Merge pull request #7004 from Marcono1234/marcono1234/deprecate-StringLiteral-getRepresentedString

aschackmull · web-flow · commit 42a046edc614 · 2021-11-02T09:57:52.000+01:00
Java: Deprecate `StringLiteral.getRepresentedString()`
diff --git a/java/change-notes/2021-10-29-deprecate-String-getRepresentedString.md b/java/change-notes/2021-10-29-deprecate-String-getRepresentedString.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The predicate `StringLiteral.getRepresentedString()` has been deprecated for removal in a future version because it is just an alias for `getValue()`. That predicate should be used instead.
diff --git a/java/ql/lib/semmle/code/java/Expr.qll b/java/ql/lib/semmle/code/java/Expr.qll
@@ -166,7 +166,7 @@ class CompileTimeConstantExpr extends Expr {
    */
   pragma[nomagic]
   string getStringValue() {
-    result = this.(StringLiteral).getRepresentedString()
+    result = this.(StringLiteral).getValue()
     or
     result =
       this.(AddExpr).getLeftOperand().(CompileTimeConstantExpr).getStringValue() +
@@ -745,9 +745,21 @@ class CharacterLiteral extends Literal, @characterliteral {
  */
 class StringLiteral extends Literal, @stringliteral {
   /**
+   * Gets the string represented by this string literal, that is, the content
+   * of the literal without enclosing quotes and with escape sequences translated.
+   *
+   * Unpaired Unicode surrogate characters (U+D800 to U+DFFF) are replaced with the
+   * replacement character U+FFFD.
+   */
+  override string getValue() { result = super.getValue() }
+
+  /**
+   * DEPRECATED: This predicate will be removed in a future version because
+   * it is just an alias for `getValue()`; that predicate should be used instead.
+   *
    * Gets the literal string without the quotes.
    */
-  string getRepresentedString() { result = this.getValue() }
+  deprecated string getRepresentedString() { result = this.getValue() }
 
   /** Holds if this string literal is a text block (`""" ... """`). */
   predicate isTextBlock() { this.getLiteral().matches("\"\"\"%") }
diff --git a/java/ql/lib/semmle/code/java/JDKAnnotations.qll b/java/ql/lib/semmle/code/java/JDKAnnotations.qll
@@ -25,9 +25,7 @@ class SuppressWarningsAnnotation extends Annotation {
   }
 
   /** Gets the name of a warning suppressed by this annotation. */
-  string getASuppressedWarning() {
-    result = this.getASuppressedWarningLiteral().getRepresentedString()
-  }
+  string getASuppressedWarning() { result = this.getASuppressedWarningLiteral().getValue() }
 }
 
 /** A `@Target` annotation. */
diff --git a/java/ql/lib/semmle/code/java/Reflection.qll b/java/ql/lib/semmle/code/java/Reflection.qll
@@ -75,7 +75,7 @@ class ReflectiveClassIdentifierMethodAccess extends ReflectiveClassIdentifier, M
   /**
    * If the argument to this call is a `StringLiteral`, then return that string.
    */
-  string getTypeName() { result = this.getArgument(0).(StringLiteral).getRepresentedString() }
+  string getTypeName() { result = this.getArgument(0).(StringLiteral).getValue() }
 
   override RefType getReflectivelyIdentifiedClass() {
     // We only handle cases where the class is specified as a string literal to this call.
@@ -360,7 +360,7 @@ class ReflectiveMethodAccess extends ClassMethodAccess {
         this.getInferredClassType().inherits(result)
     ) and
     // Only consider instances where the method name is provided as a `StringLiteral`.
-    result.hasName(this.getArgument(0).(StringLiteral).getRepresentedString())
+    result.hasName(this.getArgument(0).(StringLiteral).getValue())
   }
 }
 
