAddStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2) { - exists(Method m, MethodAccess ma | + exists(Method m, MethodCall ma | ma.getMethod() = m and m.hasName("add") and ( @@ -134,7 +134,7 @@ private predicate jmxServiceUrlStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2 * `JMXConnector` by calling `JMXConnectorFactory.newJMXConnector(tainted)`. */ private predicate jmxConnectorStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2) { - exists(MethodAccess ma, Method m | n1.asExpr() = ma.getArgument(0) and n2.asExpr() = ma | + exists(MethodCall ma, Method m | n1.asExpr() = ma.getArgument(0) and n2.asExpr() = ma | ma.getMethod() = m and m.getDeclaringType() instanceof TypeJmxConnectorFactory and m.hasName("newJMXConnector") diff --git a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll index cf1520b3dd58..0f97261eb4f9 100644 --- a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll @@ -56,7 +56,7 @@ module JndiInjectionFlow = TaintTracking::Global; */ private class UnsafeSearchControlsSink extends JndiInjectionSink { UnsafeSearchControlsSink() { - exists(MethodAccess ma | UnsafeSearchControlsFlow::flowToExpr(ma.getAnArgument()) | + exists(MethodCall ma | UnsafeSearchControlsFlow::flowToExpr(ma.getAnArgument()) | this.asExpr() = ma.getArgument(0) ) } @@ -79,7 +79,7 @@ private module UnsafeSearchControlsFlow = DataFlow::Global { /** Gets a node that is safely guarded by a method that uses the given guard check. */ DataFlow::Node getAValidatedNode() { - exists(MethodAccess ma, int pos, RValue rv | + exists(MethodCall ma, int pos, VarRead rv | validationMethod(ma.getMethod(), pos) and ma.getArgument(pos) = rv and adjacentUseUseSameVar(rv, result.asExpr()) and @@ -47,7 +47,7 @@ private module ValidationMethod { * Holds if `g` is guard that compares a path to a trusted value. */ private predicate exactPathMatchGuard(Guard g, Expr e, boolean branch) { - exists(MethodAccess ma, RefType t | + exists(MethodCall ma, RefType t | t instanceof TypeString or t instanceof TypeUri or t instanceof TypePath or @@ -84,7 +84,7 @@ private predicate localTaintFlowToPathGuard(Expr e, PathGuard g) { TaintTracking::LocalTaintFlow::hasExprFlow(e, g.getCheckedExpr()) } -private class AllowedPrefixGuard extends PathGuard instanceof MethodAccess { +private class AllowedPrefixGuard extends PathGuard instanceof MethodCall { AllowedPrefixGuard() { (isStringPrefixMatch(this) or isPathPrefixMatch(this)) and not isDisallowedWord(super.getAnArgument()) @@ -151,7 +151,7 @@ private class DotDotCheckSanitizer extends PathInjectionSanitizer { } } -private class BlockListGuard extends PathGuard instanceof MethodAccess { +private class BlockListGuard extends PathGuard instanceof MethodCall { BlockListGuard() { (isStringPartialMatch(this) or isPathPrefixMatch(this)) and isDisallowedWord(super.getAnArgument()) @@ -203,7 +203,7 @@ private class ConstantOrRegex extends Expr { } } -private predicate isStringPrefixMatch(MethodAccess ma) { +private predicate isStringPrefixMatch(MethodCall ma) { exists(Method m, RefType t | m.getDeclaringType() = t and (t instanceof TypeString or t instanceof StringsKt) and @@ -222,7 +222,7 @@ private predicate isStringPrefixMatch(MethodAccess ma) { /** * Holds if `ma` is a call to a method that checks a partial string match. */ -private predicate isStringPartialMatch(MethodAccess ma) { +private predicate isStringPartialMatch(MethodCall ma) { isStringPrefixMatch(ma) or exists(RefType t | t = ma.getMethod().getDeclaringType() | @@ -235,7 +235,7 @@ private predicate isStringPartialMatch(MethodAccess ma) { /** * Holds if `ma` is a call to a method that checks whether a path starts with a prefix. */ -private predicate isPathPrefixMatch(MethodAccess ma) { +private predicate isPathPrefixMatch(MethodCall ma) { exists(RefType t | t = ma.getMethod().getDeclaringType() | t instanceof TypePath or t instanceof FilesKt ) and @@ -251,7 +251,7 @@ private class PathTraversalGuard extends PathGuard { Expr checkedExpr; PathTraversalGuard() { - exists(MethodAccess ma, Method m, RefType t | + exists(MethodCall ma, Method m, RefType t | m = ma.getMethod() and t = m.getDeclaringType() and (t instanceof TypeString or t instanceof StringsKt) and @@ -273,14 +273,14 @@ private class PathTraversalGuard extends PathGuard { override Expr getCheckedExpr() { result = checkedExpr } boolean getBranch() { - this instanceof MethodAccess and result = false + this instanceof MethodCall and result = false or result = this.(EqualityTest).polarity() } } /** A complementary sanitizer that protects against path traversal using path normalization. */ -private class PathNormalizeSanitizer extends MethodAccess { +private class PathNormalizeSanitizer extends MethodCall { PathNormalizeSanitizer() { exists(RefType t | this.getMethod().getDeclaringType() = t | (t instanceof TypePath or t instanceof FilesKt) and @@ -297,7 +297,7 @@ private class PathNormalizeSanitizer extends MethodAccess { * This is a helper predicate to solve discrepancies between * what `getQualifier` actually gets in Java and Kotlin. */ -private Expr getVisualQualifier(MethodAccess ma) { +private Expr getVisualQualifier(MethodCall ma) { if ma.getMethod() instanceof ExtensionMethod then result = ma.getArgument(ma.getMethod().(ExtensionMethod).getExtensionReceiverParameterIndex()) @@ -310,7 +310,7 @@ private Expr getVisualQualifier(MethodAccess ma) { * what `getArgument` actually gets in Java and Kotlin. */ bindingset[argPos] -private Argument getVisualArgument(MethodAccess ma, int argPos) { +private Argument getVisualArgument(MethodCall ma, int argPos) { if ma.getMethod() instanceof ExtensionMethod then result = diff --git a/java/ql/lib/semmle/code/java/security/QueryInjection.qll b/java/ql/lib/semmle/code/java/security/QueryInjection.qll index 217d80bf1704..aa92aa16a14c 100644 --- a/java/ql/lib/semmle/code/java/security/QueryInjection.qll +++ b/java/ql/lib/semmle/code/java/security/QueryInjection.qll @@ -32,7 +32,7 @@ private class SqlInjectionSink extends QueryInjectionSink { private class PersistenceQueryInjectionSink extends QueryInjectionSink { PersistenceQueryInjectionSink() { // the query (first) argument to a `createQuery` or `createNativeQuery` method on `EntityManager` - exists(MethodAccess call, TypeEntityManager em | call.getArgument(0) = this.asExpr() | + exists(MethodCall call, TypeEntityManager em | call.getArgument(0) = this.asExpr() | call.getMethod() = em.getACreateQueryMethod() or call.getMethod() = em.getACreateNativeQueryMethod() // note: `createNamedQuery` is safe, as it takes only the query name, @@ -44,7 +44,7 @@ private class PersistenceQueryInjectionSink extends QueryInjectionSink { /** A sink for MongoDB injection vulnerabilities. */ private class MongoDbInjectionSink extends QueryInjectionSink { MongoDbInjectionSink() { - exists(MethodAccess call | + exists(MethodCall call | call.getMethod().getDeclaringType().hasQualifiedName("com.mongodb", "BasicDBObject") and call.getMethod().hasName("parse") and this.asExpr() = call.getArgument(0) @@ -59,7 +59,7 @@ private class MongoDbInjectionSink extends QueryInjectionSink { private class MongoJsonStep extends AdditionalQueryInjectionTaintStep { override predicate step(DataFlow::Node node1, DataFlow::Node node2) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().getDeclaringType().hasQualifiedName("com.mongodb.util", "JSON") and ma.getMethod().hasName("parse") and ma.getArgument(0) = node1.asExpr() and diff --git a/java/ql/lib/semmle/code/java/security/RandomDataSource.qll b/java/ql/lib/semmle/code/java/security/RandomDataSource.qll index 29c980beb5f1..7d67032e3925 100644 --- a/java/ql/lib/semmle/code/java/security/RandomDataSource.qll +++ b/java/ql/lib/semmle/code/java/security/RandomDataSource.qll @@ -7,7 +7,7 @@ import java /** * A method access that returns random data or writes random data to an argument. */ -abstract class RandomDataSource extends MethodAccess { +abstract class RandomDataSource extends MethodCall { /** * Gets the integer lower bound, inclusive, of the values returned by this call, * if applicable to this method's type and a constant bound is known. diff --git a/java/ql/lib/semmle/code/java/security/RandomQuery.qll b/java/ql/lib/semmle/code/java/security/RandomQuery.qll index b14191f4dd46..6be76411ce94 100644 --- a/java/ql/lib/semmle/code/java/security/RandomQuery.qll +++ b/java/ql/lib/semmle/code/java/security/RandomQuery.qll @@ -20,10 +20,10 @@ class GetRandomData extends StdlibRandomSource { GetRandomData() { this.getQualifier().getType() instanceof SecureRandomNumberGenerator } } -private predicate isSeeded(RValue use) { +private predicate isSeeded(VarRead use) { isSeeding(_, use) or - exists(GetRandomData da, RValue seeduse | + exists(GetRandomData da, VarRead seeduse | da.getQualifier() = seeduse and useUsePair(seeduse, use) ) @@ -51,7 +51,7 @@ private predicate predictableCalcStep(Expr e1, Expr e2) { t.hasSubtype*(cc.getConstructedType()) ) or - exists(Method m, MethodAccess ma | + exists(Method m, MethodCall ma | ma = e2 and e1 = ma.getQualifier() and m = ma.getMethod() and @@ -63,7 +63,7 @@ private predicate predictableCalcStep(Expr e1, Expr e2) { ) ) or - exists(Method m, MethodAccess ma | + exists(Method m, MethodCall ma | ma = e2 and e1 = ma.getArgument(0) and m = ma.getMethod() and @@ -76,16 +76,16 @@ private predicate predictableCalcStep(Expr e1, Expr e2) { ) } -private predicate safelySeeded(RValue use) { +private predicate safelySeeded(VarRead use) { exists(Expr arg | isSeeding(arg, use) and not PredictableSeedFlow::flowToExpr(arg) ) or - exists(GetRandomData da, RValue seeduse | + exists(GetRandomData da, VarRead seeduse | da.getQualifier() = seeduse and useUsePair(seeduse, use) | - not exists(RValue prior | useUsePair(prior, seeduse) | isSeeded(prior)) + not exists(VarRead prior | useUsePair(prior, seeduse) | isSeeded(prior)) ) } @@ -93,12 +93,12 @@ private predicate safelySeeded(RValue use) { * Holds if predictable seed `source` is used to initialise a random-number generator * used at `use`. */ -predicate unsafelySeeded(RValue use, PredictableSeedExpr source) { +predicate unsafelySeeded(VarRead use, PredictableSeedExpr source) { isSeedingSource(_, use, source) and not safelySeeded(use) } -private predicate isSeeding(Expr arg, RValue use) { +private predicate isSeeding(Expr arg, VarRead use) { exists(Expr e, VariableAssign def | def.getSource() = e and isSeedingConstruction(e, arg) @@ -107,19 +107,19 @@ private predicate isSeeding(Expr arg, RValue use) { def.getDestVar().(Field).getAnAccess() = use ) or - exists(Expr e, RValue seeduse | - e.(MethodAccess).getQualifier() = seeduse and + exists(Expr e, VarRead seeduse | + e.(MethodCall).getQualifier() = seeduse and isRandomSeeding(e, arg) and useUsePair(seeduse, use) ) } -private predicate isSeedingSource(Expr arg, RValue use, Expr source) { +private predicate isSeedingSource(Expr arg, VarRead use, Expr source) { isSeeding(arg, use) and PredictableSeedFlow::flow(DataFlow::exprNode(source), DataFlow::exprNode(arg)) } -private predicate isRandomSeeding(MethodAccess m, Expr arg) { +private predicate isRandomSeeding(MethodCall m, Expr arg) { exists(Method def | m.getMethod() = def | def.getDeclaringType() instanceof SecureRandomNumberGenerator and def.getName() = "setSeed" and @@ -139,7 +139,7 @@ private predicate isSeedingConstruction(ClassInstanceExpr c, Expr arg) { */ class PredictableSeedExpr extends Expr { PredictableSeedExpr() { - this.(MethodAccess).getCallee() instanceof ReturnsPredictableExpr + this.(MethodCall).getCallee() instanceof ReturnsPredictableExpr or this instanceof CompileTimeConstantExpr or diff --git a/java/ql/lib/semmle/code/java/security/RequestForgery.qll b/java/ql/lib/semmle/code/java/security/RequestForgery.qll index 0eeea1c2afd4..a01f354953bc 100644 --- a/java/ql/lib/semmle/code/java/security/RequestForgery.qll +++ b/java/ql/lib/semmle/code/java/security/RequestForgery.qll @@ -37,7 +37,7 @@ private class DefaultRequestForgeryAdditionalTaintStep extends RequestForgeryAdd private class TypePropertiesRequestForgeryAdditionalTaintStep extends RequestForgeryAdditionalTaintStep { override predicate propagatesTaint(DataFlow::Node pred, DataFlow::Node succ) { - exists(MethodAccess ma | + exists(MethodCall ma | // Properties props = new Properties(); // props.setProperty("jdbcUrl", tainted); // Propagate tainted value to the qualifier `props` diff --git a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll index bfaac0d99191..a26245ae9cff 100644 --- a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll +++ b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll @@ -20,7 +20,7 @@ deprecated class RequestForgeryConfiguration extends TaintTracking::Configuratio // Exclude results of remote HTTP requests: fetching something else based on that result // is no worse than following a redirect returned by the remote server, and typically // we're requesting a resource via https which we trust to only send us to safe URLs. - not source.asExpr().(MethodAccess).getCallee() instanceof UrlConnectionGetInputStreamMethod + not source.asExpr().(MethodCall).getCallee() instanceof UrlConnectionGetInputStreamMethod } override predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgerySink } @@ -41,7 +41,7 @@ module RequestForgeryConfig implements DataFlow::ConfigSig { // Exclude results of remote HTTP requests: fetching something else based on that result // is no worse than following a redirect returned by the remote server, and typically // we're requesting a resource via https which we trust to only send us to safe URLs. - not source.asExpr().(MethodAccess).getCallee() instanceof UrlConnectionGetInputStreamMethod + not source.asExpr().(MethodCall).getCallee() instanceof UrlConnectionGetInputStreamMethod } predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgerySink } diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll b/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll index 2e2033443a5c..340f696db622 100644 --- a/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll +++ b/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll @@ -20,7 +20,7 @@ abstract class SafeHeaderSplittingSource extends DataFlow::Node instanceof Remot /** A default source that introduces data considered safe to use by a header splitting source. */ private class DefaultSafeHeaderSplittingSource extends SafeHeaderSplittingSource { DefaultSafeHeaderSplittingSource() { - this.asExpr().(MethodAccess).getMethod() instanceof HttpServletRequestGetHeaderMethod or - this.asExpr().(MethodAccess).getMethod() instanceof CookieGetNameMethod + this.asExpr().(MethodCall).getMethod() instanceof HttpServletRequestGetHeaderMethod or + this.asExpr().(MethodCall).getMethod() instanceof CookieGetNameMethod } } diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll index a39c213502a7..23816caa1f85 100644 --- a/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll @@ -17,7 +17,7 @@ module ResponseSplittingLocalConfig implements DataFlow::ConfigSig { or node.getType() instanceof BoxedType or - exists(MethodAccess ma, string methodName, CompileTimeConstantExpr target | + exists(MethodCall ma, string methodName, CompileTimeConstantExpr target | node.asExpr() = ma and ma.getMethod().hasQualifiedName("java.lang", "String", methodName) and target = ma.getArgument(0) and diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll b/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll index 5cc7422e787e..87613795b85c 100644 --- a/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll @@ -20,7 +20,7 @@ module ResponseSplittingConfig implements DataFlow::ConfigSig { or node.getType() instanceof BoxedType or - exists(MethodAccess ma, string methodName, CompileTimeConstantExpr target | + exists(MethodCall ma, string methodName, CompileTimeConstantExpr target | node.asExpr() = ma and ma.getMethod().hasQualifiedName("java.lang", "String", methodName) and target = ma.getArgument(0) and diff --git a/java/ql/lib/semmle/code/java/security/SecurityFlag.qll b/java/ql/lib/semmle/code/java/security/SecurityFlag.qll index e13912fe7c59..dab5d52bcb20 100644 --- a/java/ql/lib/semmle/code/java/security/SecurityFlag.qll +++ b/java/ql/lib/semmle/code/java/security/SecurityFlag.qll @@ -37,7 +37,7 @@ abstract class FlagKind extends string { or exists(StringLiteral s | s.getValue() = this.getAFlagName() | flag.asExpr() = s) or - exists(MethodAccess ma | ma.getMethod().getName() = this.getAFlagName() | + exists(MethodCall ma | ma.getMethod().getName() = this.getAFlagName() | flag.asExpr() = ma and ma.getType() instanceof FlagType ) @@ -83,11 +83,11 @@ private class FlagType extends Type { private predicate flagFlowStep(DataFlow::Node node1, DataFlow::Node node2) { DataFlow::localFlowStep(node1, node2) or - exists(MethodAccess ma | ma.getMethod() = any(EnvReadMethod m) | + exists(MethodCall ma | ma.getMethod() = any(EnvReadMethod m) | ma = node2.asExpr() and ma.getAnArgument() = node1.asExpr() ) or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasName("parseBoolean") and ma.getMethod().getDeclaringType().hasQualifiedName("java.lang", "Boolean") | diff --git a/java/ql/lib/semmle/code/java/security/SensitiveActions.qll b/java/ql/lib/semmle/code/java/security/SensitiveActions.qll index e6d00bf870b6..4ce531d556a4 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveActions.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveActions.qll @@ -39,8 +39,8 @@ string getCommonSensitiveInfoRegex() { abstract class SensitiveExpr extends Expr { } /** A method access that might produce sensitive data. */ -class SensitiveMethodAccess extends SensitiveExpr, MethodAccess { - SensitiveMethodAccess() { +class SensitiveMethodCall extends SensitiveExpr, MethodCall { + SensitiveMethodCall() { this.getMethod() instanceof SensitiveDataMethod or // This is particularly to pick up methods with an argument like "password", which @@ -52,6 +52,9 @@ class SensitiveMethodAccess extends SensitiveExpr, MethodAccess { } } +/** DEPRECATED: Alias for `SensitiveMethodCall`. */ +deprecated class SensitiveMethodAccess = SensitiveMethodCall; + /** Access to a variable that might contain sensitive data. */ class SensitiveVarAccess extends SensitiveExpr, VarAccess { SensitiveVarAccess() { diff --git a/java/ql/lib/semmle/code/java/security/SensitiveKeyboardCacheQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveKeyboardCacheQuery.qll index 2a41d2da08c2..498a746a30a6 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveKeyboardCacheQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveKeyboardCacheQuery.qll @@ -56,7 +56,7 @@ private class FindViewMethod extends Method { } /** Gets a use of the view that has the given id. */ -private MethodAccess getAUseOfViewWithId(string id) { +private MethodCall getAUseOfViewWithId(string id) { exists(string name, NestedClass r_id, Field id_field | id = "@+id/" + name and result.getMethod() instanceof FindViewMethod and @@ -71,7 +71,7 @@ private MethodAccess getAUseOfViewWithId(string id) { /** Gets the argument of a use of `setInputType` called on the view with the given id. */ private Argument setInputTypeForId(string id) { - exists(MethodAccess setInputType | + exists(MethodCall setInputType | setInputType.getMethod().hasQualifiedName("android.widget", "TextView", "setInputType") and DataFlow::localExprFlow(getAUseOfViewWithId(id), setInputType.getQualifier()) and result = setInputType.getArgument(0) diff --git a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll index 0f3526bfd7f9..63d6d88d83cb 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll @@ -5,7 +5,7 @@ import semmle.code.java.dataflow.TaintTracking import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.SensitiveActions -private class ResultReceiverSendCall extends MethodAccess { +private class ResultReceiverSendCall extends MethodCall { ResultReceiverSendCall() { this.getMethod() .getASourceOverriddenMethod*() diff --git a/java/ql/lib/semmle/code/java/security/SpelInjection.qll b/java/ql/lib/semmle/code/java/security/SpelInjection.qll index bed4d313ff6a..1aed2049afe4 100644 --- a/java/ql/lib/semmle/code/java/security/SpelInjection.qll +++ b/java/ql/lib/semmle/code/java/security/SpelInjection.qll @@ -33,7 +33,7 @@ private class DefaultSpelExpressionInjectionAdditionalTaintStep extends SpelExpr * by calling `parser.parseExpression(tainted)`. */ private predicate expressionParsingStep(DataFlow::Node node1, DataFlow::Node node2) { - exists(MethodAccess ma, Method m | ma.getMethod() = m | + exists(MethodCall ma, Method m | ma.getMethod() = m | m.getDeclaringType().getAnAncestor() instanceof ExpressionParser and m.hasName(["parseExpression", "parseRaw"]) and ma.getAnArgument() = node1.asExpr() and diff --git a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll index b1a17e0fdd66..cbd79c65d256 100644 --- a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll @@ -44,7 +44,7 @@ module SpelInjectionFlow = TaintTracking::Global; /** Default sink for SpEL injection vulnerabilities. */ private class DefaultSpelExpressionEvaluationSink extends SpelExpressionEvaluationSink { DefaultSpelExpressionEvaluationSink() { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof ExpressionEvaluationMethod and ma.getQualifier() = this.asExpr() and not SafeEvaluationContextFlow::flowToExpr(ma.getArgument(0)) @@ -59,7 +59,7 @@ private module SafeEvaluationContextFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof SafeContextSource } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof ExpressionEvaluationMethod and ma.getArgument(0) = sink.asExpr() ) @@ -95,7 +95,7 @@ private predicate isSimpleEvaluationContextConstructorCall(Expr expr) { * for instance, `SimpleEvaluationContext.forReadWriteDataBinding().build()`. */ private predicate isSimpleEvaluationContextBuilderCall(Expr