Java: Clean up some instances of getQualifiedName.

Author: aschackmull

java/ql/lib/semmle/code/java/dataflow/FlowSources.qll

@@ -301,7 +301,7 @@ class EnvReadMethod extends Method {
 
 /** The type `java.net.InetAddress`. */
 class TypeInetAddr extends RefType {
-  TypeInetAddr() { this.getQualifiedName() = "java.net.InetAddress" }
+  TypeInetAddr() { this.hasQualifiedName("java.net", "InetAddress") }
 }
 
 /** A reverse DNS method. */

java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll

@@ -6,16 +6,12 @@ import java
 private import semmle.code.java.dataflow.FlowSteps
 
 class ApacheHttpGetParams extends Method {
-  ApacheHttpGetParams() {
-    this.getDeclaringType().getQualifiedName() = "org.apache.http.HttpMessage" and
-    this.getName() = "getParams"
-  }
+  ApacheHttpGetParams() { this.hasQualifiedName("org.apache.http", "HttpMessage", "getParams") }
 }
 
 class ApacheHttpEntityGetContent extends Method {
   ApacheHttpEntityGetContent() {
-    this.getDeclaringType().getQualifiedName() = "org.apache.http.HttpEntity" and
-    this.getName() = "getContent"
+    this.hasQualifiedName("org.apache.http", "HttpEntity", "getContent")
   }
 }
 

java/ql/lib/semmle/code/java/frameworks/JAXB.qll

@@ -4,14 +4,14 @@ import semmle.code.java.Type
 
 class JaxbElement extends Class {
   JaxbElement() {
-    this.getAnAncestor().getQualifiedName() = "javax.xml.bind.JAXBElement" or
+    this.getAnAncestor().hasQualifiedName("javax.xml.bind", "JAXBElement") or
     this.getAnAnnotation().getType().getName() = "XmlRootElement"
   }
 }
 
 class JaxbMarshalMethod extends Method {
   JaxbMarshalMethod() {
-    this.getDeclaringType().getQualifiedName() = "javax.xml.bind.Marshaller" and
+    this.getDeclaringType().hasQualifiedName("javax.xml.bind", "Marshaller") and
     this.getName() = "marshal"
   }
 }

java/ql/lib/semmle/code/java/security/Encryption.qll

@@ -284,8 +284,7 @@ abstract class JavaxCryptoAlgoSpec extends CryptoAlgoSpec { }
 class JavaxCryptoCipher extends JavaxCryptoAlgoSpec {
   JavaxCryptoCipher() {
     exists(Method m | m.getAReference() = this |
-      m.getDeclaringType().getQualifiedName() = "javax.crypto.Cipher" and
-      m.getName() = "getInstance"
+      m.hasQualifiedName("javax.crypto", "Cipher", "getInstance")
     )
   }
 
@@ -295,7 +294,7 @@ class JavaxCryptoCipher extends JavaxCryptoAlgoSpec {
 class JavaxCryptoSecretKey extends JavaxCryptoAlgoSpec {
   JavaxCryptoSecretKey() {
     exists(Constructor c | c.getAReference() = this |
-      c.getDeclaringType().getQualifiedName() = "javax.crypto.spec.SecretKeySpec"
+      c.getDeclaringType().hasQualifiedName("javax.crypto.spec", "SecretKeySpec")
     )
   }
 
@@ -320,8 +319,7 @@ class JavaxCryptoKeyGenerator extends JavaxCryptoAlgoSpec {
 class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec {
   JavaxCryptoKeyAgreement() {
     exists(Method m | m.getAReference() = this |
-      m.getDeclaringType().getQualifiedName() = "javax.crypto.KeyAgreement" and
-      m.getName() = "getInstance"
+      m.hasQualifiedName("javax.crypto", "KeyAgreement", "getInstance")
     )
   }
 
@@ -331,8 +329,7 @@ class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec {
 class JavaxCryptoKeyFactory extends JavaxCryptoAlgoSpec {
   JavaxCryptoKeyFactory() {
     exists(Method m | m.getAReference() = this |
-      m.getDeclaringType().getQualifiedName() = "javax.crypto.SecretKeyFactory" and
-      m.getName() = "getInstance"
+      m.hasQualifiedName("javax.crypto", "SecretKeyFactory", "getInstance")
     )
   }
 
@@ -348,8 +345,7 @@ class JavaSecurityMessageDigest extends JavaSecurityAlgoSpec {
     )
     or
     exists(Method m | m.getAReference() = this |
-      m.getDeclaringType().hasQualifiedName("java.security", "MessageDigest") and
-      m.getName() = "getInstance"
+      m.hasQualifiedName("java.security", "MessageDigest", "getInstance")
     )
   }
 
