Java: remove models for System.[get|set]Property

Jami Cogswell · Jami Cogswell · commit 10f0975812bc · 2023-01-17T08:51:48.000-05:00
diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml
@@ -93,10 +93,6 @@ extensions:
       - ["java.lang", "StringBuffer", True, "StringBuffer", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.lang", "StringBuilder", True, "StringBuilder", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.lang", "System", False, "arraycopy", "", "", "Argument[0]", "Argument[2]", "taint", "manual"]
-      - ["java.lang", "System", False, "getProperty", "(String)", "", "SyntheticGlobal[java.lang.System.properties].MapValue", "ReturnValue", "value", "manual"]
-      - ["java.lang", "System", False, "setProperty", "(String,String)", "", "SyntheticGlobal[java.lang.System.properties].MapValue", "ReturnValue", "value", "manual"]
-      - ["java.lang", "System", False, "setProperty", "(String,String)", "", "Argument[0]", "SyntheticGlobal[java.lang.System.properties].MapKey", "value", "manual"]
-      - ["java.lang", "System", False, "setProperty", "(String,String)", "", "Argument[1]", "SyntheticGlobal[java.lang.System.properties].MapValue", "value", "manual"]
       - ["java.lang", "Throwable", False, "Throwable", "(Throwable)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
       - ["java.lang", "Throwable", True, "getCause", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "ReturnValue", "value", "manual"]
       - ["java.lang", "Throwable", True, "getMessage", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/test/ext/TestModels/Test.java b/java/ql/test/ext/TestModels/Test.java
@@ -64,9 +64,6 @@ public void test() throws Exception {
             sink((String)e4.getMessage());  // $hasValueFlow
             sink((Throwable)e4.getCause()); // $hasValueFlow
 
-            System.setProperty("testKey", (String)source());
-            sink(System.getProperty("testKey")); // $hasValueFlow
-
             // java.sql
             Connection con = DriverManager.getConnection("");
             PreparedStatement ps1 = con.prepareStatement("UPDATE EMPLOYEES SET NAME = ? WHERE ID = ?");
diff --git a/java/ql/test/ext/TopJdkApis/TopJdkApis.qll b/java/ql/test/ext/TopJdkApis/TopJdkApis.qll
@@ -142,8 +142,9 @@ class TopJdkApi extends SummarizedCallableBase {
   /** Holds if this API has a manual MaD model. */
   predicate hasManualMadModel() { this.hasManualSummary() or this.hasManualNeutral() }
   /*
-   * Note: the following top-100 APIs are not modeled with MaD:
+   * Note: the following top JDK APIs are not modeled with MaD:
    * `java.lang.String#valueOf(Object)`: a complex case; an alias for `Object.toString`, except the dispatch is hidden
+   * `java.lang.System#getProperty(String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
    * `java.lang.Throwable#printStackTrace()`: should probably not be a general step, but there might be specialised queries that care
    * `java.util.function.Consumer#accept(Object)`: specialized lambda flow
    * `java.util.function.Function#apply(Object)`: specialized lambda flow
diff --git a/java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected b/java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected
@@ -1,4 +1,5 @@
 | java.lang.String#valueOf(Object) | no manual model |
+| java.lang.System#getProperty(String) | no manual model |
 | java.lang.Throwable#printStackTrace() | no manual model |
 | java.util.function.Consumer#accept(Object) | no manual model |
 | java.util.function.Function#apply(Object) | no manual model |

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`\| java.lang.String#valueOf(Object) \| no manual model \|`
	`2`	`+\| java.lang.System#getProperty(String) \| no manual model \|`
`2`	`3`	`\| java.lang.Throwable#printStackTrace() \| no manual model \|`
`3`	`4`	`\| java.util.function.Consumer#accept(Object) \| no manual model \|`
`4`	`5`	`\| java.util.function.Function#apply(Object) \| no manual model \|`