expr) { - exists(MethodAccess ma, Method m | ma.getMethod() = m | + exists(MethodCall ma, Method m | ma.getMethod() = m | m.getDeclaringType() instanceof SimpleEvaluationContextBuilder and m.hasName("build") and ma = expr diff --git a/java/ql/lib/semmle/code/java/security/SpringCsrfProtection.qll b/java/ql/lib/semmle/code/java/security/SpringCsrfProtection.qll index bc25f167327f..cba95d4454d7 100644 --- a/java/ql/lib/semmle/code/java/security/SpringCsrfProtection.qll +++ b/java/ql/lib/semmle/code/java/security/SpringCsrfProtection.qll @@ -3,7 +3,7 @@ import java /** Holds if `call` disables CSRF protection in Spring. */ -predicate disablesSpringCsrfProtection(MethodAccess call) { +predicate disablesSpringCsrfProtection(MethodCall call) { call.getMethod().hasName("disable") and call.getReceiverType() .hasQualifiedName("org.springframework.security.config.annotation.web.configurers", diff --git a/java/ql/lib/semmle/code/java/security/SqlConcatenatedLib.qll b/java/ql/lib/semmle/code/java/security/SqlConcatenatedLib.qll index 21a3298cd383..5d3b1c803d22 100644 --- a/java/ql/lib/semmle/code/java/security/SqlConcatenatedLib.qll +++ b/java/ql/lib/semmle/code/java/security/SqlConcatenatedLib.qll @@ -29,13 +29,13 @@ predicate builtFromUncontrolledConcat(Expr expr, Expr uncontrolled) { */ predicate uncontrolledStringBuilderQuery(StringBuilderVar sbv, Expr uncontrolled) { // A single append that has a problematic concatenation. - exists(MethodAccess append | + exists(MethodCall append | append = sbv.getAnAppend() and builtFromUncontrolledConcat(append.getArgument(0), uncontrolled) ) or // Two calls to append, one ending in a quote, the next being uncontrolled. - exists(MethodAccess quoteAppend, MethodAccess uncontrolledAppend | + exists(MethodCall quoteAppend, MethodCall uncontrolledAppend | sbv.getAnAppend() = quoteAppend and endsInQuote(quoteAppend.getArgument(0)) and sbv.getNextAppend(quoteAppend) = uncontrolledAppend and diff --git a/java/ql/lib/semmle/code/java/security/StackTraceExposureQuery.qll b/java/ql/lib/semmle/code/java/security/StackTraceExposureQuery.qll index f478ac4815e9..dba9492d137b 100644 --- a/java/ql/lib/semmle/code/java/security/StackTraceExposureQuery.qll +++ b/java/ql/lib/semmle/code/java/security/StackTraceExposureQuery.qll @@ -22,7 +22,7 @@ private module ServletWriterSourceToPrintStackTraceMethodFlowConfig implements D predicate isSource(DataFlow::Node src) { src.asExpr() instanceof XssVulnerableWriterSource } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | + exists(MethodCall ma | sink.asExpr() = ma.getAnArgument() and ma.getMethod() instanceof PrintStackTraceMethod ) } @@ -35,7 +35,7 @@ private module ServletWriterSourceToPrintStackTraceMethodFlow = * A call that uses `Throwable.printStackTrace()` on a stream that is connected * to external output. */ -private predicate printsStackToWriter(MethodAccess call) { +private predicate printsStackToWriter(MethodCall call) { exists(PrintStackTraceMethod printStackTrace | call.getMethod() = printStackTrace and ServletWriterSourceToPrintStackTraceMethodFlow::flowToExpr(call.getAnArgument()) @@ -56,8 +56,8 @@ private predicate printWriterOnStringWriter(Expr printWriter, Variable stringWri ) } -private predicate stackTraceExpr(Expr exception, MethodAccess stackTraceString) { - exists(Expr printWriter, Variable stringWriterVar, MethodAccess printStackCall | +private predicate stackTraceExpr(Expr exception, MethodCall stackTraceString) { + exists(Expr printWriter, Variable stringWriterVar, MethodCall printStackCall | printWriterOnStringWriter(printWriter, stringWriterVar) and printStackCall.getMethod() instanceof PrintStackTraceMethod and printStackCall.getAnArgument() = printWriter and @@ -79,7 +79,7 @@ private module StackTraceStringToHttpResponseSinkFlow = /** * Holds if `call` writes the data of `stackTrace` to an external stream. */ -predicate printsStackExternally(MethodAccess call, Expr stackTrace) { +predicate printsStackExternally(MethodCall call, Expr stackTrace) { printsStackToWriter(call) and call.getQualifier() = stackTrace and not call.getQualifier() instanceof SuperAccess @@ -89,7 +89,7 @@ predicate printsStackExternally(MethodAccess call, Expr stackTrace) { * Holds if `stackTrace` is a stringified stack trace which flows to an external sink. */ predicate stringifiedStackFlowsExternally(DataFlow::Node externalExpr, Expr stackTrace) { - exists(MethodAccess stackTraceString | + exists(MethodCall stackTraceString | stackTraceExpr(stackTrace, stackTraceString) and StackTraceStringToHttpResponseSinkFlow::flow(DataFlow::exprNode(stackTraceString), externalExpr) ) @@ -97,7 +97,7 @@ predicate stringifiedStackFlowsExternally(DataFlow::Node externalExpr, Expr stac private class GetMessageFlowSource extends DataFlow::Node { GetMessageFlowSource() { - exists(Method method | this.asExpr().(MethodAccess).getMethod() = method | + exists(Method method | this.asExpr().(MethodCall).getMethod() = method | method.hasName("getMessage") and method.hasNoParameters() and method.getDeclaringType().hasQualifiedName("java.lang", "Throwable") diff --git a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll index 673cfc5d7b1c..ecdc1daaffcf 100644 --- a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll +++ b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll @@ -43,13 +43,13 @@ private class ArrayUpdate extends Expr { not assign.getSource() instanceof CompileTimeConstantExpr ) or - exists(StaticMethodAccess ma | + exists(StaticMethodCall ma | ma.getMethod().hasQualifiedName("java.lang", "System", "arraycopy") and ma = this and ma.getArgument(2) = array ) or - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | m = ma.getMethod() and ma = this and ma.getArgument(0) = array @@ -64,7 +64,7 @@ private class ArrayUpdate extends Expr { m.getAnOverride*().hasQualifiedName("org.bouncycastle.crypto", "Digest", "doFinal") ) or - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | m = ma.getMethod() and ma = this and ma.getArgument(1) = array diff --git a/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll index e403a8b60a7f..92aba6dfa04c 100644 --- a/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll @@ -28,8 +28,8 @@ abstract class PermissionsConstruction extends Top { abstract Expr getInput(); } -private class PermissionsCheckMethodAccess extends MethodAccess, PermissionsConstruction { - PermissionsCheckMethodAccess() { +private class PermissionsCheckMethodCall extends MethodCall, PermissionsConstruction { + PermissionsCheckMethodCall() { exists(Method m | m = this.getMethod() | m.getDeclaringType() instanceof TypeShiroSubject and m.getName() = "isPermitted" diff --git a/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll b/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll index d5cf900343b5..843db3b5934b 100644 --- a/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll @@ -37,7 +37,7 @@ abstract private class FileCreationSink extends DataFlow::Node { } */ private class FileFileCreationSink extends FileCreationSink { FileFileCreationSink() { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof MethodFileSystemFileCreation and ma.getQualifier() = this.asExpr() ) @@ -50,7 +50,7 @@ private class FileFileCreationSink extends FileCreationSink { */ private class FilesFileCreationSink extends FileCreationSink { FilesFileCreationSink() { - exists(FilesVulnerableCreationMethodAccess ma | ma.getArgument(0) = this.asExpr()) + exists(FilesVulnerableCreationMethodCall ma | ma.getArgument(0) = this.asExpr()) } } @@ -58,8 +58,8 @@ private class FilesFileCreationSink extends FileCreationSink { * A call to a `Files` method that create files/directories without explicitly * setting the newly-created file or directory's permissions. */ -private class FilesVulnerableCreationMethodAccess extends MethodAccess { - FilesVulnerableCreationMethodAccess() { +private class FilesVulnerableCreationMethodCall extends MethodCall { + FilesVulnerableCreationMethodCall() { exists(Method m | m = this.getMethod() and m.getDeclaringType().hasQualifiedName("java.nio.file", "Files") @@ -80,8 +80,8 @@ private class FilesVulnerableCreationMethodAccess extends MethodAccess { * We can safely assume that any calls to these methods with explicit `PosixFilePermissions.asFileAttribute` * contains a certain level of intentionality behind it. */ -private class FilesSanitizingCreationMethodAccess extends MethodAccess { - FilesSanitizingCreationMethodAccess() { +private class FilesSanitizingCreationMethodCall extends MethodCall { + FilesSanitizingCreationMethodCall() { exists(Method m | m = this.getMethod() and m.getDeclaringType().hasQualifiedName("java.nio.file", "Files") @@ -98,7 +98,7 @@ private class FilesSanitizingCreationMethodAccess extends MethodAccess { */ private class FileCreateTempFileSink extends FileCreationSink { FileCreateTempFileSink() { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof MethodFileCreateTempFile and ma.getArgument(2) = this.asExpr() ) } @@ -138,8 +138,8 @@ module TempDirSystemGetPropertyToCreateConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node sanitizer) { - exists(FilesSanitizingCreationMethodAccess sanitisingMethodAccess | - sanitizer.asExpr() = sanitisingMethodAccess.getArgument(0) + exists(FilesSanitizingCreationMethodCall sanitisingMethodCall | + sanitizer.asExpr() = sanitisingMethodCall.getArgument(0) ) or sanitizer instanceof WindowsOsSanitizer @@ -173,7 +173,7 @@ module TempDirSystemGetPropertyDirectlyToMkdirConfig implements DataFlow::Config } predicate isSink(DataFlow::Node node) { - exists(MethodAccess ma | ma.getMethod() instanceof MethodFileDirectoryCreation | + exists(MethodCall ma | ma.getMethod() instanceof MethodFileDirectoryCreation | ma.getQualifier() = node.asExpr() ) } @@ -200,9 +200,9 @@ module TempDirSystemGetPropertyDirectlyToMkdir = // Begin configuration for tracking single-method calls that are vulnerable. // /** - * A `MethodAccess` against a method that creates a temporary file or directory in a shared temporary directory. + * A `MethodCall` against a method that creates a temporary file or directory in a shared temporary directory. */ -abstract class MethodAccessInsecureFileCreation extends MethodAccess { +abstract class MethodCallInsecureFileCreation extends MethodCall { /** * Gets the type of entity created (e.g. `file`, `directory`, ...). */ @@ -214,11 +214,14 @@ abstract class MethodAccessInsecureFileCreation extends MethodAccess { DataFlow::Node getNode() { result.asExpr() = this } } +/** DEPRECATED: Alias for `MethodCallInsecureFileCreation`. */ +deprecated class MethodAccessInsecureFileCreation = MethodCallInsecureFileCreation; + /** * An insecure call to `java.io.File.createTempFile`. */ -class MethodAccessInsecureFileCreateTempFile extends MethodAccessInsecureFileCreation { - MethodAccessInsecureFileCreateTempFile() { +class MethodCallInsecureFileCreateTempFile extends MethodCallInsecureFileCreation { + MethodCallInsecureFileCreateTempFile() { this.getMethod() instanceof MethodFileCreateTempFile and ( // `File.createTempFile(string, string)` always uses the default temporary directory @@ -232,6 +235,9 @@ class MethodAccessInsecureFileCreateTempFile extends MethodAccessInsecureFileCre override string getFileSystemEntityType() { result = "file" } } +/** DEPRECATED: Alias for `MethodCallInsecureFileCreateTempFile`. */ +deprecated class MethodAccessInsecureFileCreateTempFile = MethodCallInsecureFileCreateTempFile; + /** * The `com.google.common.io.Files.createTempDir` method. */ @@ -245,10 +251,14 @@ class MethodGuavaFilesCreateTempFile extends Method { /** * A call to the `com.google.common.io.Files.createTempDir` method. */ -class MethodAccessInsecureGuavaFilesCreateTempFile extends MethodAccessInsecureFileCreation { - MethodAccessInsecureGuavaFilesCreateTempFile() { +class MethodCallInsecureGuavaFilesCreateTempFile extends MethodCallInsecureFileCreation { + MethodCallInsecureGuavaFilesCreateTempFile() { this.getMethod() instanceof MethodGuavaFilesCreateTempFile } override string getFileSystemEntityType() { result = "directory" } } + +/** DEPRECATED: Alias for `MethodCallInsecureGuavaFilesCreateTempFile`. */ +deprecated class MethodAccessInsecureGuavaFilesCreateTempFile = + MethodCallInsecureGuavaFilesCreateTempFile; diff --git a/java/ql/lib/semmle/code/java/security/TempDirUtils.qll b/java/ql/lib/semmle/code/java/security/TempDirUtils.qll index 5e015c9abecd..33b6c46b916c 100644 --- a/java/ql/lib/semmle/code/java/security/TempDirUtils.qll +++ b/java/ql/lib/semmle/code/java/security/TempDirUtils.qll @@ -38,8 +38,8 @@ predicate isFileConstructorArgument(Expr expSource, Expr exprDest, int paramCoun /** * A method call to `java.io.File::setReadable`. */ -private class FileSetRedableMethodAccess extends MethodAccess { - FileSetRedableMethodAccess() { +private class FileSetRedableMethodCall extends MethodCall { + FileSetRedableMethodCall() { exists(Method m | this.getMethod() = m | m.getDeclaringType() instanceof TypeFile and m.hasName("setReadable") @@ -67,7 +67,7 @@ private class FileSetRedableMethodAccess extends MethodAccess { * `setReadable(false, false)`, then `setRedabale(true, true)`. */ predicate isPermissionsProtectedTempDirUse(DataFlow::Node sink) { - exists(FileSetRedableMethodAccess setReadable1, FileSetRedableMethodAccess setReadable2 | + exists(FileSetRedableMethodCall setReadable1, FileSetRedableMethodCall setReadable2 | setReadable1.isCallWithArguments(false, false) and setReadable2.isCallWithArguments(true, true) | diff --git a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll index 69ea9f4bcaed..fecd7e593a65 100644 --- a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll @@ -33,7 +33,7 @@ abstract class TrustBoundaryValidationSanitizer extends DataFlow::Node { } private class EsapiValidatedInputSanitizer extends TrustBoundaryValidationSanitizer { EsapiValidatedInputSanitizer() { this = DataFlow::BarrierGuard::getABarrierNode() or - this.asExpr().(MethodAccess).getMethod() instanceof EsapiGetValidMethod + this.asExpr().(MethodCall).getMethod() instanceof EsapiGetValidMethod } } @@ -42,7 +42,7 @@ private class EsapiValidatedInputSanitizer extends TrustBoundaryValidationSaniti */ private predicate esapiIsValidData(Guard g, Expr e, boolean branch) { branch = true and - exists(MethodAccess ma | ma.getMethod() instanceof EsapiIsValidMethod | + exists(MethodCall ma | ma.getMethod() instanceof EsapiIsValidMethod | g = ma and e = ma.getArgument(1) ) diff --git a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll index 9a85a7714064..499475cff3ec 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll @@ -88,7 +88,7 @@ private predicate applyReceiverVariable(Parameter p, Variable v) { * with `urlArg` as its first argument. */ private predicate webViewLoadUrl(Argument urlArg, WebViewRef webview) { - exists(MethodAccess loadUrl | + exists(MethodCall loadUrl | loadUrl.getArgument(0) = urlArg and loadUrl.getMethod() instanceof WebViewLoadUrlMethod | @@ -98,7 +98,7 @@ private predicate webViewLoadUrl(Argument urlArg, WebViewRef webview) { or // `webview` is received as a parameter of an event method in a custom `WebViewClient`, // so we need to find `WebViews` that use that specific `WebViewClient`. - exists(WebViewClientEventMethod eventMethod, MethodAccess setWebClient | + exists(WebViewClientEventMethod eventMethod, MethodCall setWebClient | setWebClient.getMethod() instanceof WebViewSetWebViewClientMethod and setWebClient.getArgument(0).getType() = eventMethod.getDeclaringType() and loadUrl.getQualifier().getUnderlyingExpr() = eventMethod.getWebViewParameter().getAnAccess() @@ -114,7 +114,7 @@ private predicate webViewLoadUrl(Argument urlArg, WebViewRef webview) { * has been set to `true` via a `WebSettings` object obtained from it. */ private predicate isJSEnabled(WebViewRef webview) { - exists(MethodAccess allowJs, MethodAccess settings | + exists(MethodCall allowJs, MethodCall settings | allowJs.getMethod() instanceof AllowJavaScriptMethod and allowJs.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true and settings.getMethod() instanceof WebViewGetSettingsMethod and @@ -129,7 +129,7 @@ private predicate isJSEnabled(WebViewRef webview) { * obtained from it. */ private predicate isAllowFileAccessEnabled(WebViewRef webview) { - exists(MethodAccess allowFileAccess, MethodAccess settings | + exists(MethodCall allowFileAccess, MethodCall settings | allowFileAccess.getMethod() instanceof CrossOriginAccessMethod and allowFileAccess.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true and settings.getMethod() instanceof WebViewGetSettingsMethod and diff --git a/java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll b/java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll index d780207bbdae..60f0cef83847 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll @@ -12,7 +12,7 @@ private import semmle.code.java.dataflow.DataFlow */ class SslConnectionInit extends DataFlow::Node { SslConnectionInit() { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | this.asExpr() = ma and ma.getMethod() = m | @@ -30,7 +30,7 @@ class SslConnectionInit extends DataFlow::Node { */ class SslConnectionCreation extends DataFlow::Node { SslConnectionCreation() { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | m instanceof BeginHandshakeMethod or m instanceof SslWrapMethod or m instanceof SslUnwrapMethod or @@ -54,7 +54,7 @@ abstract class SslUnsafeCertTrustSanitizer extends DataFlow::Node { } */ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer { SslEngineServerMode() { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | m.hasName("setUseClientMode") and m.getDeclaringType().getAnAncestor() instanceof SslEngine and ma.getMethod() = m and @@ -68,7 +68,7 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer { * Holds if the return value of `createSocket` is cast to `SSLSocket` * or the qualifier of `createSocket` is an instance of `SSLSocketFactory`. */ -private predicate isSslSocket(MethodAccess createSocket) { +private predicate isSslSocket(MethodCall createSocket) { createSocket = any(CastExpr ce | ce.getType() instanceof SslSocket).getExpr() or createSocket.getQualifier().getType().(RefType).getAnAncestor() instanceof SslSocketFactory @@ -78,14 +78,14 @@ private predicate isSslSocket(MethodAccess createSocket) { * A call to a method that enables SSL (`useSslProtocol` or `setSslContextFactory`) * on an instance of `com.rabbitmq.client.ConnectionFactory` that doesn't set `enableHostnameVerification`. */ -class RabbitMQEnableHostnameVerificationNotSet extends MethodAccess { +class RabbitMQEnableHostnameVerificationNotSet extends MethodCall { RabbitMQEnableHostnameVerificationNotSet() { this.getMethod().hasName(["useSslProtocol", "setSslContextFactory"]) and this.getMethod().getDeclaringType() instanceof RabbitMQConnectionFactory and exists(Variable v | v.getType() instanceof RabbitMQConnectionFactory and this.getQualifier() = v.getAnAccess() and - not exists(MethodAccess ma | + not exists(MethodCall ma | ma.getMethod().hasName("enableHostnameVerification") and ma.getQualifier() = v.getAnAccess() ) diff --git a/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll index 0b45e150c0cd..39a55118ec4e 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll @@ -53,14 +53,14 @@ private class SslConnectionWithSafeSslParameters extends SslUnsafeCertTrustSanit private module SafeSslParametersFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - exists(MethodAccess ma | + exists(MethodCall ma | ma instanceof SafeSetEndpointIdentificationAlgorithm and DataFlow::getInstanceArgument(ma) = source.(DataFlow::PostUpdateNode).getPreUpdateNode() ) } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma, RefType t | t instanceof SslSocket or t instanceof SslEngine | + exists(MethodCall ma, RefType t | t instanceof SslSocket or t instanceof SslEngine | ma.getMethod().hasName("setSSLParameters") and ma.getMethod().getDeclaringType().getAnAncestor() = t and ma.getArgument(0) = sink.asExpr() @@ -73,7 +73,7 @@ private module SafeSslParametersFlow = DataFlow::Global ...)` */ - private predicate stepKryoPoolRunMethodAccessQualifierToFunctionalArgument( + private predicate stepKryoPoolRunMethodCallQualifierToFunctionalArgument( DataFlow::Node node1, DataFlow::Node node2 ) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof KryoPoolRunMethod and node1.asExpr() = ma.getQualifier() and ma.getArgument(0).