Apply suggestions from code review

JLLeitschuh · Marcono1234 · smowton · web-flow · commit b282c7f1b979 · 2022-03-07T11:31:32.000-05:00
Co-authored-by: Marcono1234 &lt;Marcono1234@users.noreply.github.com&gt;
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/lib/semmle/code/java/environment/SystemProperty.qll b/java/ql/lib/semmle/code/java/environment/SystemProperty.qll
@@ -20,7 +20,7 @@ Expr getSystemProperty(string propertyName) {
 private MethodAccess getSystemPropertyFromSystem(string propertyName) {
   result.(MethodAccessSystemGetProperty).hasCompileTimeConstantGetPropertyName(propertyName)
   or
-  exists(Method m | result.getMethod() = m | m.hasName("lineSeparator")) and
+  result.getMethod().hasName("lineSeparator") and
   propertyName = "line.separator"
 }
 
diff --git a/java/ql/lib/semmle/code/java/os/OSCheck.qll b/java/ql/lib/semmle/code/java/os/OSCheck.qll
@@ -10,14 +10,14 @@ private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.TaintTracking
 
 /**
- * A guard that checks if the current os is Windows.
+ * A guard that checks if the current OS is Windows.
  * When True, the OS is Windows.
  * When False, the OS is not Windows.
  */
 abstract class IsWindowsGuard extends Guard { }
 
 /**
- * A guard that checks if the current OS is any Windows.
+ * A guard that checks if the current OS is a specific Windows variant.
  * When True, the OS is Windows.
  * When False, the OS *may* still be Windows.
  */
@@ -31,7 +31,7 @@ abstract class IsSpecificWindowsVariant extends Guard { }
 abstract class IsUnixGuard extends Guard { }
 
 /**
- * A guard that checks if the current OS is unix or unix-like.
+ * A guard that checks if the current OS is a specific unix or unix-like variant.
  * When True, the OS is unix or unix-like.
  * When False, the OS *may* still be unix or unix-like.
  */
@@ -42,7 +42,7 @@ abstract class IsSpecificUnixVariant extends Guard { }
  */
 bindingset[osString]
 private predicate isOsFromSystemProp(MethodAccess ma, string osString) {
-  TaintTracking::localExprTaint(getSystemProperty("os.name"), ma.getQualifier()) and // Call from System.getProperty (or equvalent) to some partial match method
+  TaintTracking::localExprTaint(getSystemProperty("os.name"), ma.getQualifier()) and // Call from System.getProperty (or equivalent) to some partial match method
   exists(StringPartialMatchMethod m, CompileTimeConstantExpr matchedStringConstant |
     m = ma.getMethod() and
     matchedStringConstant.getStringValue().toLowerCase().matches(osString)
@@ -68,24 +68,24 @@ private Guard isOsFromSystemPropertyEqualityCheck(string propertyName, string co
         ), _)
 }
 
-private class IsWindowsFromCharPathSeperator extends IsWindowsGuard {
-  IsWindowsFromCharPathSeperator() {
+private class IsWindowsFromCharPathSeparator extends IsWindowsGuard {
+  IsWindowsFromCharPathSeparator() {
     this = isOsFromSystemPropertyEqualityCheck("path.separator", "\\")
   }
 }
 
-private class IsWindowsFromCharSeperator extends IsWindowsGuard {
-  IsWindowsFromCharSeperator() { this = isOsFromSystemPropertyEqualityCheck("file.separator", ";") }
+private class IsWindowsFromCharSeparator extends IsWindowsGuard {
+  IsWindowsFromCharSeparator() { this = isOsFromSystemPropertyEqualityCheck("file.separator", ";") }
 }
 
-private class IsUnixFromCharPathSeperator extends IsUnixGuard {
-  IsUnixFromCharPathSeperator() {
+private class IsUnixFromCharPathSeparator extends IsUnixGuard {
+  IsUnixFromCharPathSeparator() {
     this = isOsFromSystemPropertyEqualityCheck("path.separator", "/")
   }
 }
 
