Java: Deprecate StringLiteral.getRepresentedString()

Author: Marcono1234

java/ql/lib/semmle/code/java/Expr.qll

@@ -166,7 +166,7 @@ class CompileTimeConstantExpr extends Expr {
    */
   pragma[nomagic]
   string getStringValue() {
-    result = this.(StringLiteral).getRepresentedString()
+    result = this.(StringLiteral).getValue()
     or
     result =
       this.(AddExpr).getLeftOperand().(CompileTimeConstantExpr).getStringValue() +
@@ -732,9 +732,18 @@ class CharacterLiteral extends Literal, @characterliteral {
  */
 class StringLiteral extends Literal, @stringliteral {
   /**
+   * Gets the string represented by this string literal, that is, the content
+   * of the literal without enclosing quotes and with escape sequences translated.
+   */
+  override string getValue() { result = super.getValue() }
+
+  /**
+   * DEPRECATED: This predicate will be removed in a future version because
+   * it is just an alias for `getValue()`; that predicate should be used instead.
+   *
    * Gets the literal string without the quotes.
    */
-  string getRepresentedString() { result = this.getValue() }
+  deprecated string getRepresentedString() { result = this.getValue() }
 
   /** Holds if this string literal is a text block (`""" ... """`). */
   predicate isTextBlock() { this.getLiteral().matches("\"\"\"%") }

java/ql/lib/semmle/code/java/JDKAnnotations.qll

@@ -25,9 +25,7 @@ class SuppressWarningsAnnotation extends Annotation {
   }
 
   /** Gets the name of a warning suppressed by this annotation. */
-  string getASuppressedWarning() {
-    result = this.getASuppressedWarningLiteral().getRepresentedString()
-  }
+  string getASuppressedWarning() { result = this.getASuppressedWarningLiteral().getValue() }
 }
 
 /** A `@Target` annotation. */

java/ql/lib/semmle/code/java/Reflection.qll

@@ -75,7 +75,7 @@ class ReflectiveClassIdentifierMethodAccess extends ReflectiveClassIdentifier, M
   /**
    * If the argument to this call is a `StringLiteral`, then return that string.
    */
-  string getTypeName() { result = this.getArgument(0).(StringLiteral).getRepresentedString() }
+  string getTypeName() { result = this.getArgument(0).(StringLiteral).getValue() }
 
   override RefType getReflectivelyIdentifiedClass() {
     // We only handle cases where the class is specified as a string literal to this call.
@@ -360,7 +360,7 @@ class ReflectiveMethodAccess extends ClassMethodAccess {
         this.getInferredClassType().inherits(result)
     ) and
     // Only consider instances where the method name is provided as a `StringLiteral`.
-    result.hasName(this.getArgument(0).(StringLiteral).getRepresentedString())
+    result.hasName(this.getArgument(0).(StringLiteral).getValue())
   }
 }
 
@@ -400,6 +400,6 @@ class ReflectiveFieldAccess extends ClassMethodAccess {
         this.getInferredClassType().inherits(result)
       )
     ) and
-    result.hasName(this.getArgument(0).(StringLiteral).getRepresentedString())
+    result.hasName(this.getArgument(0).(StringLiteral).getValue())
   }
 }

java/ql/lib/semmle/code/java/StringFormat.qll

@@ -279,7 +279,7 @@ private predicate formatStringFragment(Expr fmt) {
 private predicate formatStringValue(Expr e, string fmtvalue) {
   formatStringFragment(e) and
   (
-    e.(StringLiteral).getRepresentedString() = fmtvalue
+    e.(StringLiteral).getValue() = fmtvalue
     or
     e.getType() instanceof IntegralType and fmtvalue = "1" // dummy value
     or
@@ -318,7 +318,7 @@ private predicate formatStringValue(Expr e, string fmtvalue) {
       getprop.hasName("getProperty") and
       getprop.getDeclaringType().hasQualifiedName("java.lang", "System") and
       getprop.getNumberOfParameters() = 1 and
-      ma.getAnArgument().(StringLiteral).getRepresentedString() = prop and
+      ma.getAnArgument().(StringLiteral).getValue() = prop and
       (prop = "line.separator" or prop = "file.separator" or prop = "path.separator") and
       fmtvalue = "x" // dummy value
     )