(FunctionalExpr).asMethod().getParameter(0) = node2.asParameter() @@ -118,7 +118,7 @@ private module SafeKryoConfig implements DataFlow::ConfigSig { * Holds when a `KryoPool.Builder` method is called fluently. */ private predicate stepKryoPoolBuilderChainMethod(DataFlow::Node node1, DataFlow::Node node2) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof KryoPoolBuilderMethod and ma = node2.asExpr() and ma.getQualifier() = node1.asExpr() @@ -129,7 +129,7 @@ private module SafeKryoConfig implements DataFlow::ConfigSig { * Holds when a `KryoPool.borrow` method is called. */ private predicate stepKryoPoolBorrowMethod(DataFlow::Node node1, DataFlow::Node node2) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() = any(Method m | m.getDeclaringType() instanceof KryoPool and m.hasName("borrow")) and node1.asExpr() = ma.getQualifier() and @@ -143,7 +143,7 @@ private module SafeKryoFlow = DataFlow::Global; /** * Holds if `ma` is a call that deserializes data from `sink`. */ -predicate unsafeDeserialization(MethodAccess ma, Expr sink) { +predicate unsafeDeserialization(MethodCall ma, Expr sink) { exists(Method m | m = ma.getMethod() | m instanceof ObjectInputStreamReadObjectMethod and sink = ma.getQualifier() and @@ -232,7 +232,10 @@ class UnsafeDeserializationSink extends DataFlow::ExprNode { UnsafeDeserializationSink() { unsafeDeserialization(_, this.getExpr()) } /** Gets a call that triggers unsafe deserialization. */ - MethodAccess getMethodAccess() { unsafeDeserialization(result, this.getExpr()) } + MethodCall getMethodCall() { unsafeDeserialization(result, this.getExpr()) } + + /** DEPRECATED: Alias for `getMethodCall`. */ + deprecated MethodCall getMethodAccess() { result = this.getMethodCall() } } /** Holds if `node` is a sanitizer for unsafe deserialization */ @@ -243,13 +246,13 @@ private predicate isUnsafeDeserializationSanitizer(DataFlow::Node node) { SafeJsonIoFlow::flowToExpr(cie.getArgument(1)) ) or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof JsonIoJsonToJavaMethod and ma.getArgument(0) = node.asExpr() and SafeJsonIoFlow::flowToExpr(ma.getArgument(1)) ) or - exists(MethodAccess ma | + exists(MethodCall ma | // Sanitize the input to jodd.json.JsonParser.parse et al whenever it appears // to be called with an explicit class argument limiting those types that can // be instantiated during deserialization. @@ -260,7 +263,7 @@ private predicate isUnsafeDeserializationSanitizer(DataFlow::Node node) { node.asExpr() = ma.getAnArgument() ) or - exists(MethodAccess ma | + exists(MethodCall ma | // Sanitize the input to flexjson.JSONDeserializer.deserialize whenever it appears // to be called with an explicit class argument limiting those types that can // be instantiated during deserialization, or if the deserializer has already been @@ -290,7 +293,7 @@ private predicate isUnsafeDeserializationTaintStep(DataFlow::Node pred, DataFlow ) ) or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof BurlapInputInitMethod and ma.getArgument(0) = pred.asExpr() and ma.getQualifier() = succ.asExpr() @@ -342,7 +345,7 @@ module UnsafeDeserializationFlow = TaintTracking::Global 0 and ma.getArgument(i) = arg | + exists(MethodCall ma, int i, Expr arg | i > 0 and ma.getArgument(i) = arg | ( ma.getMethod() instanceof ObjectMapperReadMethod or @@ -501,7 +504,7 @@ module EnableJacksonDefaultTypingFlow = DataFlow::Global; */ private class JoddJsonParserConfigurationMethodQualifier extends DataFlow::ExprNode { JoddJsonParserConfigurationMethodQualifier() { - exists(MethodAccess ma, Method m | ma.getQualifier() = this.asExpr() and m = ma.getMethod() | + exists(MethodCall ma, Method m | ma.getQualifier() = this.asExpr() and m = ma.getMethod() | m instanceof WithClassMetadataMethod or m instanceof SetClassMetadataNameMethod @@ -588,7 +591,7 @@ private module JoddJsonParserConfigurationMethodConfig implements DataFlow::Conf } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof JoddJsonParseMethod and sink.asExpr() = ma.getQualifier() // The class type argument ) @@ -608,7 +611,7 @@ private module JoddJsonParserConfigurationMethodFlow = * Such a parser may instantiate an arbtirary type when deserializing untrusted data. */ private DataFlow::Node getAnUnsafelyConfiguredParser() { - exists(MethodAccess ma | result.asExpr() = ma.getQualifier() | + exists(MethodCall ma | result.asExpr() = ma.getQualifier() | ma.getMethod() instanceof WithClassMetadataMethod and ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true or @@ -623,7 +626,7 @@ private DataFlow::Node getAnUnsafelyConfiguredParser() { * Such a parser will not instantiate an arbtirary type when deserializing untrusted data. */ private DataFlow::Node getASafelyConfiguredParser() { - exists(MethodAccess ma | result.asExpr() = ma.getQualifier() | + exists(MethodCall ma | result.asExpr() = ma.getQualifier() | ma.getMethod() instanceof WithClassMetadataMethod and ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = false or diff --git a/java/ql/lib/semmle/code/java/security/UrlRedirect.qll b/java/ql/lib/semmle/code/java/security/UrlRedirect.qll index fdd09fe89576..5877358eaf09 100644 --- a/java/ql/lib/semmle/code/java/security/UrlRedirect.qll +++ b/java/ql/lib/semmle/code/java/security/UrlRedirect.qll @@ -18,12 +18,12 @@ private class DefaultUrlRedirectSink extends UrlRedirectSink { /** A Servlet URL redirection sink. */ private class ServletUrlRedirectSink extends UrlRedirectSink { ServletUrlRedirectSink() { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof HttpServletResponseSendRedirectMethod and this.asExpr() = ma.getArgument(0) ) or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof ResponseSetHeaderMethod or ma.getMethod() instanceof ResponseAddHeaderMethod | diff --git a/java/ql/lib/semmle/code/java/security/Validation.qll b/java/ql/lib/semmle/code/java/security/Validation.qll index 34c752444b9f..b8183b10751b 100644 --- a/java/ql/lib/semmle/code/java/security/Validation.qll +++ b/java/ql/lib/semmle/code/java/security/Validation.qll @@ -5,7 +5,7 @@ import semmle.code.java.controlflow.Guards /** Holds if the method `method` validates its `arg`-th argument in some way. */ predicate validationMethod(Method method, int arg) { // The method examines the contents of the string argument. - exists(Parameter param, VarAccess paramRef, MethodAccess call | + exists(Parameter param, VarAccess paramRef, MethodCall call | method.getParameter(arg) = param and param.getType() instanceof TypeString and paramRef.getVariable() = param and @@ -17,19 +17,19 @@ predicate validationMethod(Method method, int arg) { ) or // The method calls another one that verifies the argument. - exists(Parameter param, MethodAccess call, int recursiveArg | + exists(Parameter param, MethodCall call, int recursiveArg | method.getParameter(arg) = param and call.getArgument(pragma[only_bind_into](recursiveArg)) = param.getAnAccess() and validationMethod(pragma[only_bind_into](call.getMethod()), pragma[only_bind_into](recursiveArg)) ) } -private predicate validationCall(MethodAccess ma, VarAccess va) { +private predicate validationCall(MethodCall ma, VarAccess va) { exists(int arg | validationMethod(ma.getMethod(), arg) and ma.getArgument(arg) = va) } private predicate validatedAccess(VarAccess va) { - exists(SsaVariable v, MethodAccess guardcall | + exists(SsaVariable v, MethodCall guardcall | va = v.getAUse() and validationCall(guardcall, v.getAUse()) | diff --git a/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll b/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll index d5aaf92f4125..00b9c715f752 100644 --- a/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll +++ b/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll @@ -13,8 +13,8 @@ private predicate isDebugCheck(Expr ex) { | subex.(VarAccess).getVariable().getName() = debug or - subex.(MethodAccess).getMethod().hasName("getProperty") and - subex.(MethodAccess).getAnArgument().(CompileTimeConstantExpr).getStringValue() = debug + subex.(MethodCall).getMethod().hasName("getProperty") and + subex.(MethodCall).getAnArgument().(CompileTimeConstantExpr).getStringValue() = debug ) } @@ -31,7 +31,7 @@ deprecated class WebviewDebugEnabledConfig extends DataFlow::Configuration { } override predicate isSink(DataFlow::Node node) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasQualifiedName("android.webkit", "WebView", "setWebContentsDebuggingEnabled") and node.asExpr() = ma.getArgument(0) ) @@ -51,7 +51,7 @@ module WebviewDebugEnabledConfig implements DataFlow::ConfigSig { } predicate isSink(DataFlow::Node node) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasQualifiedName("android.webkit", "WebView", "setWebContentsDebuggingEnabled") and node.asExpr() = ma.getArgument(0) ) diff --git a/java/ql/lib/semmle/code/java/security/XSS.qll b/java/ql/lib/semmle/code/java/security/XSS.qll index 163696e4489d..9edee5823bfc 100644 --- a/java/ql/lib/semmle/code/java/security/XSS.qll +++ b/java/ql/lib/semmle/code/java/security/XSS.qll @@ -42,7 +42,7 @@ private class DefaultXssSink extends XssSink { DefaultXssSink() { sinkNode(this, ["html-injection", "js-injection"]) or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof WritingMethod and XssVulnerableWriterSourceToWritingMethodFlow::flowToExpr(ma.getQualifier()) and this.asExpr() = ma.getArgument(_) @@ -56,7 +56,7 @@ private class DefaultXssSanitizer extends XssSanitizer { this.getType() instanceof NumericType or this.getType() instanceof BooleanType or // Match `org.springframework.web.util.HtmlUtils.htmlEscape` and possibly other methods like it. - this.asExpr().(MethodAccess).getMethod().getName().regexpMatch("(?i)html_?escape.*") + this.asExpr().(MethodCall).getMethod().getName().regexpMatch("(?i)html_?escape.*") } } @@ -65,7 +65,7 @@ private module XssVulnerableWriterSourceToWritingMethodFlowConfig implements Dat predicate isSource(DataFlow::Node src) { src.asExpr() instanceof XssVulnerableWriterSource } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | + exists(MethodCall ma | sink.asExpr() = ma.getQualifier() and ma.getMethod() instanceof WritingMethod ) } @@ -88,7 +88,7 @@ private class WritingMethod extends Method { } /** An output stream or writer that writes to a servlet, JSP or JSF response. */ -class XssVulnerableWriterSource extends MethodAccess { +class XssVulnerableWriterSource extends MethodCall { XssVulnerableWriterSource() { this.getMethod() instanceof ServletResponseGetWriterMethod or diff --git a/java/ql/lib/semmle/code/java/security/XmlParsers.qll b/java/ql/lib/semmle/code/java/security/XmlParsers.qll index cf8ef5e8775b..5a37ebee5e2d 100644 --- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll +++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll @@ -16,7 +16,7 @@ private module Frameworks { /** * An abstract type representing a call to parse XML files. */ -abstract class XmlParserCall extends MethodAccess { +abstract class XmlParserCall extends MethodCall { /** * Gets the argument representing the XML content to be parsed. */ @@ -31,7 +31,7 @@ abstract class XmlParserCall extends MethodAccess { /** * An access to a method use for configuring the parser. */ -abstract class ParserConfig extends MethodAccess { +abstract class ParserConfig extends MethodCall { /** * Holds if the method disables a property. */ @@ -141,7 +141,7 @@ class SafeDocumentBuilderFactory extends VarAccess { } } -private class DocumentBuilderConstruction extends MethodAccess { +private class DocumentBuilderConstruction extends MethodCall { DocumentBuilderConstruction() { exists(Method m | this.getMethod() = m and @@ -440,7 +440,7 @@ private predicate safeSaxParserNode(DataFlow::Node src) { src.asExpr() instanceo private module SafeSaxParserFlow = DataFlow::SimpleGlobal; /** A `SaxParser` created from a safely configured `SaxParserFactory`. */ -class SafeSaxParser extends MethodAccess { +class SafeSaxParser extends MethodCall { SafeSaxParser() { this.getMethod().getDeclaringType() instanceof SaxParserFactory and this.getMethod().hasName("newSAXParser") and @@ -640,13 +640,13 @@ private module CreatedSafeXmlReaderFlow = DataFlow::SimpleGlobal 1 + count(MethodCall a | a.getParent*() = branch) > 1 } predicate complicatedCondition(Expr cond) { diff --git a/java/ql/src/Language Abuse/UselessUpcast.ql b/java/ql/src/Language Abuse/UselessUpcast.ql index 36810b4116e8..ea7c12632ecd 100644 --- a/java/ql/src/Language Abuse/UselessUpcast.ql +++ b/java/ql/src/Language Abuse/UselessUpcast.ql @@ -25,7 +25,7 @@ predicate usefulUpcast(CastingExpr e) { other.getName() = target.getName() and other.getSourceDeclaration() != target.getSourceDeclaration() | - c.(MethodAccess).getReceiverType().inherits(other.(Method)) or + c.(MethodCall).getReceiverType().inherits(other.(Method)) or other = target.(Constructor).getDeclaringType().getAConstructor() ) ) @@ -48,7 +48,7 @@ predicate usefulUpcast(CastingExpr e) { not e.getExpr().getType().(RefType).inherits(fa.getField()) ) or - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | e = ma.getQualifier() and m = ma.getMethod() and (m.isStatic() or m.isPrivate()) diff --git a/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql b/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql index ec9c4716ea67..26353891f418 100644 --- a/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql +++ b/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql @@ -13,7 +13,7 @@ import java import semmle.code.java.security.RandomQuery -from MethodAccess ma, Method abs, Method nextIntOrLong, RandomDataSource nma +from MethodCall ma, Method abs, Method nextIntOrLong, RandomDataSource nma where ma.getMethod() = abs and abs.hasName("abs") and diff --git a/java/ql/src/Likely Bugs/Arithmetic/BadCheckOdd.ql b/java/ql/src/Likely Bugs/Arithmetic/BadCheckOdd.ql index 6285320cee8d..567e2628dae1 100644 --- a/java/ql/src/Likely Bugs/Arithmetic/BadCheckOdd.ql +++ b/java/ql/src/Likely Bugs/Arithmetic/BadCheckOdd.ql @@ -17,8 +17,8 @@ import semmle.code.java.Collections predicate isDefinitelyPositive(Expr e) { isDefinitelyPositive(e) or e.(IntegerLiteral).getIntValue() >= 0 or - e.(MethodAccess).getMethod() instanceof CollectionSizeMethod or - e.(MethodAccess).getMethod() instanceof StringLengthMethod or + e.(MethodCall).getMethod() instanceof CollectionSizeMethod or + e.(MethodCall).getMethod() instanceof StringLengthMethod or e.(FieldAccess).getField() instanceof ArrayLengthField } diff --git a/java/ql/src/Likely Bugs/Collections/Containers.qll b/java/ql/src/Likely Bugs/Collections/Containers.qll index 4c19ddf647ca..3fdf44aba8c5 100644 --- a/java/ql/src/Likely Bugs/Collections/Containers.qll +++ b/java/ql/src/Likely Bugs/Collections/Containers.qll @@ -18,7 +18,7 @@ class ContainerMutator extends Method { } } -class ContainerMutation extends MethodAccess { +class ContainerMutation extends MethodCall { ContainerMutation() { this instanceof CollectionMutation or this instanceof MapMutation diff --git a/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql b/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql index 52d790e0e718..e1137b111bf6 100644 --- a/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql +++ b/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql @@ -95,7 +95,7 @@ predicate containerAccess(string package, string type, int p, string signature, i = 0 } -class MismatchedContainerAccess extends MethodAccess { +class MismatchedContainerAccess extends MethodCall { MismatchedContainerAccess() { exists(string package, string type, int i | containerAccess(package, type, _, this.getCallee().getSignature(), i) diff --git a/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql b/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql index 8784b7ccd00e..0308f68f231c 100644 --- a/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql +++ b/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql @@ -13,11 +13,9 @@ import java -class SpecialCollectionCreation extends MethodAccess { +class SpecialCollectionCreation extends MethodCall { SpecialCollectionCreation() { - exists(Method m, RefType rt | - m = this.(MethodAccess).getCallee() and rt = m.getDeclaringType() - | + exists(Method m, RefType rt | m = this.(MethodCall).getCallee() and rt = m.getDeclaringType() | rt.hasQualifiedName("java.util", "Arrays") and m.hasName("asList") or rt.hasQualifiedName("java.util", "Collections") and @@ -46,7 +44,7 @@ predicate containsSpecialCollection(Expr e, SpecialCollectionCreation origin) { } predicate iterOfSpecialCollection(Expr e, SpecialCollectionCreation origin) { - exists(MethodAccess ma | ma = e | + exists(MethodCall ma | ma = e | containsSpecialCollection(ma.getQualifier(), origin) and ma.getCallee().hasName("iterator") ) @@ -67,7 +65,7 @@ predicate iterOfSpecialCollection(Expr e, SpecialCollectionCreation origin) { ) } -from MethodAccess remove, SpecialCollectionCreation scc +from MethodCall remove, SpecialCollectionCreation scc where remove.getCallee().hasName("remove") and iterOfSpecialCollection(remove.getQualifier(), scc) diff --git a/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql b/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql index f9390c9c6ec3..a3fb91e99b69 100644 --- a/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql +++ b/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql @@ -32,12 +32,10 @@ where v instanceof LocalVariableDecl and exists(ReturnStmt ret | ret.getResult() = va) or // ...or a call to a query method on `v`. - exists(MethodAccess ma | va = ma.getQualifier() | - ma.getMethod() instanceof ContainerQueryMethod - ) + exists(MethodCall ma | va = ma.getQualifier() | ma.getMethod() instanceof ContainerQueryMethod) ) and // There is at least one call to a query method. - exists(MethodAccess ma | v.getAnAccess() = ma.getQualifier() | + exists(MethodCall ma | v.getAnAccess() = ma.getQualifier() | ma.getMethod() instanceof ContainerQueryMethod ) and // Also, any value that `v` is initialized to is a fresh container, diff --git a/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql b/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql index 076ccc122404..08a8da884846 100644 --- a/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql +++ b/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql @@ -65,7 +65,7 @@ predicate containerModification(string package, string type, int p, string signa i = 0 } -class MismatchedContainerModification extends MethodAccess { +class MismatchedContainerModification extends MethodCall { MismatchedContainerModification() { exists(string package, string type, int i | containerModification(package, type, _, this.getCallee().getSignature(), i) diff --git a/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql b/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql index be186d2b2e20..2edeea4ec57f 100644 --- a/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql +++ b/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql @@ -46,7 +46,7 @@ predicate checksReferenceEquality(EqualsMethod em) { // Check whether `em` delegates to another method checking reference equality. // More precisely, we check whether the body of `em` is of the form `return super.equals(o);`, // where `o` is the (only) parameter of `em`, and the invoked method is a reference equality check. - exists(SuperMethodAccess sup | + exists(SuperMethodCall sup | sup = em.getBody().(SingletonBlock).getStmt().(ReturnStmt).getResult() and sup.getArgument(0) = em.getParameter(0).getAnAccess() and checksReferenceEquality(sup.getCallee()) diff --git a/java/ql/src/Likely Bugs/Comparison/Equality.qll b/java/ql/src/Likely Bugs/Comparison/Equality.qll index 1ee8eac49add..9aeb4a46047e 100644 --- a/java/ql/src/Likely Bugs/Comparison/Equality.qll +++ b/java/ql/src/Likely Bugs/Comparison/Equality.qll @@ -13,7 +13,7 @@ class RefiningEquals extends EqualsMethod { // For each return statement `ret` in this method, ... forall(ReturnStmt ret | ret.getEnclosingCallable() = this | // ... there is a `super` access that ... - exists(MethodAccess sup, SuperAccess qual | + exists(MethodCall sup, SuperAccess qual | // ... is of the form `super.something`, but not `A.super.something` ... qual = sup.getQualifier() and not exists(qual.getQualifier()) and diff --git a/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql b/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql index c7324012fc29..2b04d8711540 100644 --- a/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql +++ b/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql @@ -12,7 +12,7 @@ import java -from MethodAccess ma, Array recvtype, Method m +from MethodCall ma, Array recvtype, Method m where recvtype = ma.getQualifier().getType() and m = ma.getMethod() and diff --git a/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql b/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql index 1d20e98a21b8..6d3c4ce28218 100644 --- a/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql +++ b/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql @@ -38,7 +38,7 @@ predicate usedInHash(RefType t, Expr e) { exists(RefType s | s.getName().matches("%Hash%") and not s.getSourceDeclaration().getName() = "IdentityHashMap" | - exists(MethodAccess ma | + exists(MethodCall ma | ma.getQualifier().getType() = s and ma.getArgument(0).getType() = t and e = ma and diff --git a/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql b/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql index d98fc77af38d..2326ae5dd3d9 100644 --- a/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql +++ b/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql @@ -13,7 +13,7 @@ import java /** A call to an `equals` method. */ -class EqualsCall extends MethodAccess { +class EqualsCall extends MethodCall { EqualsCall() { this.getMethod() instanceof EqualsMethod } /** @@ -22,7 +22,7 @@ class EqualsCall extends MethodAccess { */ predicate whitelisted() { // Allow tests and assertions to verify that `equals` methods return `false`. - this.getParent*().(MethodAccess).getMethod().getName().matches("assert%") or + this.getParent*().(MethodCall).getMethod().getName().matches("assert%") or this.getEnclosingStmt() instanceof AssertStmt } diff --git a/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql b/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql index 1c7bb13c0654..455ca22d6e3f 100644 --- a/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql +++ b/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql @@ -32,7 +32,7 @@ predicate hasTypeTest(Variable v) { or any(ClassExpr c).getExpr() = v.getAnAccess() or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().getName() = "getClass" and ma.getQualifier() = v.getAnAccess() ) @@ -71,7 +71,7 @@ where not hasTypeTest(p) and // If the parameter is passed to a method for which we don't have the source // we assume it's ok - not exists(MethodAccess ma | + not exists(MethodCall ma | not exists(ma.getMethod().getBody()) and ma.getAnArgument() = p.getAnAccess() ) diff --git a/java/ql/src/Likely Bugs/Comparison/ObjectComparison.ql b/java/ql/src/Likely Bugs/Comparison/ObjectComparison.ql index d240f908941a..63ad7af87fa8 100644 --- a/java/ql/src/Likely Bugs/Comparison/ObjectComparison.ql +++ b/java/ql/src/Likely Bugs/Comparison/ObjectComparison.ql @@ -30,7 +30,7 @@ class ReferenceEqualityTestOnObject extends ReferenceEqualityTest { from ReferenceEqualityTestOnObject scw where - not exists(Variable left, Variable right, MethodAccess equals | + not exists(Variable left, Variable right, MethodCall equals | left = scw.getLeftOperand().