-private class IsUnixFromCharSeperator extends IsUnixGuard {
-  IsUnixFromCharSeperator() { this = isOsFromSystemPropertyEqualityCheck("file.separator", ":") }
+private class IsUnixFromCharSeparator extends IsUnixGuard {
+  IsUnixFromCharSeparator() { this = isOsFromSystemPropertyEqualityCheck("file.separator", ":") }
 }
 
 private class IsUnixFromSystemProp extends IsSpecificUnixVariant instanceof MethodAccess {
@@ -138,12 +138,12 @@ private class IsUnixFromPosixFromFileSystem extends IsUnixGuard instanceof Metho
       m.hasName("contains")
     ) and
     this.getArgument(0).(CompileTimeConstantExpr).getStringValue() = "posix" and
-    exists(Method supportedFileAttribtueViewsMethod |
-      supportedFileAttribtueViewsMethod.hasName("supportedFileAttributeViews") and
-      supportedFileAttribtueViewsMethod.getDeclaringType() instanceof TypeFileSystem
+    exists(Method supportedFileAttributeViewsMethod |
+      supportedFileAttributeViewsMethod.hasName("supportedFileAttributeViews") and
+      supportedFileAttributeViewsMethod.getDeclaringType() instanceof TypeFileSystem
     |
       DataFlow::localExprFlow(any(MethodAccess ma |
-          ma.getMethod() = supportedFileAttribtueViewsMethod
+          ma.getMethod() = supportedFileAttributeViewsMethod
         ), super.getQualifier())
     )
   }
diff --git a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
@@ -118,7 +118,7 @@ private class IsWindowsBarrierGuard extends WindowsOsBarrierGuard instanceof IsW
   override predicate checks(Expr e, boolean branch) { this.controls(e.getBasicBlock(), branch) }
 }
 
-private class IsAnyWindowsBarrierGuard extends WindowsOsBarrierGuard instanceof IsSpecificWindowsVariant {
+private class IsSpecificWindowsBarrierGuard extends WindowsOsBarrierGuard instanceof IsSpecificWindowsVariant {
   override predicate checks(Expr e, boolean branch) {
     branch = true and this.controls(e.getBasicBlock(), branch)
   }
diff --git a/java/ql/src/change-notes/2022-02-14-os-guards.md b/java/ql/src/change-notes/2022-02-14-os-guards.md
@@ -2,7 +2,7 @@
 category: minorAnalysis
 ---
  * Add new guards `IsWindowsGuard`, `IsSpecificWindowsVariant`, `IsUnixGuard`, and `IsSpecificUnixVariant` to detect OS specific guards.
- * Add new predicate `getSystemProperty` that gets all expressions that retrieve system properties from a variety of sources (eg. alternative JDK API's, Google Guava, Apache Commons, Apache IO, ect..).
+ * Add new predicate `getSystemProperty` that gets all expressions that retrieve system properties from a variety of sources (eg. alternative JDK API's, Google Guava, Apache Commons, Apache IO, etc..).
  * Update "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
- * Update "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to use `getSystemProperty` to use new `getSystemProperty` predicate.
+ * Update "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to use new `getSystemProperty` predicate.
  

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ Expr getSystemProperty(string propertyName) {`
`20`	`20`	`private MethodAccess getSystemPropertyFromSystem(string propertyName) {`
`21`	`21`	`result.(MethodAccessSystemGetProperty).hasCompileTimeConstantGetPropertyName(propertyName)`
`22`	`22`	`or`
`23`		`- exists(Method m \| result.getMethod() = m \| m.hasName("lineSeparator")) and`
	`23`	`+ result.getMethod().hasName("lineSeparator") and`
`24`	`24`	`propertyName = "line.separator"`
`25`	`25`	`}`
`26`	`26`
Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,7 @@ private class IsWindowsBarrierGuard extends WindowsOsBarrierGuard instanceof IsW`
`118`	`118`	`override predicate checks(Expr e, boolean branch) { this.controls(e.getBasicBlock(), branch) }`
`119`	`119`	`}`
`120`	`120`
`121`		`-private class IsAnyWindowsBarrierGuard extends WindowsOsBarrierGuard instanceof IsSpecificWindowsVariant {`
	`121`	`+private class IsSpecificWindowsBarrierGuard extends WindowsOsBarrierGuard instanceof IsSpecificWindowsVariant {`
`122`	`122`	`override predicate checks(Expr e, boolean branch) {`
`123`	`123`	`branch = true and this.controls(e.getBasicBlock(), branch)`
`124`	`124`	`}`