@@ -359,7 +355,7 @@ class JavaSecurityMessageDigest extends JavaSecurityAlgoSpec {
 class JavaSecuritySignature extends JavaSecurityAlgoSpec {
   JavaSecuritySignature() {
     exists(Constructor c | c.getAReference() = this |
-      c.getDeclaringType().getQualifiedName() = "java.security.Signature"
+      c.getDeclaringType().hasQualifiedName("java.security", "Signature")
     )
   }
 

java/ql/lib/semmle/code/java/security/XSS.qll

@@ -97,8 +97,7 @@ class XssVulnerableWriterSource extends MethodCall {
     this.getMethod() instanceof ServletResponseGetOutputStreamMethod
     or
     exists(Method m | m = this.getMethod() |
-      m.getDeclaringType().getQualifiedName() = "javax.servlet.jsp.JspContext" and
-      m.getName() = "getOut"
+      m.hasQualifiedName("javax.servlet.jsp", "JspContext", "getOut")
     )
     or
     this.getMethod() instanceof FacesGetResponseWriterMethod

java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql

@@ -16,7 +16,7 @@ import java
 class WaitMethod extends Method {
   WaitMethod() {
     this.getName() = "wait" and
-    this.getDeclaringType().getQualifiedName() = "java.lang.Object"
+    this.getDeclaringType() instanceof TypeObject
   }
 }
 

java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql

@@ -16,23 +16,24 @@ import semmle.code.java.security.Encryption
 
 class NetworkClass extends Class {
   NetworkClass() {
-    this.getAnAncestor().getQualifiedName().matches("java.rmi.%") or
-    this.getAnAncestor().getQualifiedName().matches("java.net.%") or
-    this.getAnAncestor().getQualifiedName().matches("javax.net.%")
+    this.getAnAncestor()
+        .getPackage()
+        .getName()
+        .regexpMatch("(java\\.net|java\\.rmi|javax\\.net)(\\..*)?")
   }
 }
 
 class SocketFactoryType extends RefType {
   SocketFactoryType() {
-    this.getQualifiedName() = "java.rmi.server.RMIServerSocketFactory" or
-    this.getQualifiedName() = "java.rmi.server.RMIClientSocketFactory" or
-    this.getQualifiedName() = "javax.net.SocketFactory" or
-    this.getQualifiedName() = "java.net.SocketImplFactory"
+    this.hasQualifiedName("java.rmi.server", "RMIServerSocketFactory") or
+    this.hasQualifiedName("java.rmi.server", "RMIClientSocketFactory") or
+    this.hasQualifiedName("javax.net", "SocketFactory") or
+    this.hasQualifiedName("java.net", "SocketImplFactory")
   }
 }
 
 /** Holds if the method `m` has a factory parameter at location `p`. */
-cached
+pragma[nomagic]
 predicate usesFactory(Method m, int p) {
   m.getParameter(p).getType().(RefType).getAnAncestor() instanceof SocketFactoryType
 }

java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql

@@ -13,11 +13,13 @@
 
 import java
 
-predicate dangerousMethod(string descriptor) { descriptor = "java.lang.Thread.stop" }
+predicate dangerousMethod(string pack, string type, string name) {
+  pack = "java.lang" and type = "Thread" and name = "stop"
+}
 
-from MethodCall call, Method target, string descriptor
+from MethodCall call, Method target, string pack, string type, string name
 where
   call.getCallee() = target and
-  descriptor = target.getDeclaringType().getQualifiedName() + "." + target.getName() and
-  dangerousMethod(descriptor)
-select call, "Call to " + descriptor + " is potentially dangerous."
+  target.hasQualifiedName(pack, type, name) and
+  dangerousMethod(pack, type, name)
+select call, "Call to " + pack + "." + type + "." + name + " is potentially dangerous."

java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll

@@ -72,7 +72,7 @@ class ArrayInitAtNonZeroIndex extends DataFlow::Node {
 class StreamConcatAtNonZeroIndex extends DataFlow::Node {
   StreamConcatAtNonZeroIndex() {
     exists(MethodCall call, int index |
-      call.getMethod().getQualifiedName() = "java.util.stream.Stream.concat" and
+      call.getMethod().hasQualifiedName("java.util.stream", "Stream", "concat") and
       call.getArgument(index) = this.asExpr() and
       index != 0
     )

java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql

@@ -72,8 +72,7 @@ class HostVerificationMethodCall extends MethodCall {
       exists(MethodCall ma, Method m, Field f |
         this.getArgument(0) = ma and
         ma.getMethod() = m and
-        m.hasName("getString") and
-        m.getDeclaringType().getQualifiedName() = "android.content.res.Resources" and
+        m.hasQualifiedName("android.content.res", "Resources", "getString") and
         ma.getArgument(0).(FieldRead).getField() = f and
         f.getDeclaringType() instanceof AndroidRString
       ) //Check resource properties in /res/values/strings.xml in Android mobile applications using res.getString(R.string.key)