(VarAccess).getVariable() and right = scw.getRightOperand().(VarAccess).getVariable() and scw.getEnclosingCallable() = equals.getEnclosingCallable() and diff --git a/java/ql/src/Likely Bugs/Comparison/StringComparison.ql b/java/ql/src/Likely Bugs/Comparison/StringComparison.ql index fd840d416e89..63d09e0f7915 100644 --- a/java/ql/src/Likely Bugs/Comparison/StringComparison.ql +++ b/java/ql/src/Likely Bugs/Comparison/StringComparison.ql @@ -21,7 +21,7 @@ class StringValue extends Expr { exists(Method intern | intern.getDeclaringType() instanceof TypeString and intern.hasName("intern") and - this.(MethodAccess).getMethod() = intern + this.(MethodCall).getMethod() = intern ) or // Ternary conditional operator. @@ -35,7 +35,7 @@ class StringValue extends Expr { variableValuesInterned(this.(VarAccess).getVariable()) or // Method accesses whose results are all interned. - forex(ReturnStmt rs | rs.getEnclosingCallable() = this.(MethodAccess).getMethod() | + forex(ReturnStmt rs | rs.getEnclosingCallable() = this.(MethodCall).getMethod() | rs.getResult().(StringValue).isInterned() ) } diff --git a/java/ql/src/Likely Bugs/Concurrency/BusyWait.ql b/java/ql/src/Likely Bugs/Concurrency/BusyWait.ql index e9b160222bc8..2cba4d10f035 100644 --- a/java/ql/src/Likely Bugs/Concurrency/BusyWait.ql +++ b/java/ql/src/Likely Bugs/Concurrency/BusyWait.ql @@ -23,8 +23,8 @@ class SleepMethod extends Method { } } -class SleepMethodAccess extends MethodAccess { - SleepMethodAccess() { this.getMethod() instanceof SleepMethod } +class SleepMethodCall extends MethodCall { + SleepMethodCall() { this.getMethod() instanceof SleepMethod } } class WaitMethod extends Method { @@ -48,7 +48,7 @@ class CommunicationMethod extends Method { predicate callsCommunicationMethod(Method source) { source instanceof CommunicationMethod or - exists(MethodAccess a, Method overridingMethod, Method target | + exists(MethodCall a, Method overridingMethod, Method target | callsCommunicationMethod(overridingMethod) and overridingMethod.overridesOrInstantiates*(target) and target = a.getMethod() and @@ -57,13 +57,13 @@ predicate callsCommunicationMethod(Method source) { } class DangerStmt extends Stmt { - DangerStmt() { exists(SleepMethodAccess sleep | sleep.getEnclosingStmt() = this) } + DangerStmt() { exists(SleepMethodCall sleep | sleep.getEnclosingStmt() = this) } } from WhileStmt s, DangerStmt d where d.getEnclosingStmt+() = s and - not exists(MethodAccess call | callsCommunicationMethod(call.getMethod()) | + not exists(MethodCall call | callsCommunicationMethod(call.getMethod()) | call.getEnclosingStmt().getEnclosingStmt*() = s ) select d, "Prefer wait/notify or java.util.concurrent to communicate between threads." diff --git a/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql b/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql index 9962596d5b6d..bf1639361154 100644 --- a/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql +++ b/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql @@ -26,7 +26,7 @@ class ConditionInterface extends Interface { ConditionInterface() { this.hasQualifiedName("java.util.concurrent.locks", "Condition") } } -from MethodAccess ma, ConditionInterface condition +from MethodCall ma, ConditionInterface condition where ma.getMethod() instanceof WaitMethod and ma.getQualifier().getType().(RefType).hasSupertype*(condition) diff --git a/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql b/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql index e7e8f43dc42a..c31ef9962252 100644 --- a/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql +++ b/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql @@ -22,7 +22,7 @@ class RunMethod extends Method { } } -from MethodAccess m, RunMethod run +from MethodCall m, RunMethod run where m.getMethod() = run and not m.getEnclosingCallable() instanceof RunMethod diff --git a/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql b/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql index ef3814014eee..18683ac690ff 100644 --- a/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql +++ b/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql @@ -19,7 +19,7 @@ where (f.isPublic() or f.isProtected()) and dateFormat.hasQualifiedName("java.text", "DateFormat") and f.getType().(RefType).hasSupertype*(dateFormat) and - exists(MethodAccess m | m.getQualifier().(VarAccess).getVariable() = f) + exists(MethodCall m | m.getQualifier().(VarAccess).getVariable() = f) select f, "Found static field of type " + f.getType().getName() + " in " + f.getDeclaringType().getName() + "." diff --git a/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql b/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql index be9314072847..241825c092e6 100644 --- a/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql +++ b/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql @@ -24,8 +24,8 @@ predicate whitelistedMethod(Method m) { class SideEffect extends Expr { SideEffect() { - this instanceof MethodAccess and - not whitelistedMethod(this.(MethodAccess).getMethod()) + this instanceof MethodCall and + not whitelistedMethod(this.(MethodCall).getMethod()) or this.(Assignment).getDest() instanceof FieldAccess } diff --git a/java/ql/src/Likely Bugs/Concurrency/InconsistentAccess.ql b/java/ql/src/Likely Bugs/Concurrency/InconsistentAccess.ql index 9d44e5d4415b..27e0973ebf99 100644 --- a/java/ql/src/Likely Bugs/Concurrency/InconsistentAccess.ql +++ b/java/ql/src/Likely Bugs/Concurrency/InconsistentAccess.ql @@ -23,16 +23,14 @@ predicate withinInitializer(Expr e) { e.getEnclosingCallable() instanceof Constructor } -predicate locallySynchronized(MethodAccess ma) { +predicate locallySynchronized(MethodCall ma) { ma.getEnclosingStmt().getEnclosingStmt+() instanceof SynchronizedStmt } predicate hasUnsynchronizedCall(Method m) { m.isPublic() and not m.isSynchronized() or - exists(MethodAccess ma, Method caller | - ma.getMethod() = m and caller = ma.getEnclosingCallable() - | + exists(MethodCall ma, Method caller | ma.getMethod() = m and caller = ma.getEnclosingCallable() | hasUnsynchronizedCall(caller) and not caller.isSynchronized() and not locallySynchronized(ma) diff --git a/java/ql/src/Likely Bugs/Concurrency/LazyInitStaticField.ql b/java/ql/src/Likely Bugs/Concurrency/LazyInitStaticField.ql index c6f893e10950..757da40c6e6e 100644 --- a/java/ql/src/Likely Bugs/Concurrency/LazyInitStaticField.ql +++ b/java/ql/src/Likely Bugs/Concurrency/LazyInitStaticField.ql @@ -61,12 +61,12 @@ class ValidSynchStmt extends Stmt { exists(TryStmt try, LockObjectField lockField | this = try.getBlock() and lockField.getType().(RefType).hasQualifiedName("java.util.concurrent.locks", "ReentrantLock") and - exists(MethodAccess lockAction | + exists(MethodCall lockAction | lockAction.getQualifier() = lockField.getAnAccess() and lockAction.getMethod().getName() = "lock" and dominates(lockAction, this) ) and - exists(MethodAccess unlockAction | + exists(MethodCall unlockAction | unlockAction.getQualifier() = lockField.getAnAccess() and unlockAction.getMethod().getName() = "unlock" and postDominates(unlockAction, this) diff --git a/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql b/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql index c2f61b60f8dc..a2e41c9bd055 100644 --- a/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql +++ b/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql @@ -20,7 +20,7 @@ import java * `super.m(x, y, z)`, possibly wrapped in one or more casts and/or parentheses. */ predicate delegatingSuperCall(Expr e, Method target) { - exists(MethodAccess call | call = e | + exists(MethodCall call | call = e | call.getQualifier() instanceof SuperAccess and call.getCallee() = target and forall(Expr arg | arg = call.getAnArgument() | arg instanceof VarAccess) diff --git a/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql b/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql index 1cd857bf175c..047e6853011e 100644 --- a/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql +++ b/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql @@ -14,15 +14,15 @@ import java -class InvokeInterfaceOrVirtualMethodAccess extends MethodAccess { - InvokeInterfaceOrVirtualMethodAccess() { +class InvokeInterfaceOrVirtualMethodCall extends MethodCall { + InvokeInterfaceOrVirtualMethodCall() { this.getMethod().getDeclaringType() instanceof Interface or not this.hasQualifier() or not this.getQualifier() instanceof SuperAccess } } -from InvokeInterfaceOrVirtualMethodAccess ma, Method m +from InvokeInterfaceOrVirtualMethodCall ma, Method m where ma.getMethod() = m and m.hasName("notify") and diff --git a/java/ql/src/Likely Bugs/Concurrency/NotifyWithoutSynch.ql b/java/ql/src/Likely Bugs/Concurrency/NotifyWithoutSynch.ql index 52ae743412b2..89dbedd02532 100644 --- a/java/ql/src/Likely Bugs/Concurrency/NotifyWithoutSynch.ql +++ b/java/ql/src/Likely Bugs/Concurrency/NotifyWithoutSynch.ql @@ -48,7 +48,7 @@ private predicate synchronizedCallable(Callable c) { c.isSynchronized() or c.isPrivate() and - forall(MethodAccess parent | parent.getCallee() = c | + forall(MethodCall parent | parent.getCallee() = c | synchronizedThisAccess(parent, c.getDeclaringType()) ) } @@ -60,7 +60,7 @@ private predicate synchronizedCallable(Callable c) { * example, if the method call is `MyClass.wait()`, then the predicate * holds if there is an enclosing synchronization on `MyClass.this`. */ -private predicate synchronizedThisAccess(MethodAccess ma, Type thisType) { +private predicate synchronizedThisAccess(MethodCall ma, Type thisType) { // Are we inside a synchronized method? exists(Callable c | c = ma.getEnclosingCallable() and @@ -90,11 +90,11 @@ predicate synchronizedVarAccess(VarAccess x) { } /** - * This predicate holds if the `MethodAccess` is a qualified call, + * This predicate holds if the `MethodCall` is a qualified call, * such as `this.wait()`, and it is not inside a synchronized statement * or method. */ -private predicate unsynchronizedExplicitThisAccess(MethodAccess ma) { +private predicate unsynchronizedExplicitThisAccess(MethodCall ma) { exists(ThisAccess x | x = ma.getQualifier() and not synchronizedThisAccess(ma, x.getType()) @@ -102,27 +102,27 @@ private predicate unsynchronizedExplicitThisAccess(MethodAccess ma) { } /** - * Holds if the `MethodAccess` is an unqualified call, + * Holds if the `MethodCall` is an unqualified call, * such as `wait()`, and it is not inside a synchronized statement * or method. */ -private predicate unsynchronizedImplicitThisAccess(MethodAccess ma) { +private predicate unsynchronizedImplicitThisAccess(MethodCall ma) { not ma.hasQualifier() and not synchronizedThisAccess(ma, ma.getEnclosingCallable().getDeclaringType()) } /** - * Holds if the `MethodAccess` is on a variable, + * Holds if the `MethodCall` is on a variable, * such as `x.wait()`, and it is not inside a synchronized statement. */ -private predicate unsynchronizedVarAccess(MethodAccess ma) { +private predicate unsynchronizedVarAccess(MethodCall ma) { exists(VarAccess x | x = ma.getQualifier() and not synchronizedVarAccess(x) ) } -from MethodAccess ma, Method m +from MethodCall ma, Method m where m = ma.getMethod() and m instanceof MethodRequiresSynch and diff --git a/java/ql/src/Likely Bugs/Concurrency/PriorityCalls.ql b/java/ql/src/Likely Bugs/Concurrency/PriorityCalls.ql index 3c309eb79382..bd3231fee8b5 100644 --- a/java/ql/src/Likely Bugs/Concurrency/PriorityCalls.ql +++ b/java/ql/src/Likely Bugs/Concurrency/PriorityCalls.ql @@ -20,10 +20,10 @@ class PriorityMethod extends Method { } } -class PriorityMethodAccess extends MethodAccess { - PriorityMethodAccess() { this.getMethod() instanceof PriorityMethod } +class PriorityMethodCall extends MethodCall { + PriorityMethodCall() { this.getMethod() instanceof PriorityMethod } } -from PriorityMethodAccess ma +from PriorityMethodCall ma where ma.getCompilationUnit().fromSource() select ma, "Avoid using thread priorities. The effect is unpredictable and not portable." diff --git a/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql b/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql index 411618ef4bd4..417e426b7868 100644 --- a/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql +++ b/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql @@ -14,7 +14,7 @@ import java -from MethodAccess ma, Method sleep +from MethodCall ma, Method sleep where ma.getMethod() = sleep and sleep.hasName("sleep") and diff --git a/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql b/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql index fa145ebb1b4d..cb971a5f109f 100644 --- a/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql +++ b/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql @@ -26,7 +26,7 @@ private predicate cannotBeExtended(RefType t) { not exists(RefType sub | sub != t | sub.getAnAncestor() = t) } -from MethodAccess m, Constructor c, Class clazz +from MethodCall m, Constructor c, Class clazz where m.getMethod().getDeclaringType().hasQualifiedName("java.lang", "Thread") and m.getMethod().getName() = "start" and diff --git a/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql b/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql index 10a054f4106c..4efaf4f9820b 100644 --- a/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +++ b/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql @@ -39,22 +39,22 @@ class LockType extends RefType { result.hasName("isHeldByCurrentThread") } - MethodAccess getLockAccess() { + MethodCall getLockAccess() { result.getMethod() = this.getLockMethod() and // Not part of a Mockito verification call - not result instanceof MockitoVerifiedMethodAccess + not result instanceof MockitoVerifiedMethodCall } - MethodAccess getUnlockAccess() { + MethodCall getUnlockAccess() { result.getMethod() = this.getUnlockMethod() and // Not part of a Mockito verification call - not result instanceof MockitoVerifiedMethodAccess + not result instanceof MockitoVerifiedMethodCall } - MethodAccess getIsHeldByCurrentThreadAccess() { + MethodCall getIsHeldByCurrentThreadAccess() { result.getMethod() = this.getIsHeldByCurrentThreadMethod() and // Not part of a Mockito verification call - not result instanceof MockitoVerifiedMethodAccess + not result instanceof MockitoVerifiedMethodCall } } @@ -147,7 +147,7 @@ predicate blockIsLocked(LockType t, BasicBlock src, BasicBlock b, int locks) { ) } -from Callable c, LockType t, BasicBlock src, BasicBlock exit, MethodAccess lock +from Callable c, LockType t, BasicBlock src, BasicBlock exit, MethodCall lock where // Restrict results to those methods that actually attempt to unlock. t.getUnlockAccess().getEnclosingCallable() = c and diff --git a/java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql b/java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql index 644c003a1dcd..6e1356ff1a18 100644 --- a/java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql +++ b/java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql @@ -20,7 +20,7 @@ class WaitMethod extends Method { } } -from MethodAccess ma +from MethodCall ma where ma.getMethod() instanceof WaitMethod and not ma.getEnclosingStmt().getEnclosingStmt*() instanceof LoopStmt diff --git a/java/ql/src/Likely Bugs/Concurrency/WaitWithTwoLocks.ql b/java/ql/src/Likely Bugs/Concurrency/WaitWithTwoLocks.ql index 4c9896e0223c..f02f93f05254 100644 --- a/java/ql/src/Likely Bugs/Concurrency/WaitWithTwoLocks.ql +++ b/java/ql/src/Likely Bugs/Concurrency/WaitWithTwoLocks.ql @@ -21,7 +21,7 @@ class Synched extends Stmt { } } -from MethodAccess ma, SynchronizedStmt synch +from MethodCall ma, SynchronizedStmt synch where ma.getMethod().hasName("wait") and ma.getMethod().getDeclaringType().hasQualifiedName("java.lang", "Object") and diff --git a/java/ql/src/Likely Bugs/Concurrency/YieldCalls.ql b/java/ql/src/Likely Bugs/Concurrency/YieldCalls.ql index 91ae12b6464c..0d2bd62d0da8 100644 --- a/java/ql/src/Likely Bugs/Concurrency/YieldCalls.ql +++ b/java/ql/src/Likely Bugs/Concurrency/YieldCalls.ql @@ -20,11 +20,11 @@ class YieldMethod extends Method { } } -class YieldMethodAccess extends MethodAccess { - YieldMethodAccess() { this.getMethod() instanceof YieldMethod } +class YieldMethodCall extends MethodCall { + YieldMethodCall() { this.getMethod() instanceof YieldMethod } } -from YieldMethodAccess yield +from YieldMethodCall yield where yield.getCompilationUnit().fromSource() select yield, "Do not use Thread.yield(). It is non-portable and will most likely not have the desired effect." diff --git a/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql b/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql index 2d9d49802bfe..3d4f62707344 100644 --- a/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql +++ b/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql @@ -31,7 +31,7 @@ where exists(Method original | adapter = original.getDeclaringType() | m.getName() = original.getName()) and not exists(Method overridden | adapter = overridden.getDeclaringType() | m.overrides(overridden)) and // The method is not used for any other purpose. - not exists(MethodAccess ma | ma.getMethod() = m) + not exists(MethodCall ma | ma.getMethod() = m) select m, "Method " + m.getName() + " attempts to override a method in " + adapter.getName() + ", but does not have the same argument types. " + m.getName() + diff --git a/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql b/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql index 7feac69647e1..8d49cf1d59e8 100644 --- a/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql +++ b/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql @@ -13,7 +13,7 @@ import java -from MethodAccess ma, Method m, MainMethod main +from MethodCall ma, Method m, MainMethod main where ma.getQualifier().getType().getCompilationUnit().getPackage().getName().matches("javax.swing%") and ( diff --git a/java/ql/src/Likely Bugs/I18N/MissingLocaleArgument.ql b/java/ql/src/Likely Bugs/I18N/MissingLocaleArgument.ql index 2af7402661c1..0285aca36f4a 100644 --- a/java/ql/src/Likely Bugs/I18N/MissingLocaleArgument.ql +++ b/java/ql/src/Likely Bugs/I18N/MissingLocaleArgument.ql @@ -12,7 +12,7 @@ import java -from MethodAccess ma, Method changecase +from MethodCall ma, Method changecase where ( changecase.hasName("toUpperCase") or diff --git a/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql b/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql index ece8007eab99..618160538970 100644 --- a/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql +++ b/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql @@ -27,7 +27,7 @@ private FieldRead nonFinalFieldRead(Callable m, Field f) { not f.isFinal() } -private MethodAccess unqualifiedCallToNonAbstractMethod(Constructor c, Method m) { +private MethodCall unqualifiedCallToNonAbstractMethod(Constructor c, Method m) { result.getEnclosingCallable() = c and ( not exists(result.getQualifier()) or @@ -38,7 +38,7 @@ private MethodAccess unqualifiedCallToNonAbstractMethod(Constructor c, Method m) } from - Constructor c, MethodAccess ma, Method m, Method n, Field f, FieldRead fa, Constructor d, + Constructor c, MethodCall ma, Method m, Method n, Field f, FieldRead fa, Constructor d, FieldWrite fw where // Method access in a constructor diff --git a/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql b/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql index 90044ab25953..01f0ceac56cd 100644 --- a/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql +++ b/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql @@ -27,21 +27,21 @@ class ArrayLengthRead extends FieldRead, SizeOfContainer { } /** An access to `String.length()`. */ -class StringLengthRead extends MethodAccess, SizeOfContainer { +class StringLengthRead extends MethodCall, SizeOfContainer { StringLengthRead() { this.getMethod() instanceof StringLengthMethod } override string getContainerKind() { result = "a string" } } /** An access to `Collection.size()`. */ -class CollectionSizeCall extends MethodAccess, SizeOfContainer { +class CollectionSizeCall extends MethodCall, SizeOfContainer { CollectionSizeCall() { this.getMethod() instanceof CollectionSizeMethod } override string getContainerKind() { result = "a collection" } } /** An access to `Map.size()`. */ -class MapSizeCall extends MethodAccess, SizeOfContainer { +class MapSizeCall extends MethodCall, SizeOfContainer { MapSizeCall() { this.getMethod() instanceof MapSizeMethod } override string getContainerKind() { result = "a map" } diff --git a/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql b/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql index 738a26518fc5..8d9409059f8e 100644 --- a/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql +++ b/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql @@ -18,7 +18,7 @@ import java class DangerousExpression extends Expr { DangerousExpression() { exists(Expr e | this = e.getParent*() | - e instanceof MethodAccess or + e instanceof MethodCall or e instanceof ArrayAccess or exists(e.