java/ql/lib/semmle/code/java/UnitTests.qll

@@ -162,7 +162,7 @@ class TestNGTestMethod extends Method {
       testAnnotation = this.getAnAnnotation() and
       // The data provider must have the same name as the referenced data provider
       result.getDataProviderName() =
-        testAnnotation.getValue("dataProvider").(StringLiteral).getRepresentedString()
+        testAnnotation.getValue("dataProvider").(StringLiteral).getValue()
     |
       // Either the data provider should be on the current class, or a supertype
       this.getDeclaringType().getAnAncestor() = result.getDeclaringType()
@@ -258,7 +258,7 @@ class TestNGDataProviderMethod extends Method {
           .(TestNGDataProviderAnnotation)
           .getValue("name")
           .(StringLiteral)
-          .getRepresentedString()
+          .getValue()
   }
 }
 

java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll

@@ -300,8 +300,8 @@ private predicate unsafeEscape(MethodAccess ma) {
   // Removing `<script>` tags using a string-replace method is
   // unsafe if such a tag is embedded inside another one (e.g. `<scr<script>ipt>`).
   exists(StringReplaceMethod m | ma.getMethod() = m |
-    ma.getArgument(0).(StringLiteral).getRepresentedString() = "(<script>)" and
-    ma.getArgument(1).(StringLiteral).getRepresentedString() = ""
+    ma.getArgument(0).(StringLiteral).getValue() = "(<script>)" and
+    ma.getArgument(1).(StringLiteral).getValue() = ""
   )
 }
 

java/ql/lib/semmle/code/java/frameworks/spring/SpringComponentScan.qll

@@ -37,9 +37,9 @@ class SpringComponentScan extends Annotation {
    */
   string getBasePackages() {
     // "value" and "basePackages" are synonymous, and are simple strings
-    result = this.getAValue("basePackages").(StringLiteral).getRepresentedString()
+    result = this.getAValue("basePackages").(StringLiteral).getValue()
     or
-    result = this.getAValue("value").(StringLiteral).getRepresentedString()
+    result = this.getAValue("value").(StringLiteral).getValue()
     or
     exists(TypeLiteral typeLiteral |
       // Base package classes are type literals whose package should be considered a base package.
@@ -201,7 +201,7 @@ class SpringComponent extends RefType {
           .getType()
           .hasQualifiedName("org.springframework.context.annotation", "Profile")
     |
-      result = profileAnnotation.getAValue("value").(StringLiteral).getRepresentedString()
+      result = profileAnnotation.getAValue("value").(StringLiteral).getValue()
     )
   }
 }

java/ql/lib/semmle/code/java/security/ControlledString.qll

@@ -22,7 +22,7 @@ private predicate boxedToString(Method method) {
  * it is better to use a prepared query than to just put single quotes around the string.
  */
 predicate endsInQuote(Expr expr) {
-  exists(string str | str = expr.(StringLiteral).getRepresentedString() | str.matches("%'"))
+  exists(string str | str = expr.(StringLiteral).getValue() | str.matches("%'"))
   or
   exists(Variable var | expr = var.getAnAccess() | endsInQuote(var.getAnAssignedValue()))
   or

java/ql/lib/semmle/code/java/security/HttpsUrls.qll

@@ -12,13 +12,13 @@ private import semmle.code.java.frameworks.Networking
  */
 class HttpStringLiteral extends StringLiteral {
   HttpStringLiteral() {
-    exists(string s | this.getRepresentedString() = s |
+    exists(string s | this.getValue() = s |
       s = "http"
       or
       s.matches("http://%") and
       not s.substring(7, s.length()) instanceof PrivateHostName and
       not TaintTracking::localExprTaint(any(StringLiteral p |
-          p.getRepresentedString() instanceof PrivateHostName
+          p.getValue() instanceof PrivateHostName
         ), this.getParent*())
     )
   }

java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll

@@ -41,5 +41,5 @@ private class DefaultInsecureBasicAuthSink extends InsecureBasicAuthSink {
  * String pattern of basic authentication.
  */
 private class BasicAuthString extends StringLiteral {
-  BasicAuthString() { exists(string s | this.getRepresentedString() = s | s.matches("Basic %")) }
+  BasicAuthString() { exists(string s | this.getValue() = s | s.matches("Basic %")) }
 }