(FieldAccess).getQualifier()) ) diff --git a/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql b/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql index 2bffa1ea4f49..0bfb4b45a5a5 100644 --- a/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql +++ b/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql @@ -12,7 +12,7 @@ import java -from MethodAccess c, Method m, ParameterizedClass p, AnnotationType t +from MethodCall c, Method m, ParameterizedClass p, AnnotationType t where c.getMethod() = m and m.hasName("isAnnotationPresent") and diff --git a/java/ql/src/Likely Bugs/Resource Leaks/CloseType.qll b/java/ql/src/Likely Bugs/Resource Leaks/CloseType.qll index 42bcc8472ebf..53b213aa3be0 100644 --- a/java/ql/src/Likely Bugs/Resource Leaks/CloseType.qll +++ b/java/ql/src/Likely Bugs/Resource Leaks/CloseType.qll @@ -42,8 +42,8 @@ private predicate closeableType(RefType t) { * An access to a method on a type in the 'java.sql` package that creates a closeable object in the `java.sql` package. * For example, `PreparedStatement.executeQuery()` or `Connection.prepareStatement(String)`. */ -class SqlResourceOpeningMethodAccess extends MethodAccess { - SqlResourceOpeningMethodAccess() { +class SqlResourceOpeningMethodCall extends MethodCall { + SqlResourceOpeningMethodCall() { exists(Method m | this.getMethod() = m | m.getDeclaringType().hasQualifiedName("java.sql", _) and m.getReturnType().(RefType).hasQualifiedName("java.sql", _) and @@ -54,13 +54,16 @@ class SqlResourceOpeningMethodAccess extends MethodAccess { } } +/** DEPRECATED: Alias for `SqlResourceOpeningMethodCall`. */ +deprecated class SqlResourceOpeningMethodAccess = SqlResourceOpeningMethodCall; + /** * A candidate for a "closeable init" expression, which may require calling a "close" method. */ class CloseableInitExpr extends Expr { CloseableInitExpr() { this instanceof ClassInstanceExpr or - this instanceof SqlResourceOpeningMethodAccess + this instanceof SqlResourceOpeningMethodCall } } @@ -86,7 +89,7 @@ private predicate closeableInit(Expr e, Expr parent) { ) ) or - exists(SqlResourceOpeningMethodAccess ma | ma = e and parent = e) + exists(SqlResourceOpeningMethodCall ma | ma = e and parent = e) or exists(LocalVariableDecl v, Expr f | e = v.getAnAccess() and flowsInto(f, v) | closeableInit(f, parent) @@ -218,7 +221,7 @@ private predicate closeCalled(Variable v) { exists(TryStmt try | try.getAResourceVariable() = v) or // Otherwise, there should be an explicit call to a method whose name contains "close". - exists(MethodAccess e | + exists(MethodCall e | v = getCloseableVariable(_) or v instanceof Parameter or v instanceof LocalVariableDecl | e.getMethod().getName().toLowerCase().matches("%close%") and @@ -263,7 +266,7 @@ private predicate closedResource(CloseableInitExpr cie) { } private predicate immediatelyClosed(ClassInstanceExpr cie) { - exists(MethodAccess ma | ma.getQualifier() = cie | ma.getMethod().hasName("close")) + exists(MethodCall ma | ma.getQualifier() = cie | ma.getMethod().hasName("close")) } /** @@ -305,10 +308,10 @@ predicate noNeedToClose(CloseableInitExpr cie) { flowsInto(sqlStmt, v) and closedResource(sqlStmt) and cie.getType() instanceof TypeResultSet and - cie.(SqlResourceOpeningMethodAccess).getQualifier() = v.getAnAccess() + cie.(SqlResourceOpeningMethodCall).getQualifier() = v.getAnAccess() ) or - exists(MethodAccess ma | cie.(ClassInstanceExpr).getAnArgument() = ma | + exists(MethodCall ma | cie.(ClassInstanceExpr).getAnArgument() = ma | ma.getMethod() instanceof ServletResponseGetOutputStreamMethod or ma.getMethod() instanceof ServletResponseGetWriterMethod or ma.getMethod() instanceof ServletRequestGetBodyMethod diff --git a/java/ql/src/Likely Bugs/Statements/Chaining.qll b/java/ql/src/Likely Bugs/Statements/Chaining.qll index b8fdb63facec..bb7fba549e7b 100644 --- a/java/ql/src/Likely Bugs/Statements/Chaining.qll +++ b/java/ql/src/Likely Bugs/Statements/Chaining.qll @@ -35,8 +35,8 @@ private predicate nonChainingReturn(Method m, ReturnStmt ret) { ret.getResult().getType() != m.getDeclaringType() or // A method call to the wrong method is returned. - ret.getResult() instanceof MethodAccess and - exists(MethodAccess delegateCall, Method delegate | + ret.getResult() instanceof MethodCall and + exists(MethodCall delegateCall, Method delegate | delegateCall = ret.getResult() and delegate = delegateCall.getMethod() | @@ -47,7 +47,7 @@ private predicate nonChainingReturn(Method m, ReturnStmt ret) { not hasDescendant(m.getReturnType(), delegate.getReturnType()) or // A method on the wrong object is called. - not delegateCall.isOwnMethodAccess() + not delegateCall.isOwnMethodCall() or nonChaining(delegate) ) @@ -55,6 +55,6 @@ private predicate nonChainingReturn(Method m, ReturnStmt ret) { // Something else is returned. not ( ret.getResult() instanceof ThisAccess or - ret.getResult() instanceof MethodAccess + ret.getResult() instanceof MethodCall ) } diff --git a/java/ql/src/Likely Bugs/Statements/InconsistentCallOnResult.ql b/java/ql/src/Likely Bugs/Statements/InconsistentCallOnResult.ql index 6526a24cc5f9..fe47661def4b 100644 --- a/java/ql/src/Likely Bugs/Statements/InconsistentCallOnResult.ql +++ b/java/ql/src/Likely Bugs/Statements/InconsistentCallOnResult.ql @@ -33,7 +33,7 @@ predicate exclude(Method m) { * - is different from `callToCheck`, and * - is not a call to an excluded method. */ -predicate checkExpr(MethodAccess callToCheck, MethodAccess otherCall, string operation, Variable v) { +predicate checkExpr(MethodCall callToCheck, MethodCall otherCall, string operation, Variable v) { not exclude(otherCall.getMethod()) and v.getAnAssignedValue() = callToCheck and otherCall != callToCheck and @@ -47,7 +47,7 @@ predicate checkExpr(MethodAccess callToCheck, MethodAccess otherCall, string ope /** * Holds if `operation` is implicitly called on `v`, and `v` is assigned the result of `callToCheck`. */ -predicate implicitCheckExpr(MethodAccess callToCheck, string operation, Variable v) { +predicate implicitCheckExpr(MethodCall callToCheck, string operation, Variable v) { exists(TryStmt try, LocalVariableDeclExpr decl | try.getAResourceDecl().getAVariable() = decl and decl.getVariable() = v and @@ -62,7 +62,7 @@ predicate implicitCheckExpr(MethodAccess callToCheck, string operation, Variable Expr getChainedAccess(Variable v) { result = v.getAnAccess() or - exists(MethodAccess chainedAccess | chainedAccess.getQualifier() = getChainedAccess(v) | + exists(MethodCall chainedAccess | chainedAccess.getQualifier() = getChainedAccess(v) | designedForChaining(chainedAccess.getMethod()) and result = chainedAccess ) } @@ -70,7 +70,7 @@ Expr getChainedAccess(Variable v) { /** * The result of `ma` and a call to a method named `operation` are both assigned to the same variable. */ -predicate checkedFunctionCall(MethodAccess ma, string operation) { +predicate checkedFunctionCall(MethodCall ma, string operation) { relevantFunctionCall(ma, _) and exists(Variable v | not v instanceof Field | v.getAnAssignedValue() = ma and @@ -81,24 +81,24 @@ predicate checkedFunctionCall(MethodAccess ma, string operation) { /** * The method access `ma` is a call to `m` where the result is assigned. */ -predicate relevantFunctionCall(MethodAccess ma, Method m) { +predicate relevantFunctionCall(MethodCall ma, Method m) { ma.getMethod() = m and exists(Variable v | v.getAnAssignedValue() = ma) and not okToIgnore(ma) } -predicate okToIgnore(MethodAccess ma) { not ma.getCompilationUnit().fromSource() } +predicate okToIgnore(MethodCall ma) { not ma.getCompilationUnit().fromSource() } predicate functionStats(Method m, string operation, int used, int total, int percentage) { m.getReturnType() instanceof RefType and // Calls to `m` where we also perform `operation`. - used = strictcount(MethodAccess ma | checkedFunctionCall(ma, operation) and m = ma.getMethod()) and + used = strictcount(MethodCall ma | checkedFunctionCall(ma, operation) and m = ma.getMethod()) and // Calls to `m`. - total = strictcount(MethodAccess ma | relevantFunctionCall(ma, m)) and + total = strictcount(MethodCall ma | relevantFunctionCall(ma, m)) and percentage = used * 100 / total } -from MethodAccess unchecked, Method m, string operation, int percent +from MethodCall unchecked, Method m, string operation, int percent where relevantFunctionCall(unchecked, m) and not checkedFunctionCall(unchecked, operation) and diff --git a/java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql b/java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql index c50a9a5f1a48..f3861dd6174d 100644 --- a/java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql +++ b/java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql @@ -16,7 +16,7 @@ import java import Chaining -predicate checkedMethodCall(MethodAccess ma) { +predicate checkedMethodCall(MethodCall ma) { relevantMethodCall(ma, _) and not ma instanceof ValueDiscardingExpr } @@ -73,31 +73,31 @@ predicate isMustBeQualifierMockingMethod(Method m) { m.hasName("verify") } -predicate relevantMethodCall(MethodAccess ma, Method m) { +predicate relevantMethodCall(MethodCall ma, Method m) { // For "return value ignored", all method calls are relevant. not ma.getFile().isKotlinSourceFile() and ma.getMethod() = m and not m.getReturnType().hasName("void") and (not isMockingMethod(m) or isMustBeQualifierMockingMethod(m)) and - not isMockingMethod(ma.getQualifier().(MethodAccess).getMethod()) + not isMockingMethod(ma.getQualifier().(MethodCall).getMethod()) } predicate methodStats(Method m, int used, int total, int percentage) { - used = strictcount(MethodAccess ma | checkedMethodCall(ma) and m = ma.getMethod()) and - total = strictcount(MethodAccess ma | relevantMethodCall(ma, m)) and + used = strictcount(MethodCall ma | checkedMethodCall(ma) and m = ma.getMethod()) and + total = strictcount(MethodCall ma | relevantMethodCall(ma, m)) and percentage = used * 100 / total } int chainedUses(Method m) { result = - count(MethodAccess ma, MethodAccess qual | + count(MethodCall ma, MethodCall qual | ma.getMethod() = m and ma.getQualifier() = qual and qual.getMethod() = m ) } -from MethodAccess unchecked, Method m, int percent, int total +from MethodCall unchecked, Method m, int percent, int total where relevantMethodCall(unchecked, m) and not checkedMethodCall(unchecked) and diff --git a/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql b/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql index 0b3c12560501..7dc893edaef9 100644 --- a/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql +++ b/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql @@ -73,12 +73,12 @@ where loopWhileTrue(loop) and loopExitGuard(loop, cond) ) and // None of the ssa variables in `cond` are updated inside the loop. - forex(SsaVariable ssa, RValue use | ssa.getAUse() = use and use.getParent*() = cond | + forex(SsaVariable ssa, VarRead use | ssa.getAUse() = use and use.getParent*() = cond | not ssa.getCfgNode().getEnclosingStmt().getEnclosingStmt*() = loop or ssa.getCfgNode().(Expr).getParent*() = loop.(ForStmt).getAnInit() ) and // And `cond` does not use method calls, field reads, or array reads. - not exists(MethodAccess ma | ma.getParent*() = cond) and + not exists(MethodCall ma | ma.getParent*() = cond) and not exists(FieldRead fa | // Ignore if field is final not fa.getField().isFinal() and diff --git a/java/ql/src/Performance/InefficientEmptyStringTest.ql b/java/ql/src/Performance/InefficientEmptyStringTest.ql index f51b4d964bd6..0033bcf12845 100644 --- a/java/ql/src/Performance/InefficientEmptyStringTest.ql +++ b/java/ql/src/Performance/InefficientEmptyStringTest.ql @@ -11,7 +11,7 @@ import java -from MethodAccess mc +from MethodCall mc where mc.getQualifier().getType() instanceof TypeString and mc.getMethod().hasName("equals") and diff --git a/java/ql/src/Performance/InefficientKeySetIterator.ql b/java/ql/src/Performance/InefficientKeySetIterator.ql index 2b7f1e248967..2dbe8831cb12 100644 --- a/java/ql/src/Performance/InefficientKeySetIterator.ql +++ b/java/ql/src/Performance/InefficientKeySetIterator.ql @@ -14,25 +14,25 @@ import java /** A local variable that is initialized using a key-set iterator. */ class KeySetIterator extends LocalVariableDecl { KeySetIterator() { - exists(LocalVariableDeclExpr lvde, MethodAccess init | + exists(LocalVariableDeclExpr lvde, MethodCall init | lvde.getVariable() = this and lvde.getInit() = init and init.getMethod().hasName("iterator") and - init.getQualifier().(MethodAccess).getMethod().hasName("keySet") + init.getQualifier().(MethodCall).getMethod().hasName("keySet") ) } LocalVariableDecl getBase() { - exists(LocalVariableDeclExpr lvde, MethodAccess init | + exists(LocalVariableDeclExpr lvde, MethodCall init | lvde.getVariable() = this and lvde.getInit() = init and - init.getQualifier().(MethodAccess).getQualifier().(VarAccess).getVariable() = result + init.getQualifier().(MethodCall).getQualifier().(VarAccess).getVariable() = result ) } } predicate isKeyNext(Expr e, KeySetIterator it) { - exists(MethodAccess ma | ma = e | + exists(MethodCall ma | ma = e | ma.getMethod().hasName("next") and ma.getQualifier().(VarAccess).getVariable() = it ) @@ -56,7 +56,7 @@ class Key extends LocalVariableDecl { } } -from MethodAccess ma, Method get +from MethodCall ma, Method get where ma.getMethod() = get and get.hasName("get") and diff --git a/java/ql/src/Performance/InefficientOutputStream.ql b/java/ql/src/Performance/InefficientOutputStream.ql index e0b501a886cb..5ddf568b79af 100644 --- a/java/ql/src/Performance/InefficientOutputStream.ql +++ b/java/ql/src/Performance/InefficientOutputStream.ql @@ -34,7 +34,7 @@ where ) and // If that method doesn't call write itself, then we don't have a problem. // This is the case is some dummy implementations. - exists(MethodAccess ma | ma.getEnclosingCallable() = m | ma.getMethod().getName() = "write") + exists(MethodCall ma | ma.getEnclosingCallable() = m | ma.getMethod().getName() = "write") select c, "This class extends 'java.io.OutputStream' and implements $@, but does not override 'write(byte[],int,int)'.", m, m.getName() diff --git a/java/ql/src/Performance/InnerClassCouldBeStatic.ql b/java/ql/src/Performance/InnerClassCouldBeStatic.ql index 67ee835b747a..95d3057c9629 100644 --- a/java/ql/src/Performance/InnerClassCouldBeStatic.ql +++ b/java/ql/src/Performance/InnerClassCouldBeStatic.ql @@ -74,7 +74,7 @@ RefType enclosingInstanceAccess(Expr expr) { not inherits(enclosing, fa.getVariable()) ) or - exists(MethodAccess ma | ma = expr | + exists(MethodCall ma | ma = expr | result = ma.getMethod().getDeclaringType() and not exists(ma.getQualifier()) and not ma.getMethod().isStatic() and diff --git a/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql b/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql index 5b6a081f07a7..9d987ae7d0cd 100644 --- a/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql +++ b/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql @@ -12,5 +12,5 @@ import semmle.code.java.security.PartialPathTraversal -from PartialPathTraversalMethodAccess ma +from PartialPathTraversalMethodCall ma select ma, "Partial Path Traversal Vulnerability due to insufficient guard against path traversal." diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql index 8f866c7b5cc8..4368b537ab7c 100644 --- a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql +++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql @@ -13,6 +13,6 @@ import java import semmle.code.java.frameworks.android.WebView -from MethodAccess ma +from MethodCall ma where ma.getMethod() instanceof WebViewAddJavascriptInterfaceMethod select ma, "JavaScript interface to Java object added in Android WebView." diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql index 2e5b2a0d375b..561b2af8de02 100644 --- a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql +++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql @@ -13,7 +13,7 @@ import java import semmle.code.java.frameworks.android.WebView -from MethodAccess ma +from MethodCall ma where ma.getMethod() instanceof AllowJavaScriptMethod and ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true diff --git a/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql b/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql index 6fd6da06a27b..bd5cc2a5b76f 100644 --- a/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql +++ b/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql @@ -24,8 +24,8 @@ private class TypeWebViewOrSubclass extends RefType { * * In Kotlin, member accesses are translated to getter methods. */ -private class PrivateGetterMethodAccess extends MethodAccess { - PrivateGetterMethodAccess() { +private class PrivateGetterMethodCall extends MethodCall { + PrivateGetterMethodCall() { this.getMethod() instanceof GetterMethod and this.getMethod().isPrivate() } @@ -39,11 +39,11 @@ class WebViewSource extends DataFlow::Node { // constructor and method calls, or method accesses which are cast to WebView. ( this.asExpr() instanceof ClassInstanceExpr or - this.asExpr() instanceof MethodAccess or - this.asExpr().(CastExpr).getAChildExpr() instanceof MethodAccess + this.asExpr() instanceof MethodCall or + this.asExpr().(CastExpr).getAChildExpr() instanceof MethodCall ) and // Avoid duplicate results from Kotlin member accesses. - not this.asExpr() instanceof PrivateGetterMethodAccess + not this.asExpr() instanceof PrivateGetterMethodCall } } @@ -53,7 +53,7 @@ class WebViewSource extends DataFlow::Node { */ class WebSettingsDisallowContentAccessSink extends DataFlow::Node { WebSettingsDisallowContentAccessSink() { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getQualifier() = this.asExpr() and ma.getMethod() instanceof AllowContentAccessMethod and ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = false @@ -86,7 +86,7 @@ module WebViewDisallowContentAccessConfig implements DataFlow::StateConfigSig { state2 instanceof IsSettings and // settings = webView.getSettings() // ^node2 = ^node1 - exists(MethodAccess ma | + exists(MethodCall ma | ma = node2.asExpr() and ma.getQualifier() = node1.asExpr() and ma.getMethod() instanceof WebViewGetSettingsMethod @@ -105,7 +105,7 @@ module WebViewDisallowContentAccessFlow = from Expr e where // explicit: setAllowContentAccess(true) - exists(MethodAccess ma | + exists(MethodCall ma | ma = e and ma.getMethod() instanceof AllowContentAccessMethod and ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true diff --git a/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql b/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql index 86c4a24dd5ee..86a8038d5082 100644 --- a/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql +++ b/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql @@ -13,7 +13,7 @@ import java import semmle.code.java.frameworks.android.WebView -from MethodAccess ma +from MethodCall ma where ma.getMethod() instanceof CrossOriginAccessMethod and ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true diff --git a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql index 489de5a7ba4e..6efb7e9104c6 100644 --- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql @@ -24,18 +24,16 @@ import semmle.code.java.security.TempDirLocalInformationDisclosureQuery * We achieve this by making inherently-insecure method invocations into an edge-less graph, * resulting in a zero-length paths. */ -module InsecureMethodPathGraph implements DataFlow::PathGraphSig { - predicate edges(MethodAccessInsecureFileCreation n1, MethodAccessInsecureFileCreation n2) { - none() - } +module InsecureMethodPathGraph implements DataFlow::PathGraphSig { + predicate edges(MethodCallInsecureFileCreation n1, MethodCallInsecureFileCreation n2) { none() } - predicate nodes(MethodAccessInsecureFileCreation n, string key, string val) { + predicate nodes(MethodCallInsecureFileCreation n, string key, string val) { key = "semmle.label" and val = n.toString() } predicate subpaths( - MethodAccessInsecureFileCreation n1, MethodAccessInsecureFileCreation n2, - MethodAccessInsecureFileCreation n3, MethodAccessInsecureFileCreation n4 + MethodCallInsecureFileCreation n1, MethodCallInsecureFileCreation n2, + MethodCallInsecureFileCreation n3, MethodCallInsecureFileCreation n4 ) { none() } @@ -43,7 +41,7 @@ module InsecureMethodPathGraph implements DataFlow::PathGraphSig; import Flow::PathGraph diff --git a/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql b/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql index d19bbeda9ef9..d4fe25d0f40b 100644 --- a/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql +++ b/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql @@ -15,7 +15,7 @@ import java import semmle.code.java.security.Mail -from MethodAccess ma +from MethodCall ma where ma.getMethod() instanceof MailSessionGetInstanceMethod and isInsecureMailPropertyConfig(ma.getArgument(0).(VarAccess).getVariable()) diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql index e428566cbaa3..759060257863 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql @@ -15,7 +15,7 @@ import java import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery -from SensitiveSource data, LocalDatabaseOpenMethodAccess s, Expr input, Expr store +from SensitiveSource data, LocalDatabaseOpenMethodCall s, Expr input, Expr store where input = s.getAnInput() and store = s.getAStore() and diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql index af188931be77..e872c2c100db 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql @@ -15,7 +15,7 @@ import java import semmle.code.java.security.CleartextStorageSharedPrefsQuery -from SensitiveSource data, SharedPreferencesEditorMethodAccess s, Expr input, Expr store +from SensitiveSource data, SharedPreferencesEditorMethodCall s, Expr input, Expr store where input = s.getAnInput() and store = s.getAStore() and diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSL.ql b/java/ql/src/Security/CWE/CWE-319/UseSSL.ql index e9bf5ed0ed2b..6e00e3d7f113 100644 --- a/java/ql/src/Security/CWE/CWE-319/UseSSL.ql +++ b/java/ql/src/Security/CWE/CWE-319/UseSSL.ql @@ -25,7 +25,7 @@ class Socket extends RefType { Socket() { this.getAnAncestor().hasQualifiedName("java.net", "Socket") } } -from MethodAccess m, Class c, string type +from MethodCall m, Class c, string type where m.getQualifier().getType() = c and ( diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql index abf68b465fe5..1ea08ca73194 100644 --- a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql +++ b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql @@ -56,7 +56,7 @@ predicate methodInfo(Method m, RefType t, string name) { m.getName() = name } -predicate query(MethodAccess m, Method def, int paramNo, string message, Element evidence) { +predicate query(MethodCall m, Method def, int paramNo, string message, Element evidence) { m.getMethod() = def and // Using a networking method. def.getDeclaringType() instanceof NetworkClass and @@ -76,6 +76,6 @@ predicate query(MethodAccess m, Method def, int paramNo, string message, Element ) } -from MethodAccess m, Method def, int param, string message, Element evidence +from MethodCall m, Method def, int param, string message, Element evidence where query(m, def, param, message, evidence) select m, "Method " + message + ": use an SSL factory." diff --git a/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql b/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql index 1941b8fd10ce..be16829fcc30 100644 --- a/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +++ b/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql @@ -14,7 +14,7 @@ import java import semmle.code.java.security.RandomQuery -from GetRandomData da, RValue use, PredictableSeedExpr source +from GetRandomData da, VarRead use, PredictableSeedExpr source where da.getQualifier() = use and unsafelySeeded(use, source) diff --git a/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql b/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql index de7a5743a56b..c51e5d4acc57 100644 --- a/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +++ b/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql @@ -21,8 +21,8 @@ private class PredictableApacheRandomStringUtilsMethod extends Method { } } -private class PredictableApacheRandomStringUtilsMethodAccess extends MethodAccess { - PredictableApacheRandomStringUtilsMethodAccess() { +private class PredictableApacheRandomStringUtilsMethodCall extends MethodCall { + PredictableApacheRandomStringUtilsMethodCall() { this.getMethod() instanceof PredictableApacheRandomStringUtilsMethod } } @@ -41,7 +41,7 @@ private class VulnerableJHipsterRandomUtilMethod extends Method { this.getReturnType() instanceof TypeString and exists(ReturnStmt s | s = this.getBody().(SingletonBlock).getStmt() and - s.getResult() instanceof PredictableApacheRandomStringUtilsMethodAccess + s.getResult() instanceof PredictableApacheRandomStringUtilsMethodCall ) } } diff --git a/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql b/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql index 2ce5d5797ba6..dfb6fbbd5956 100644 --- a/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +++ b/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql @@ -14,6 +14,6 @@ import java import semmle.code.java.security.SpringCsrfProtection -from MethodAccess call +from MethodCall call where disablesSpringCsrfProtection(call) select call, "CSRF vulnerability due to protection being disabled." diff --git a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql index 55dcaeb2de49..ca2c948867f8 100644 --- a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +++ b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql @@ -28,7 +28,7 @@ predicate commonSynchronization(Expr e1, Expr e2, Variable monitor) { /** * Holds if `m` is a call to a synchronized method on `receiver`. */ -predicate synchCallOn(MethodAccess m, Variable receiver) { +predicate synchCallOn(MethodCall m, Variable receiver) { m.getCallee() instanceof SynchronizedCallable and m.getQualifier() = receiver.getAnAccess() } @@ -98,7 +98,7 @@ predicate probablyNeverEscapes(LocalVariableDecl v) { } // Loop conditions tend to be uninteresting, so are not included. -from IfStmt check, MethodAccess call1, MethodAccess call2, Variable r +from IfStmt check, MethodCall call1, MethodCall call2, Variable r where check.getCondition().getAChildExpr*() = call1 and // This can happen if there are loops, etc. diff --git a/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql b/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql index c8515f2b0850..6e6e885c812a 100644 --- a/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql +++ b/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql @@ -53,7 +53,7 @@ predicate controlledByAuth(Expr controlled, Expr condition) { exists(ConditionBlock b | condition = b.getCondition() and b.controls(controlled.getBasicBlock(), _) and - condition.(MethodAccess).getMethod() instanceof AuthMethod + condition.(MethodCall).getMethod() instanceof AuthMethod ) } @@ -71,7 +71,7 @@ predicate controlledByAuth(Expr controlled, Expr condition) { * no idea which ones were meant to be secure. */ -from MethodAccess connection, Expr condition +from MethodCall connection, Expr condition where connection.getMethod() instanceof ConnectionMethod and controlledByAuth(connection, condition) diff --git a/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql b/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql index 1c5660653a60..a5ebd206752b 100644 --- a/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +++ b/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql @@ -17,5 +17,5 @@ import UnsafeDeserializationFlow::PathGraph from UnsafeDeserializationFlow::PathNode source, UnsafeDeserializationFlow::PathNode sink where UnsafeDeserializationFlow::flowPath(source, sink) -select sink.getNode().(UnsafeDeserializationSink).getMethodAccess(), source, sink, +select sink.getNode().(UnsafeDeserializationSink).getMethodCall(), source, sink, "Unsafe deserialization depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql index 5933bb94fc21..b8d64d22e295 100644 --- a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +++ b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql @@ -15,7 +15,7 @@ import java import semmle.code.java.frameworks.Servlets import semmle.code.java.security.InsecureCookieQuery -from MethodAccess add +from MethodCall add where add.getMethod() instanceof ResponseAddCookieMethod and not SecureCookieFlow::flowToExpr(add.getArgument(0)) diff --git a/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql b/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql index 662e2c487ab7..0387a16eff68 100644 --- a/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +++ b/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql @@ -15,7 +15,7 @@ import java predicate dangerousMethod(string descriptor) { descriptor = "java.lang.Thread.stop" } -from MethodAccess call, Method target, string descriptor +from MethodCall call, Method target, string descriptor where call.getCallee() = target and descriptor = target.getDeclaringType().getQualifiedName() + "." + target.getName() and diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql index 4a21fcc5e928..85cf2d809099 100644 --- a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql +++ b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql @@ -13,6 +13,6 @@ import java import semmle.code.java.security.HardcodedCredentialsComparison -from EqualsAccess sink, HardcodedExpr source, PasswordVariable p +from EqualsCall sink, HardcodedExpr source, PasswordVariable p where isHardcodedCredentialsComparison(sink, source, p) select source, "Hard-coded value is $@ with password variable $@.", sink, "compared", p, p.getName() diff --git a/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql b/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql index d012ae33810c..2715ec830d5f 100644 --- a/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +++ b/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql @@ -18,8 +18,7 @@ import semmle.code.java.security.ConditionalBypassQuery import ConditionalBypassFlow::PathGraph from - ConditionalBypassFlow::PathNode source, ConditionalBypassFlow::PathNode sink, MethodAccess m, - Expr e + ConditionalBypassFlow::PathNode source, ConditionalBypassFlow::PathNode sink, MethodCall m, Expr e where conditionControlsMethod(m, e) and sink.getNode().asExpr() = e and diff --git a/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql b/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql index 7d8ad35c4d14..4e9857f3b938 100644 --- a/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql +++ b/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql @@ -19,8 +19,8 @@ class LockVariable extends Variable { } /** An access to method `lock` on this variable. */ - MethodAccess getLockAction() { - exists(MethodAccess ma | ma.getQualifier() = this.getAnAccess() | + MethodCall getLockAction() { + exists(MethodCall ma | ma.getQualifier() = this.getAnAccess() | ma.getMethod().hasName("lock") and result = ma ) @@ -35,7 +35,7 @@ class Synched extends Top { exists(Method m | m.isSynchronized() and not m.isStatic() | m = this or - exists(MethodAccess ma, VarAccess qual | ma = this and qual = ma.getQualifier() | + exists(MethodCall ma, VarAccess qual | ma = this and qual = ma.getQualifier() | ma.getMethod() = m ) ) @@ -47,7 +47,7 @@ class Synched extends Top { or result = this.(SynchronizedStmt).getAChild+() or - exists(MethodAccess ma | ma = result | + exists(MethodCall ma | ma = result | ma.getEnclosingStmt().getEnclosingStmt*() = this or ma.getEnclosingCallable() = this ) } @@ -65,7 +65,7 @@ class Synched extends Top { */ RefType getLockType() { result = this.(Method).getDeclaringType().getSourceDeclaration() or - result = this.(MethodAccess).getMethod().getDeclaringType().getSourceDeclaration() + result = this.(MethodCall).getMethod().getDeclaringType().getSourceDeclaration() } } @@ -74,8 +74,8 @@ class Synched extends Top { * and then on another variable in `second`, but elsewhere, the lock order is reversed * by first obtaining a lock on the latter variable in `otherFirst`. */ -predicate badReentrantLockOrder(MethodAccess first, MethodAccess second, MethodAccess otherFirst) { - exists(LockVariable v1, LockVariable v2, MethodAccess otherSecond | +predicate badReentrantLockOrder(MethodCall first, MethodCall second, MethodCall otherFirst) { + exists(LockVariable v1, LockVariable v2, MethodCall otherSecond | first = v1.getLockAction() and otherSecond = v1.getLockAction() and second = v2.getLockAction() and @@ -113,7 +113,7 @@ predicate badSynchronizedStmtLockOrder(Expr outerExpr, Expr innerExpr, Expr othe * The method access `ma` to method `m` is qualified by an access to variable `vQual` * and has an access to variable `vArg` as the argument at index `i`. */ -predicate qualifiedMethodAccess(MethodAccess ma, Method m, Variable vQual, int i, Variable vArg) { +predicate qualifiedMethodCall(MethodCall ma, Method m, Variable vQual, int i, Variable vArg) { ma.getMethod() = m and ma.getQualifier().(VarAccess).getVariable() = vQual and ma.getArgument(i).(VarAccess).getVariable() = vArg @@ -123,7 +123,7 @@ predicate qualifiedMethodAccess(MethodAccess ma, Method m, Variable vQual, int i * Holds if the specified method accesses occur on different branches of the same conditional statement * inside an unsynchronized method. */ -predicate inDifferentBranches(MethodAccess ma1, MethodAccess ma2) { +predicate inDifferentBranches(MethodCall ma1, MethodCall ma2) { exists(IfStmt cond | ma1.getEnclosingStmt() = cond.getThen().getAChild*() and ma2.getEnclosingStmt() = cond.getElse().getAChild*() and @@ -132,7 +132,7 @@ predicate inDifferentBranches(MethodAccess ma1, MethodAccess ma2) { } /** The method access `ma` occurs in method `runnable`, which is an implementation of `Runnable.run()`. */ -predicate inRunnable(MethodAccess ma, Method runnable) { +predicate inRunnable(MethodCall ma, Method runnable) { runnable.getName() = "run" and runnable.getDeclaringType().getAStrictAncestor().hasQualifiedName("java.lang", "Runnable") and ma.getEnclosingCallable() = runnable @@ -142,7 +142,7 @@ predicate inRunnable(MethodAccess ma, Method runnable) { * Holds if the specified method accesses occur in different `Runnable.run()` methods, * indicating that they may be invoked by different threads. */ -predicate inDifferentRunnables(MethodAccess ma1, MethodAccess ma2) { +predicate inDifferentRunnables(MethodCall ma1, MethodCall ma2) { exists(Method runnable1, Method runnable2 | inRunnable(ma1, runnable1) and inRunnable(ma2, runnable2) and @@ -155,18 +155,16 @@ predicate inDifferentRunnables(MethodAccess ma1, MethodAccess ma2) { * in statement `inner` that is qualified by one of the parameters of `outer`, and there is * another access to `outer` that may cause locking to be performed in a different order. */ -predicate badMethodAccessLockOrder( - MethodAccess outerAccess, MethodAccess innerAccess, MethodAccess other -) { +predicate badMethodCallLockOrder(MethodCall outerAccess, MethodCall innerAccess, MethodCall other) { exists(Synched outer, Synched inner | inner = innerAccess and inner = outer.getInnerSynch() and inner.getLockType() = outer.getLockType() and exists(Parameter p, int i | outer.(Method).getAParameter() = p and p.getPosition() = i | - inner.(MethodAccess).getQualifier().(VarAccess).getVariable() = p and - exists(MethodAccess ma1, MethodAccess ma2, Variable v1, Variable v2 | - qualifiedMethodAccess(ma1, outer, v1, i, v2) and - qualifiedMethodAccess(ma2, outer, v2, i, v1) and + inner.(MethodCall).getQualifier().(VarAccess).getVariable() = p and + exists(MethodCall ma1, MethodCall ma2, Variable v1, Variable v2 | + qualifiedMethodCall(ma1, outer, v1, i, v2) and + qualifiedMethodCall(ma2, outer, v2, i, v1) and v1 != v2 and ( inDifferentBranches(ma1, ma2) or @@ -183,7 +181,7 @@ from Expr first, Expr second, Expr other where badReentrantLockOrder(first, second, other) or badSynchronizedStmtLockOrder(first, second, other) or - badMethodAccessLockOrder(first, second, other) + badMethodCallLockOrder(first, second, other) select first, "Synchronization here and $@ may be performed in reverse order starting $@ and result in deadlock.", second, "here", other, "here" diff --git a/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql b/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql index 6ef404d0af4a..33c16eb598cd 100644 --- a/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql +++ b/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql @@ -26,7 +26,7 @@ class LocalBoxedVar extends LocalVariableDecl { * some number of boxing operations, these cases are excluded. */ predicate notDeliberatelyBoxed(LocalBoxedVar v) { - not forall(RValue a | a = v.getAnAccess() | + not forall(VarRead a | a = v.getAnAccess() | exists(Call c, int i | c.getCallee().getParameterType(i) instanceof RefType and c.getArgument(i) = a diff --git a/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql b/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql index 50a778cbaff5..a2b6afbbeee0 100644 --- a/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql +++ b/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql @@ -42,15 +42,15 @@ class ZipOutputStream extends Class { } from - ZipOutputStream jos, MethodAccess putNextEntry, MethodAccess closeEntry, RValue putNextQualifier, - RValue closeQualifier + ZipOutputStream jos, MethodCall putNextEntry, MethodCall closeEntry, VarRead putNextQualifier, + VarRead closeQualifier where putNextEntry.getMethod() = jos.putNextEntry() and closeEntry.getMethod() = jos.closeEntry() and putNextQualifier = putNextEntry.getQualifier() and closeQualifier = closeEntry.getQualifier() and adjacentUseUseSameVar(putNextQualifier, closeQualifier) and - not exists(RValue other | + not exists(VarRead other | adjacentUseUseSameVar(other, closeQualifier) and other != putNextQualifier ) diff --git a/java/ql/src/Violations of Best Practice/Dead Code/DeadLocals.qll b/java/ql/src/Violations of Best Practice/Dead Code/DeadLocals.qll index 8837b207e20e..39719f3524d4 100644 --- a/java/ql/src/Violations of Best Practice/Dead Code/DeadLocals.qll +++ b/java/ql/src/Violations of Best Practice/Dead Code/DeadLocals.qll @@ -58,7 +58,7 @@ predicate overwritten(SsaExplicitUpdate ssa) { * A local variable with a read access. */ predicate read(LocalScopeVariable v) { - exists(VarAccess va | va = v.getAnAccess() | va.isRValue()) + exists(VarAccess va | va = v.getAnAccess() | va.isVarRead()) or readImplicitly(_, v) } @@ -72,7 +72,7 @@ private predicate readImplicitly(SsaExplicitUpdate ssa, LocalScopeVariable v) { * A local variable with a write access. */ predicate assigned(LocalScopeVariable v) { - exists(VarAccess va | va = v.getAnAccess() | va.isLValue()) + exists(VarAccess va | va = v.getAnAccess() | va.isVarWrite()) } /** @@ -91,9 +91,7 @@ predicate exprHasNoEffect(Expr e) { constructorHasEffect(c) ) or - exists(MethodAccess ma, Method m | - bad = ma and m = ma.getMethod().getAPossibleImplementation() - | + exists(MethodCall ma, Method m | bad = ma and m = ma.getMethod().getAPossibleImplementation() | methodHasEffect(m) or not m.fromSource() ) ) @@ -107,7 +105,7 @@ private predicate inInitializer(Expr e) { private predicate constructorHasEffect(Constructor c) { // Only assign fields of the class - do not call methods, // create new objects or assign any other variables. - exists(MethodAccess ma | ma.getEnclosingCallable() = c) + exists(MethodCall ma | ma.getEnclosingCallable() = c) or exists(ClassInstanceExpr cie | cie.getEnclosingCallable() = c) or @@ -120,7 +118,7 @@ private predicate constructorHasEffect(Constructor c) { } private predicate methodHasEffect(Method m) { - exists(MethodAccess ma | ma.getEnclosingCallable() = m) or + exists(MethodCall ma | ma.getEnclosingCallable() = m) or exists(Assignment a | a.getEnclosingCallable() = m) or exists(ClassInstanceExpr cie | cie.getEnclosingCallable() = m) or exists(ThrowStmt throw | throw.getEnclosingCallable() = m) or diff --git a/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql b/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql index ba41a309a460..2c618f94aad3 100644 --- a/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql +++ b/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql @@ -27,7 +27,7 @@ predicate isClassOf(ParameterizedClass c, RefType t) { * Holds if field `f` is potentially accessed by an `AtomicReferenceFieldUpdater`. */ predicate subjectToAtomicReferenceFieldUpdater(Field f) { - exists(Class arfu, Method newUpdater, MethodAccess c | + exists(Class arfu, Method newUpdater, MethodCall c | arfu.hasQualifiedName("java.util.concurrent.atomic", "AtomicReferenceFieldUpdater") and newUpdater = arfu.getAMethod() and newUpdater.hasName("newUpdater") and @@ -42,7 +42,7 @@ predicate subjectToAtomicReferenceFieldUpdater(Field f) { * Holds if `f` is ever looked up reflectively. */ predicate lookedUpReflectively(Field f) { - exists(MethodAccess getDeclaredField | + exists(MethodCall getDeclaredField | isClassOf(getDeclaredField.getQualifier().getType(), f.getDeclaringType()) and getDeclaredField.getMethod().hasName("getDeclaredField") and getDeclaredField.getArgument(0).(StringLiteral).getValue() = f.getName() diff --git a/java/ql/src/Violations of Best Practice/Dead Code/PointlessForwardingMethod.ql b/java/ql/src/Violations of Best Practice/Dead Code/PointlessForwardingMethod.ql index 31e051cd77b3..a78abcc4a5d3 100644 --- a/java/ql/src/Violations of Best Practice/Dead Code/PointlessForwardingMethod.ql +++ b/java/ql/src/Violations of Best Practice/Dead Code/PointlessForwardingMethod.ql @@ -19,8 +19,8 @@ Method forwarderCandidate(Method forwardee) { result != forwardee and result.getName() = forwardee.getName() and result.getDeclaringType() = forwardee.getDeclaringType() and - forex(MethodAccess c | c.getMethod() = forwardee | c.getCaller() = result) and - forall(MethodAccess c | c.getCaller() = result | c.getMethod() = forwardee) + forex(MethodCall c | c.getMethod() = forwardee | c.getCaller() = result) and + forall(MethodCall c | c.getCaller() = result | c.getMethod() = forwardee) } from Method forwarder, Method forwardee @@ -29,10 +29,10 @@ where // Exclusions not ignored(forwarder) and not ignored(forwardee) and - not exists(VirtualMethodAccess c | + not exists(VirtualMethodCall c | c.getMethod() = forwardee and c.getCaller() = forwarder and - c.(MethodAccess).hasQualifier() + c.(MethodCall).hasQualifier() ) select forwarder.getSourceDeclaration(), "This method is a forwarder for $@, which is not called independently - the methods can be merged.", diff --git a/java/ql/src/Violations of Best Practice/Exception Handling/ExceptionCatch.ql b/java/ql/src/Violations of Best Practice/Exception Handling/ExceptionCatch.ql index 0340e63d74ca..e321e3c94226 100644 --- a/java/ql/src/Violations of Best Practice/Exception Handling/ExceptionCatch.ql +++ b/java/ql/src/Violations of Best Practice/Exception Handling/ExceptionCatch.ql @@ -21,7 +21,7 @@ private predicate relevantTypeNames(string typeName, string message) { } private Type getAThrownExceptionType(TryStmt t) { - exists(MethodAccess ma, Exception e | + exists(MethodCall ma, Exception e | t.getBlock() = ma.getEnclosingStmt().getEnclosingStmt*() and ma.getMethod().getAnException() = e and result = e.getType() diff --git a/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql b/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql index 5a03dafa6733..2e95c087ed54 100644 --- a/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql +++ b/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql @@ -43,7 +43,7 @@ predicate unboundedQueue(RefType t) { ) } -from MethodAccess ma, SpecialMethod m +from MethodCall ma, SpecialMethod m where ma instanceof ValueDiscardingExpr and m = ma.getMethod() and diff --git a/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql b/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql index 2889de0b5cf6..98c1e1a2fbea 100644 --- a/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql +++ b/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql @@ -71,7 +71,7 @@ predicate mayWriteToArray(Expr modified) { or // return __array__; ... method()[1] = 0 exists(ReturnStmt rs | modified = rs.getResult() and relevantType(modified.getType()) | - exists(Callable enclosing, MethodAccess ma | + exists(Callable enclosing, MethodCall ma | enclosing = rs.getEnclosingCallable() and ma.getMethod().getSourceDeclaration() = enclosing | mayWriteToArray(ma) @@ -84,7 +84,7 @@ predicate writesToArray(Expr array) { ( exists(Assignment a, ArrayAccess access | a.getDest() = access | access.getArray() = array) or - exists(MethodAccess ma | ma.getQualifier() = array | modifyMethod(ma.getMethod())) + exists(MethodCall ma | ma.getQualifier() = array | modifyMethod(ma.getMethod())) ) } @@ -99,7 +99,7 @@ VarAccess varPassedInto(Callable c, int i) { predicate exposesByReturn(Callable c, Field f, Expr why, string whyText) { returnsArray(c, f) and - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().getSourceDeclaration() = c and ma.getCompilationUnit() != c.getCompilationUnit() | mayWriteToArray(ma) and diff --git a/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql b/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql index 21b5a73a3a4d..7f52c495835e 100644 --- a/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql +++ b/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql @@ -12,7 +12,7 @@ import java -from Class c, MethodAccess getResource, MethodAccess getClass +from Class c, MethodCall getResource, MethodCall getClass where getResource.getNumArgument() = 1 and ( @@ -20,7 +20,7 @@ where getResource.getMethod().hasName("getResourceAsStream") ) and getResource.getQualifier() = getClass and - getClass.isOwnMethodAccess() and + getClass.isOwnMethodCall() and getClass.getNumArgument() = 0 and getClass.getMethod().hasName("getClass") and getResource.getEnclosingCallable().getDeclaringType() = c and diff --git a/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstants.qll b/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstants.qll index 5fc7e9069cd8..dc5b4eada8d9 100644 --- a/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstants.qll +++ b/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstants.qll @@ -97,7 +97,7 @@ private predicate nonTrivialValue(string value, Literal literal, string context) not literalIsConstantInitializer(literal, _) and not literal.getParent*() instanceof ArrayInit and not literal.getParent+() instanceof Annotation and - exists(MethodAccess ma | literal = ma.getAnArgument() and ma.getMethod().getName() = context) + exists(MethodCall ma | literal = ma.getAnArgument() and ma.getMethod().getName() = context) } private predicate valueOccurrenceCount(string value, int n, string context) { @@ -173,7 +173,7 @@ private predicate relevantType(RefType t, string value, Package p) { private predicate fieldUsedInContext(Field constField, string context) { literalIsConstantInitializer(_, constField) and - exists(MethodAccess ma | + exists(MethodCall ma | constField.getAnAccess() = ma.getAnArgument() and ma.getMethod().getName() = context ) @@ -282,5 +282,5 @@ private predicate excludedLiteral(Literal lit) { // Remove test cases lit.getEnclosingCallable().getDeclaringType() instanceof TestClass or - exists(MethodAccess ma | lit = ma.getAnArgument() | ma.getMethod() instanceof TestMethod) + exists(MethodCall ma | lit = ma.getAnArgument() | ma.getMethod() instanceof TestMethod) } diff --git a/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsString.ql b/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsString.ql index 66e75e7cc47c..c50057c111e9 100644 --- a/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsString.ql +++ b/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsString.ql @@ -37,13 +37,13 @@ predicate trivialContext(Literal e) { or e.getParent() instanceof AssignAddExpr or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().getName() = "append" and (e = ma.getAnArgument() or e = ma.getQualifier()) ) or // Standard property in a call to `System.getProperty()`. - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().getName() = "getProperty" and e = ma.getAnArgument() and ma.getMethod().getDeclaringType() instanceof TypeSystem and diff --git a/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql b/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql index f41611603036..a52a6d816880 100644 --- a/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql +++ b/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql @@ -23,7 +23,7 @@ RefType nestedSupertypePlus(RefType t) { * A call (without a qualifier) in a nested type * to an inherited method with the specified `signature`. */ -predicate callToInheritedMethod(RefType lexicalScope, MethodAccess ma, string signature) { +predicate callToInheritedMethod(RefType lexicalScope, MethodCall ma, string signature) { not ma.getMethod().isStatic() and not ma.hasQualifier() and ma.getEnclosingCallable().getDeclaringType() = lexicalScope and @@ -46,7 +46,7 @@ Method methodInEnclosingType(NestedType nested, string signature) { ) } -from MethodAccess ma, Method m, NestedType nt, string signature +from MethodCall ma, Method m, NestedType nt, string signature where callToInheritedMethod(nt, ma, signature) and m = methodInEnclosingType(nt, signature) and diff --git a/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql b/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql index f355cd5f2196..96188c534ffa 100644 --- a/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql +++ b/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql @@ -115,13 +115,13 @@ private predicate confusinglyOverloaded(Method m, Method n) { not exists(Method target | delegate*(m, target) and delegate*(n, target)) } -private predicate wrappedAccess(Expr e, MethodAccess ma) { +private predicate wrappedAccess(Expr e, MethodCall ma) { e = ma or wrappedAccess(e.(CastingExpr).getExpr(), ma) } private predicate delegate(Method caller, Method callee) { - exists(MethodAccess ma | ma.getMethod() = callee | + exists(MethodCall ma | ma.getMethod() = callee | exists(Stmt stmt | stmt = caller.getBody().(SingletonBlock).getStmt() | wrappedAccess(stmt.(ExprStmt).getExpr(), ma) or wrappedAccess(stmt.(ReturnStmt).getResult(), ma) diff --git a/java/ql/src/Violations of Best Practice/Naming Conventions/Shadowing.qll b/java/ql/src/Violations of Best Practice/Naming Conventions/Shadowing.qll index e58016bdff97..f37d7fdcab00 100644 --- a/java/ql/src/Violations of Best Practice/Naming Conventions/Shadowing.qll +++ b/java/ql/src/Violations of Best Practice/Naming Conventions/Shadowing.qll @@ -57,7 +57,7 @@ predicate assignmentToShadowingLocal(LocalVariableDecl d, Field f) { ff.getSourceDeclaration() = f ) or - exists(MethodAccess get, Method getter | get = assignedValue and getter = get.getMethod() | + exists(MethodCall get, Method getter | get = assignedValue and getter = get.getMethod() | getterFor(getter, f) ) ) @@ -66,7 +66,7 @@ predicate assignmentToShadowingLocal(LocalVariableDecl d, Field f) { predicate assignmentFromShadowingLocal(LocalVariableDecl d, Field f) { shadows(d, _, _, _) and exists(VarAccess access | access = d.getAnAccess() | - exists(MethodAccess set, Expr arg, Method setter | + exists(MethodCall set, Expr arg, Method setter | access = getARelevantChild(arg) and arg = set.getAnArgument() and setter = set.getMethod() and @@ -82,7 +82,7 @@ predicate assignmentFromShadowingLocal(LocalVariableDecl d, Field f) { } private Expr getARelevantChild(Expr parent) { - exists(MethodAccess ma | parent = ma.getAnArgument() and result = parent) + exists(MethodCall ma | parent = ma.getAnArgument() and result = parent) or exists(Variable v | parent = v.getAnAccess() and result = parent) or diff --git a/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql b/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql index 0ee14f58b701..c2ffe45b5209 100644 --- a/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql +++ b/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql @@ -13,7 +13,7 @@ import java -from MethodAccess ma, Method runfinalizers, Class c +from MethodCall ma, Method runfinalizers, Class c where ma.getMethod() = runfinalizers and runfinalizers.hasName("runFinalizersOnExit") and diff --git a/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql b/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql index c13956694056..9b1bcb9877cb 100644 --- a/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql +++ b/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql @@ -10,7 +10,7 @@ import java -from MethodAccess ma, ToStringMethod tostring +from MethodCall ma, ToStringMethod tostring where tostring.getDeclaringType() instanceof TypeString and ma.getMethod() = tostring diff --git a/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToSystemExit.ql b/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToSystemExit.ql index 387098d23b7c..93d7911694cf 100644 --- a/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToSystemExit.ql +++ b/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToSystemExit.ql @@ -13,7 +13,7 @@ import java -from Method m, MethodAccess sysexitCall, Method sysexit, Class system +from Method m, MethodCall sysexitCall, Method sysexit, Class system where sysexitCall = m.getACallSite(sysexit) and (sysexit.hasName("exit") or sysexit.hasName("halt")) and diff --git a/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql b/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql index b224744a7ad0..d404e4a929a4 100644 --- a/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql +++ b/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql @@ -14,7 +14,7 @@ import java import semmle.code.java.StringFormat predicate explicitToStringCall(Expr e) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod() instanceof ToStringMethod and e = ma.getQualifier() ) diff --git a/java/ql/src/Violations of Best Practice/Undesirable Calls/GarbageCollection.ql b/java/ql/src/Violations of Best Practice/Undesirable Calls/GarbageCollection.ql index f30dd30759fb..1067bdcb6dce 100644 --- a/java/ql/src/Violations of Best Practice/Undesirable Calls/GarbageCollection.ql +++ b/java/ql/src/Violations of Best Practice/Undesirable Calls/GarbageCollection.ql @@ -12,7 +12,7 @@ import java -from MethodAccess mc, Method m +from MethodCall mc, Method m where ( m.getDeclaringType().hasQualifiedName("java.lang", "Runtime") or diff --git a/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql b/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql index 3400110b3d6f..ebdf55761989 100644 --- a/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql +++ b/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql @@ -12,11 +12,11 @@ import java -from MethodAccess m +from MethodCall m where m.getMethod().hasName("next") and m.getMethod().getNumberOfParameters() = 0 and - m.isOwnMethodAccess() and + m.isOwnMethodCall() and exists(Interface i, Method hasNext | i.getSourceDeclaration().hasQualifiedName("java.util", "Iterator") and m.getEnclosingCallable() = hasNext and diff --git a/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql b/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql index a89b3b0cbea7..f356aa635d4a 100644 --- a/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql +++ b/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql @@ -16,7 +16,7 @@ import semmle.code.java.StringFormat * Holds if `e` is an argument of `Arrays.toString(..)`. */ predicate arraysToStringArgument(Expr e) { - exists(MethodAccess ma, Method m | + exists(MethodCall ma, Method m | ma.getAnArgument() = e and ma.getMethod() = m and m.getDeclaringType().hasQualifiedName("java.util", "Arrays") and diff --git a/java/ql/src/Violations of Best Practice/legacy/InexactVarArg.ql b/java/ql/src/Violations of Best Practice/legacy/InexactVarArg.ql index af5b80853636..bcd43d9e2aab 100644 --- a/java/ql/src/Violations of Best Practice/legacy/InexactVarArg.ql +++ b/java/ql/src/Violations of Best Practice/legacy/InexactVarArg.ql @@ -13,7 +13,7 @@ import java predicate varArgsMethod(Method method, Array varargsType, int arity) { - exists(MethodAccess access | + exists(MethodCall access | access.getMethod() = method and arity = method.getNumberOfParameters() and not access.getNumArgument() = arity and @@ -36,7 +36,7 @@ predicate equivalent(Array declared, Array used) { declared.getDimension() = used.getDimension() } -from Method target, MethodAccess access, Array declaredType, Array usedType, int params +from Method target, MethodCall access, Array declaredType, Array usedType, int params where varArgsMethod(target, declaredType, params) and target = access.getMethod() and diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll index b782642d89f2..195de7a1b8be 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll @@ -40,7 +40,7 @@ class TypeEndpointRequest extends Class { } /** A call to `EndpointRequest.toAnyEndpoint` method. */ -class ToAnyEndpointCall extends MethodAccess { +class ToAnyEndpointCall extends MethodCall { ToAnyEndpointCall() { this.getMethod().hasName("toAnyEndpoint") and this.getMethod().getDeclaringType() instanceof TypeEndpointRequest @@ -50,7 +50,7 @@ class ToAnyEndpointCall extends MethodAccess { /** * A call to `HttpSecurity.requestMatcher` method with argument `RequestMatcher.toAnyEndpoint()`. */ -class RequestMatcherCall extends MethodAccess { +class RequestMatcherCall extends MethodCall { RequestMatcherCall() { this.getMethod().hasName("requestMatcher") and this.getMethod().getDeclaringType() instanceof TypeHttpSecurity and @@ -62,7 +62,7 @@ class RequestMatcherCall extends MethodAccess { * A call to `HttpSecurity.requestMatchers` method with lambda argument * `RequestMatcher.toAnyEndpoint()`. */ -class RequestMatchersCall extends MethodAccess { +class RequestMatchersCall extends MethodCall { RequestMatchersCall() { this.getMethod().hasName("requestMatchers") and this.getMethod().getDeclaringType() instanceof TypeHttpSecurity and @@ -71,7 +71,7 @@ class RequestMatchersCall extends MethodAccess { } /** A call to `HttpSecurity.authorizeRequests` method. */ -class AuthorizeRequestsCall extends MethodAccess { +class AuthorizeRequestsCall extends MethodCall { AuthorizeRequestsCall() { this.getMethod().hasName("authorizeRequests") and this.getMethod().getDeclaringType() instanceof TypeHttpSecurity @@ -79,7 +79,7 @@ class AuthorizeRequestsCall extends MethodAccess { } /** A call to `AuthorizedUrl.permitAll` method. */ -class PermitAllCall extends MethodAccess { +class PermitAllCall extends MethodCall { PermitAllCall() { this.getMethod().hasName("permitAll") and this.getMethod().getDeclaringType() instanceof TypeAuthorizedUrl @@ -135,7 +135,7 @@ class PermitAllCall extends MethodAccess { } /** A call to `AbstractRequestMatcherRegistry.anyRequest` method. */ -class AnyRequestCall extends MethodAccess { +class AnyRequestCall extends MethodCall { AnyRequestCall() { this.getMethod().hasName("anyRequest") and this.getMethod().getDeclaringType() instanceof TypeAbstractRequestMatcherRegistry @@ -146,7 +146,7 @@ class AnyRequestCall extends MethodAccess { * A call to `AbstractRequestMatcherRegistry.requestMatchers` method with an argument * `RequestMatcher.toAnyEndpoint()`. */ -class RegistryRequestMatchersCall extends MethodAccess { +class RegistryRequestMatchersCall extends MethodCall { RegistryRequestMatchersCall() { this.getMethod().hasName("requestMatchers") and this.getMethod().getDeclaringType() instanceof TypeAbstractRequestMatcherRegistry and diff --git a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql index fedde6f21a0b..4b71c297c230 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql @@ -36,7 +36,7 @@ module RemoteUrlToOpenStreamFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess m | + exists(MethodCall m | sink.asExpr() = m.getQualifier() and m.getMethod() instanceof UrlOpenStreamMethod ) or @@ -55,7 +55,7 @@ module RemoteUrlToOpenStreamFlow = TaintTracking::Global; from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink where CodeInjectionFlow::flowPath(source, sink) -select sink.getNode().(CodeInjectionSink).getMethodAccess(), source, sink, "Jython evaluate $@.", +select sink.getNode().(CodeInjectionSink).getMethodCall(), source, sink, "Jython evaluate $@.", source.getNode(), "user input" diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql index 21e36bbdd00a..0792d8e498ae 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql @@ -75,7 +75,7 @@ class RhinoDefineClassMethod extends Method { * Holds if `ma` is a call to a `ScriptEngineMethod` and `sink` is an argument that * will be executed. */ -predicate isScriptArgument(MethodAccess ma, Expr sink) { +predicate isScriptArgument(MethodCall ma, Expr sink) { exists(ScriptEngineMethod m | m = ma.getMethod() and if m.getDeclaringType().getAnAncestor().hasQualifiedName("javax.script", "ScriptEngineFactory") @@ -87,14 +87,14 @@ predicate isScriptArgument(MethodAccess ma, Expr sink) { /** * Holds if a Rhino expression evaluation method is vulnerable to code injection. */ -predicate evaluatesRhinoExpression(MethodAccess ma, Expr sink) { +predicate evaluatesRhinoExpression(MethodCall ma, Expr sink) { exists(RhinoEvaluateExpressionMethod m | m = ma.getMethod() | ( if ma.getMethod().getName() = "compileReader" then sink = ma.getArgument(0) // The first argument is the input reader else sink = ma.getArgument(1) // The second argument is the JavaScript or Java input ) and - not exists(MethodAccess ca | + not exists(MethodCall ca | ca.getMethod().hasName(["initSafeStandardObjects", "setClassShutter"]) and // safe mode or `ClassShutter` constraint is enforced ma.getQualifier() = ca.getQualifier().(VarAccess).getVariable().getAnAccess() ) @@ -104,20 +104,20 @@ predicate evaluatesRhinoExpression(MethodAccess ma, Expr sink) { /** * Holds if a Rhino expression compilation method is vulnerable to code injection. */ -predicate compilesScript(MethodAccess ma, Expr sink) { +predicate compilesScript(MethodCall ma, Expr sink) { exists(RhinoCompileClassMethod m | m = ma.getMethod() | sink = ma.getArgument(0)) } /** * Holds if a Rhino class loading method is vulnerable to code injection. */ -predicate definesRhinoClass(MethodAccess ma, Expr sink) { +predicate definesRhinoClass(MethodCall ma, Expr sink) { exists(RhinoDefineClassMethod m | m = ma.getMethod() | sink = ma.getArgument(1)) } /** A script injection sink. */ class ScriptInjectionSink extends DataFlow::ExprNode { - MethodAccess methodAccess; + MethodCall methodAccess; ScriptInjectionSink() { isScriptArgument(methodAccess, this.getExpr()) or @@ -127,7 +127,7 @@ class ScriptInjectionSink extends DataFlow::ExprNode { } /** An access to the method associated with this sink. */ - MethodAccess getMethodAccess() { result = methodAccess } + MethodCall getMethodCall() { result = methodAccess } } /** @@ -144,5 +144,5 @@ module ScriptInjectionFlow = TaintTracking::Global; from ScriptInjectionFlow::PathNode source, ScriptInjectionFlow::PathNode sink where ScriptInjectionFlow::flowPath(source, sink) -select sink.getNode().(ScriptInjectionSink).getMethodAccess(), source, sink, +select sink.getNode().(ScriptInjectionSink).getMethodCall(), source, sink, "Java Script Engine evaluate $@.", source.getNode(), "user input" diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringFrameworkLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/SpringFrameworkLib.qll index 964d1dcf86e7..baf0fbd034a9 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringFrameworkLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringFrameworkLib.qll @@ -6,7 +6,7 @@ import semmle.code.java.dataflow.DataFlow */ class WebRequestSource extends DataFlow::Node { WebRequestSource() { - exists(MethodAccess ma, Method m | ma.getMethod() = m | + exists(MethodCall ma, Method m | ma.getMethod() = m | m.getDeclaringType() instanceof WebRequest and ( m.hasName("getHeader") or diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll index 943b946e95d4..310aafb30f5e 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll @@ -44,7 +44,7 @@ module SpringViewManipulationConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource or source instanceof WebRequestSource or - source.asExpr().(MethodAccess).getMethod() instanceof PortletRenderRequestMethod + source.asExpr().(MethodCall).getMethod() instanceof PortletRenderRequestMethod } predicate isSink(DataFlow::Node sink) { sink instanceof SpringViewManipulationSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql b/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql index 6a49279d3dc9..324566647951 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql @@ -51,8 +51,8 @@ class SensitiveCookieNameExpr extends Expr { } /** A method call that sets a `Set-Cookie` header. */ -class SetCookieMethodAccess extends MethodAccess { - SetCookieMethodAccess() { +class SetCookieMethodCall extends MethodCall { + SetCookieMethodCall() { ( this.getMethod() instanceof ResponseAddHeaderMethod or this.getMethod() instanceof ResponseSetHeaderMethod @@ -63,7 +63,7 @@ class SetCookieMethodAccess extends MethodAccess { /** * A taint configuration tracking flow from the text `httponly` to argument 1 of - * `SetCookieMethodAccess`. + * `SetCookieMethodCall`. */ module MatchesHttpOnlyConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { @@ -71,7 +71,7 @@ module MatchesHttpOnlyConfig implements DataFlow::ConfigSig { } predicate isSink(DataFlow::Node sink) { - sink.asExpr() = any(SetCookieMethodAccess ma).getArgument(1) + sink.asExpr() = any(SetCookieMethodCall ma).getArgument(1) } } @@ -91,26 +91,26 @@ predicate mayBeBooleanTrue(Expr expr) { } /** Holds if the method call may set the `HttpOnly` flag. */ -predicate setsCookieHttpOnly(MethodAccess ma) { +predicate setsCookieHttpOnly(MethodCall ma) { ma.getMethod().getName() = "setHttpOnly" and // any use of setHttpOnly(x) where x isn't false is probably safe mayBeBooleanTrue(ma.getArgument(0)) } /** Holds if `ma` removes a cookie. */ -predicate removesCookie(MethodAccess ma) { +predicate removesCookie(MethodCall ma) { ma.getMethod().getName() = "setMaxAge" and ma.getArgument(0).(IntegerLiteral).getIntValue() = 0 } /** - * Holds if the MethodAccess `ma` is a test method call indicated by: + * Holds if the MethodCall `ma` is a test method call indicated by: * a) in a test directory such as `src/test/java` * b) in a test package whose name has the word `test` * c) in a test class whose name has the word `test` * d) in a test class implementing a test framework such as JUnit or TestNG */ -predicate isTestMethod(MethodAccess ma) { +predicate isTestMethod(MethodCall ma) { exists(Method m | m = ma.getEnclosingCallable() and ( @@ -129,12 +129,12 @@ predicate isTestMethod(MethodAccess ma) { module SetHttpOnlyOrRemovesCookieConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() = - any(MethodAccess ma | setsCookieHttpOnly(ma) or removesCookie(ma)).getQualifier() + any(MethodCall ma | setsCookieHttpOnly(ma) or removesCookie(ma)).getQualifier() } predicate isSink(DataFlow::Node sink) { sink.asExpr() = - any(MethodAccess ma | ma.getMethod() instanceof ResponseAddCookieMethod).getArgument(0) + any(MethodCall ma | ma.getMethod() instanceof ResponseAddCookieMethod).getArgument(0) } } @@ -146,13 +146,13 @@ module SetHttpOnlyOrRemovesCookieFlow = TaintTracking::Global; /** A `GET_CONTENT` `Intent` instances that is passed to `startActivityForResult`. */ class AndroidFileIntentInput extends DataFlow::Node { - MethodAccess ma; + MethodCall ma; AndroidFileIntentInput() { this.asExpr() = ma.getArgument(0) and diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/AndroidWebResourceResponse.qll b/java/ql/src/experimental/Security/CWE/CWE-200/AndroidWebResourceResponse.qll index 05055bdfa845..0f9592321942 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-200/AndroidWebResourceResponse.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-200/AndroidWebResourceResponse.qll @@ -33,8 +33,8 @@ class ShouldInterceptRequestMethod extends Method { } /** A method call to `WebView.setWebViewClient`. */ -class SetWebViewClientMethodAccess extends MethodAccess { - SetWebViewClientMethodAccess() { +class SetWebViewClientMethodCall extends MethodCall { + SetWebViewClientMethodCall() { this.getMethod().hasName("setWebViewClient") and this.getMethod().getDeclaringType().getASupertype*() instanceof TypeWebView } @@ -66,7 +66,7 @@ private class FetchUrlStep extends AdditionalTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists( // webview.loadUrl(url) -> webview.setWebViewClient(new WebViewClient() { shouldInterceptRequest(view, url) }); - MethodAccess lma, ShouldInterceptRequestMethod im, SetWebViewClientMethodAccess sma + MethodCall lma, ShouldInterceptRequestMethod im, SetWebViewClientMethodCall sma | sma.getArgument(0).getType() = im.getDeclaringType().getASupertype*() and lma.getMethod() instanceof WebViewLoadUrlMethod and diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql b/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql index 0a71647a5bcd..106782187c50 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql @@ -17,10 +17,10 @@ import AndroidFileIntentSource import AndroidFileLeakFlow::PathGraph private predicate startsWithSanitizer(Guard g, Expr e, boolean branch) { - exists(MethodAccess ma | + exists(MethodCall ma | g = ma and ma.getMethod().hasName("startsWith") and - e = [ma.getQualifier(), ma.getQualifier().(MethodAccess).getQualifier()] and + e = [ma.getQualifier(), ma.getQualifier().(MethodCall).getQualifier()] and branch = false ) } @@ -51,7 +51,7 @@ module AndroidFileLeakConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof AndroidFileSink } predicate isAdditionalFlowStep(DataFlow::Node prev, DataFlow::Node succ) { - exists(MethodAccess aema, AsyncTaskRunInBackgroundMethod arm | + exists(MethodCall aema, AsyncTaskRunInBackgroundMethod arm | // fileAsyncTask.execute(params) will invoke doInBackground(params) of FileAsyncTask aema.getQualifier().getType() = arm.getDeclaringType() and aema.getMethod() instanceof ExecuteAsyncTaskMethod and @@ -59,7 +59,7 @@ module AndroidFileLeakConfig implements DataFlow::ConfigSig { succ.asParameter() = arm.getParameter(0) ) or - exists(MethodAccess csma, ServiceOnStartCommandMethod ssm, ClassInstanceExpr ce | + exists(MethodCall csma, ServiceOnStartCommandMethod ssm, ClassInstanceExpr ce | // An intent passed to startService will later be passed to the onStartCommand event of the corresponding service csma.getMethod() instanceof ContextStartServiceMethod and ce.getConstructedType() instanceof TypeIntent and // Intent intent = new Intent(context, FileUploader.class); diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll b/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll index 194ae34b792f..e865e18ecaa6 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll @@ -7,7 +7,7 @@ import semmle.code.java.dataflow.TaintTracking import semmle.code.java.dataflow.FlowSources /** A method call that produces cryptographic result. */ -abstract private class ProduceCryptoCall extends MethodAccess { +abstract private class ProduceCryptoCall extends MethodCall { Expr output; /** Gets the result of cryptographic operation. */ @@ -51,7 +51,7 @@ private class ProduceSignatureCall extends ProduceCryptoCall { */ private module InitializeEncryptorConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasQualifiedName("javax.crypto", "Cipher", "init") and ma.getArgument(0).(VarAccess).getVariable().hasName("ENCRYPT_MODE") and ma.getQualifier() = source.asExpr() @@ -59,7 +59,7 @@ private module InitializeEncryptorConfig implements DataFlow::ConfigSig { } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasQualifiedName("javax.crypto", "Cipher", "doFinal") and ma.getQualifier() = sink.asExpr() ) @@ -96,7 +96,7 @@ private class ProduceCiphertextCall extends ProduceCryptoCall { /** Holds if `fromNode` to `toNode` is a dataflow step that updates a cryptographic operation. */ private predicate updateCryptoOperationStep(DataFlow2::Node fromNode, DataFlow2::Node toNode) { - exists(MethodAccess call, Method m | + exists(MethodCall call, Method m | m = call.getMethod() and call.getQualifier() = toNode.asExpr() and call.getArgument(0) = fromNode.asExpr() @@ -112,21 +112,21 @@ private predicate updateCryptoOperationStep(DataFlow2::Node fromNode, DataFlow2: /** Holds if `fromNode` to `toNode` is a dataflow step that creates a hash. */ private predicate createMessageDigestStep(DataFlow2::Node fromNode, DataFlow2::Node toNode) { - exists(MethodAccess ma, Method m | m = ma.getMethod() | + exists(MethodCall ma, Method m | m = ma.getMethod() | m.getDeclaringType().hasQualifiedName("java.security", "MessageDigest") and m.hasStringSignature("digest()") and ma.getQualifier() = fromNode.asExpr() and ma = toNode.asExpr() ) or - exists(MethodAccess ma, Method m | m = ma.getMethod() | + exists(MethodCall ma, Method m | m = ma.getMethod() | m.getDeclaringType().hasQualifiedName("java.security", "MessageDigest") and m.hasStringSignature("digest(byte[], int, int)") and ma.getQualifier() = fromNode.asExpr() and ma.getArgument(0) = toNode.asExpr() ) or - exists(MethodAccess ma, Method m | m = ma.getMethod() | + exists(MethodCall ma, Method m | m = ma.getMethod() | m.getDeclaringType().hasQualifiedName("java.security", "MessageDigest") and m.hasStringSignature("digest(byte[])") and ma.getArgument(0) = fromNode.asExpr() and @@ -136,7 +136,7 @@ private predicate createMessageDigestStep(DataFlow2::Node fromNode, DataFlow2::N /** Holds if `fromNode` to `toNode` is a dataflow step that updates a hash. */ private predicate updateMessageDigestStep(DataFlow2::Node fromNode, DataFlow2::Node toNode) { - exists(MethodAccess ma, Method m | m = ma.getMethod() | + exists(MethodCall ma, Method m | m = ma.getMethod() | m.hasQualifiedName("java.security", "MessageDigest", "update") and ma.getArgument(0) = fromNode.asExpr() and ma.getQualifier() = toNode.asExpr() @@ -190,7 +190,7 @@ class CryptoOperationSource extends DataFlow::Node { } /** Methods that use a non-constant-time algorithm for comparing inputs. */ -private class NonConstantTimeEqualsCall extends MethodAccess { +private class NonConstantTimeEqualsCall extends MethodCall { NonConstantTimeEqualsCall() { this.getMethod() .hasQualifiedName("java.lang", "String", ["equals", "contentEquals", "equalsIgnoreCase"]) or @@ -199,7 +199,7 @@ private class NonConstantTimeEqualsCall extends MethodAccess { } /** A static method that uses a non-constant-time algorithm for comparing inputs. */ -private class NonConstantTimeComparisonCall extends StaticMethodAccess { +private class NonConstantTimeComparisonCall extends StaticMethodCall { NonConstantTimeComparisonCall() { this.getMethod().hasQualifiedName("java.util", "Arrays", ["equals", "deepEquals"]) or this.getMethod().hasQualifiedName("java.util", "Objects", "deepEquals") or diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql index 452eefab7906..05b91bf7f9d1 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql @@ -17,7 +17,7 @@ import semmle.code.java.dataflow.TaintTracking import NonConstantTimeComparisonFlow::PathGraph /** A static method that uses a non-constant-time algorithm for comparing inputs. */ -private class NonConstantTimeComparisonCall extends StaticMethodAccess { +private class NonConstantTimeComparisonCall extends StaticMethodCall { NonConstantTimeComparisonCall() { this.getMethod() .hasQualifiedName("org.apache.commons.lang3", "StringUtils", @@ -26,7 +26,7 @@ private class NonConstantTimeComparisonCall extends StaticMethodAccess { } /** Methods that use a non-constant-time algorithm for comparing inputs. */ -private class NonConstantTimeEqualsCall extends MethodAccess { +private class NonConstantTimeEqualsCall extends MethodCall { NonConstantTimeEqualsCall() { this.getMethod() .hasQualifiedName("java.lang", "String", ["equals", "contentEquals", "equalsIgnoreCase"]) @@ -43,7 +43,7 @@ private predicate isNonConstantComparisonCallArgument(Expr p) { class ClientSuppliedIpTokenCheck extends DataFlow::Node { ClientSuppliedIpTokenCheck() { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasName("getHeader") and ma.getArgument(0).(CompileTimeConstantExpr).getStringValue().toLowerCase() in [ "x-auth-token", "x-csrf-token", "http_x_csrf_token", "x-csrf-param", "x-csrf-header", diff --git a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql index a77c7900915d..e8a127b64d5b 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql @@ -74,7 +74,7 @@ private module JxBrowserFlowConfig implements DataFlow::ConfigSig { } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | ma.getMethod() instanceof JxBrowserSetLoadHandler | + exists(MethodCall ma | ma.getMethod() instanceof JxBrowserSetLoadHandler | ma.getArgument(0).getType() instanceof JxBrowserSafeLoadHandler and ma.getQualifier() = sink.asExpr() ) diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql b/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql index 2a60ce988fc5..9ae5d439743f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql @@ -15,7 +15,7 @@ import java import semmle.code.java.security.Encryption /** A `HostnameVerifier.verify()` call that is not wrapped in another `HostnameVerifier`. */ -private class HostnameVerificationCall extends MethodAccess { +private class HostnameVerificationCall extends MethodCall { HostnameVerificationCall() { this.getMethod() instanceof HostnameVerifierVerify and not this.getCaller() instanceof HostnameVerifierVerify diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql index bba8213cf0a3..0004f691c6c6 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql @@ -67,7 +67,7 @@ predicate isBooleanTrue(Expr expr) { or expr.(BooleanLiteral).getBooleanValue() = true // true or - exists(MethodAccess ma | + exists(MethodCall ma | expr = ma and ma.getMethod() instanceof ToStringMethod and ma.getQualifier().(FieldAccess).getField().hasName("TRUE") and @@ -80,22 +80,22 @@ predicate isBooleanTrue(Expr expr) { } /** Holds if `ma` is in a test class or method. */ -predicate isTestMethod(MethodAccess ma) { +predicate isTestMethod(MethodCall ma) { ma.getEnclosingCallable() instanceof TestMethod or ma.getEnclosingCallable().getDeclaringType() instanceof TestClass or ma.getEnclosingCallable().getDeclaringType().getPackage().getName().matches("%test%") or ma.getEnclosingCallable().getDeclaringType().getName().toLowerCase().matches("%test%") } -/** Holds if `MethodAccess` ma disables SSL endpoint check. */ -predicate isInsecureSslEndpoint(MethodAccess ma) { +/** Holds if `MethodCall` ma disables SSL endpoint check. */ +predicate isInsecureSslEndpoint(MethodCall ma) { ( ma.getMethod() instanceof SetSystemPropertyMethod and isPropertyDisableLdapEndpointId(ma.getArgument(0)) and isBooleanTrue(ma.getArgument(1)) //com.sun.jndi.ldap.object.disableEndpointIdentification=true or ma.getMethod() instanceof SetSystemPropertiesMethod and - exists(MethodAccess ma2 | + exists(MethodCall ma2 | ma2.getMethod() instanceof SetPropertyMethod and isPropertyDisableLdapEndpointId(ma2.getArgument(0)) and isBooleanTrue(ma2.getArgument(1)) and //com.sun.jndi.ldap.object.disableEndpointIdentification=true @@ -104,7 +104,7 @@ predicate isInsecureSslEndpoint(MethodAccess ma) { ) } -from MethodAccess ma +from MethodCall ma where isInsecureSslEndpoint(ma) and not isTestMethod(ma) diff --git a/java/ql/src/experimental/Security/CWE/CWE-299/RevocationCheckingLib.qll b/java/ql/src/experimental/Security/CWE/CWE-299/RevocationCheckingLib.qll index ceed388b8061..50dc249a9eac 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-299/RevocationCheckingLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-299/RevocationCheckingLib.qll @@ -22,10 +22,10 @@ module DisabledRevocationCheckingFlow = TaintTracking::Global; */ class SslContextGetInstanceSink extends DataFlow::ExprNode { SslContextGetInstanceSink() { - exists(StaticMethodAccess ma, Method m | m = ma.getMethod() | + exists(StaticMethodCall ma, Method m | m = ma.getMethod() | m.getDeclaringType() instanceof SslContext and m.hasName("getInstance") and ma.getArgument(0) = this.asExpr() @@ -50,7 +50,7 @@ class CreateSslParametersSink extends DataFlow::ExprNode { */ class SslParametersSetProtocolsSink extends DataFlow::ExprNode { SslParametersSetProtocolsSink() { - exists(MethodAccess ma, Method m | m = ma.getMethod() | + exists(MethodCall ma, Method m | m = ma.getMethod() | m.getDeclaringType() instanceof SslParameters and m.hasName("setProtocols") and ma.getArgument(0) = this.asExpr() @@ -64,7 +64,7 @@ class SslParametersSetProtocolsSink extends DataFlow::ExprNode { */ class SetEnabledProtocolsSink extends DataFlow::ExprNode { SetEnabledProtocolsSink() { - exists(MethodAccess ma, Method m, RefType type | + exists(MethodCall ma, Method m, RefType type | m = ma.getMethod() and type = m.getDeclaringType() | ( diff --git a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql index f9a86e1c5f4e..9d47e177a271 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql @@ -19,7 +19,7 @@ import CorsOriginFlow::PathGraph /** * Holds if `header` sets `Access-Control-Allow-Credentials` to `true`. This ensures fair chances of exploitability. */ -private predicate setsAllowCredentials(MethodAccess header) { +private predicate setsAllowCredentials(MethodCall header) { ( header.getMethod() instanceof ResponseSetHeaderMethod or header.getMethod() instanceof ResponseAddHeaderMethod @@ -29,7 +29,7 @@ private predicate setsAllowCredentials(MethodAccess header) { header.getArgument(1).(CompileTimeConstantExpr).getStringValue().toLowerCase() = "true" } -private class CorsProbableCheckAccess extends MethodAccess { +private class CorsProbableCheckAccess extends MethodCall { CorsProbableCheckAccess() { this.getMethod().hasName("contains") and this.getMethod().getDeclaringType().getASourceSupertype*() instanceof CollectionType @@ -66,7 +66,7 @@ private module CorsOriginConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { - exists(MethodAccess corsHeader, MethodAccess allowCredentialsHeader | + exists(MethodCall corsHeader, MethodCall allowCredentialsHeader | ( corsHeader.getMethod() instanceof ResponseSetHeaderMethod or corsHeader.getMethod() instanceof ResponseAddHeaderMethod diff --git a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql index 75ac34491b8a..a548af9f83ba 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql @@ -32,7 +32,7 @@ module ClientSuppliedIpUsedInSecurityCheckConfig implements DataFlow::ConfigSig * later entries may originate from more-trustworthy intermediate proxies, not the original client. */ predicate isBarrier(DataFlow::Node node) { - exists(ArrayAccess aa, MethodAccess ma | aa.getArray() = ma | + exists(ArrayAccess aa, MethodCall ma | aa.getArray() = ma | ma.getQualifier() = node.asExpr() and ma.getMethod() instanceof SplitMethod and not aa.getIndexExpr().(CompileTimeConstantExpr).getIntValue() = 0 diff --git a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll index 0e3d11420ba2..7896c49f5314 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll @@ -11,7 +11,7 @@ import semmle.code.java.security.QueryInjection */ class ClientSuppliedIpUsedInSecurityCheck extends DataFlow::Node { ClientSuppliedIpUsedInSecurityCheck() { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasName("getHeader") and ma.getArgument(0).(CompileTimeConstantExpr).getStringValue().toLowerCase() in [ "x-forwarded-for", "x-real-ip", "proxy-client-ip", "wl-proxy-client-ip", @@ -34,7 +34,7 @@ abstract class ClientSuppliedIpUsedInSecurityCheckSink extends DataFlow::Node { */ private class CompareSink extends ClientSuppliedIpUsedInSecurityCheckSink { CompareSink() { - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().getName() in ["equals", "equalsIgnoreCase"] and ma.getMethod().getDeclaringType() instanceof TypeString and ma.getMethod().getNumberOfParameters() = 1 and @@ -49,7 +49,7 @@ private class CompareSink extends ClientSuppliedIpUsedInSecurityCheckSink { ) ) or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().getName() in ["contains", "startsWith"] and ma.getMethod().getDeclaringType() instanceof TypeString and ma.getMethod().getNumberOfParameters() = 1 and @@ -57,7 +57,7 @@ private class CompareSink extends ClientSuppliedIpUsedInSecurityCheckSink { ma.getAnArgument().(CompileTimeConstantExpr).getStringValue().regexpMatch(getIpAddressRegex()) // Matches IP-address-like strings ) or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().hasName("startsWith") and ma.getMethod() .getDeclaringType() @@ -67,7 +67,7 @@ private class CompareSink extends ClientSuppliedIpUsedInSecurityCheckSink { ma.getAnArgument().(CompileTimeConstantExpr).getStringValue().regexpMatch(getIpAddressRegex()) ) or - exists(MethodAccess ma | + exists(MethodCall ma | ma.getMethod().getName() in ["equals", "equalsIgnoreCase"] and ma.getMethod() .getDeclaringType() diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonStringLib.qll b/java/ql/src/experimental/Security/CWE/CWE-352/JsonStringLib.qll index 2edf03d02ef0..c6d6e6830037 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonStringLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonStringLib.qll @@ -13,7 +13,7 @@ abstract class JsonStringSource extends DataFlow::Node { } */ private class GsonString extends JsonStringSource { GsonString() { - exists(MethodAccess ma, Method m | ma.getMethod() = m | + exists(MethodCall ma, Method m | ma.getMethod() = m | m.hasName("toJson") and m.getDeclaringType().getAnAncestor().hasQualifiedName("com.google.gson", "Gson") and this.asExpr() = ma @@ -29,7 +29,7 @@ private class GsonString extends JsonStringSource { */ private class FastjsonString extends JsonStringSource { FastjsonString() { - exists(MethodAccess ma, Method m | ma.getMethod() = m | + exists(MethodCall ma, Method m | ma.getMethod() = m | m.hasName("toJSONString") and m.getDeclaringType().getAnAncestor().hasQualifiedName("com.alibaba.fastjson", "JSON") and this.asExpr() = ma @@ -45,7 +45,7 @@ private class FastjsonString extends JsonStringSource { */ private class JacksonString extends JsonStringSource { JacksonString() { - exists(MethodAccess ma, Method m | ma.getMethod() = m | + exists(MethodCall ma, Method m | ma.getMethod() = m | m.hasName("writeValueAsString") and m.getDeclaringType() .getAnAncestor() diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql index 58448c0ed9d6..647175797be7 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql @@ -32,7 +32,7 @@ module RequestResponseFlowConfig implements DataFlow::ConfigSig { } predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { - exists(MethodAccess ma | + exists(MethodCall ma | isRequestGetParamMethod(ma) and pred.asExpr() = ma.getQualifier() and succ.asExpr() = ma ) } diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll index 84c189aac937..65a75392ef45 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll @@ -9,7 +9,7 @@ private import semmle.code.java.dataflow.FlowSources */ abstract class RequestGetMethod extends Method { RequestGetMethod() { - not exists(MethodAccess ma | + not exists(MethodCall ma | // Exclude apparent GET handlers that read a request entity, because this likely indicates this is not in fact a GET handler. // This is particularly a problem with Spring handlers, which can sometimes neglect to specify a request method. // Even if it is in fact a GET handler, such a request method will be unusable in the context `