@@ -400,6 +400,6 @@ class ReflectiveFieldAccess extends ClassMethodAccess {
         this.getInferredClassType().inherits(result)
       )
     ) and
-    result.hasName(this.getArgument(0).(StringLiteral).getRepresentedString())
+    result.hasName(this.getArgument(0).(StringLiteral).getValue())
   }
 }
diff --git a/java/ql/lib/semmle/code/java/StringFormat.qll b/java/ql/lib/semmle/code/java/StringFormat.qll
@@ -279,7 +279,7 @@ private predicate formatStringFragment(Expr fmt) {
 private predicate formatStringValue(Expr e, string fmtvalue) {
   formatStringFragment(e) and
   (
-    e.(StringLiteral).getRepresentedString() = fmtvalue
+    e.(StringLiteral).getValue() = fmtvalue
     or
     e.getType() instanceof IntegralType and fmtvalue = "1" // dummy value
     or
@@ -318,7 +318,7 @@ private predicate formatStringValue(Expr e, string fmtvalue) {
       getprop.hasName("getProperty") and
       getprop.getDeclaringType().hasQualifiedName("java.lang", "System") and
       getprop.getNumberOfParameters() = 1 and
-      ma.getAnArgument().(StringLiteral).getRepresentedString() = prop and
+      ma.getAnArgument().(StringLiteral).getValue() = prop and
       (prop = "line.separator" or prop = "file.separator" or prop = "path.separator") and
       fmtvalue = "x" // dummy value
     )
diff --git a/java/ql/lib/semmle/code/java/UnitTests.qll b/java/ql/lib/semmle/code/java/UnitTests.qll
@@ -162,7 +162,7 @@ class TestNGTestMethod extends Method {
       testAnnotation = this.getAnAnnotation() and
       // The data provider must have the same name as the referenced data provider
       result.getDataProviderName() =
-        testAnnotation.getValue("dataProvider").(StringLiteral).getRepresentedString()
+        testAnnotation.getValue("dataProvider").(StringLiteral).getValue()
     |
       // Either the data provider should be on the current class, or a supertype
       this.getDeclaringType().getAnAncestor() = result.getDeclaringType()
@@ -258,7 +258,7 @@ class TestNGDataProviderMethod extends Method {
           .(TestNGDataProviderAnnotation)
           .getValue("name")
           .(StringLiteral)
-          .getRepresentedString()
+          .getValue()
   }
 }
 
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -300,8 +300,8 @@ private predicate unsafeEscape(MethodAccess ma) {
   // Removing `<script>` tags using a string-replace method is
   // unsafe if such a tag is embedded inside another one (e.g. `<scr<script>ipt>`).
   exists(StringReplaceMethod m | ma.getMethod() = m |
-    ma.getArgument(0).(StringLiteral).getRepresentedString() = "(<script>)" and
-    ma.getArgument(1).(StringLiteral).getRepresentedString() = ""
+    ma.getArgument(0).(StringLiteral).getValue() = "(<script>)" and
+    ma.getArgument(1).(StringLiteral).getValue() = ""
   )
 }
 
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringComponentScan.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringComponentScan.qll
@@ -37,9 +37,9 @@ class SpringComponentScan extends Annotation {
    */
   string getBasePackages() {
     // "value" and "basePackages" are synonymous, and are simple strings
-    result = this.getAValue("basePackages").(StringLiteral).getRepresentedString()
+    result = this.getAValue("basePackages").(StringLiteral).getValue()
     or
-    result = this.getAValue("value").(StringLiteral).getRepresentedString()
+    result = this.getAValue("value").(StringLiteral).getValue()
     or
     exists(TypeLiteral typeLiteral |
       // Base package classes are type literals whose package should be considered a base package.
@@ -201,7 +201,7 @@ class SpringComponent extends RefType {
           .getType()
           .hasQualifiedName("org.springframework.context.annotation", "Profile")
     |
-      result = profileAnnotation.getAValue("value").(StringLiteral).getRepresentedString()
+      result = profileAnnotation.getAValue("value").(StringLiteral).getValue()
     )
   }
 }
diff --git a/java/ql/lib/semmle/code/java/security/ControlledString.qll b/java/ql/lib/semmle/code/java/security/ControlledString.qll
@@ -22,7 +22,7 @@ private predicate boxedToString(Method method) {
  * it is better to use a prepared query than to just put single quotes around the string.
  */
 predicate endsInQuote(Expr expr) {
-  exists(string str | str = expr.(StringLiteral).getRepresentedString() | str.matches("%'"))
+  exists(string str | str = expr.(StringLiteral).getValue() | str.matches("%'"))
   or
   exists(Variable var | expr = var.getAnAccess() | endsInQuote(var.getAnAssignedValue()))
   or
diff --git a/java/ql/lib/semmle/code/java/security/HttpsUrls.qll b/java/ql/lib/semmle/code/java/security/HttpsUrls.qll
@@ -12,13 +12,13 @@ private import semmle.code.java.frameworks.Networking
  */
 class HttpStringLiteral extends StringLiteral {
   HttpStringLiteral() {
-    exists(string s | this.getRepresentedString() = s |
+    exists(string s | this.getValue() = s |
       s = "http"
       or
       s.matches("http://%") and
       not s.substring(7, s.length()) instanceof PrivateHostName and
       not TaintTracking::localExprTaint(any(StringLiteral p |
-          p.getRepresentedString() instanceof PrivateHostName
+          p.getValue() instanceof PrivateHostName
         ), this.getParent*())
     )
   }
diff --git a/java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll b/java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll
@@ -41,5 +41,5 @@ private class DefaultInsecureBasicAuthSink extends InsecureBasicAuthSink {
  * String pattern of basic authentication.
  */
 private class BasicAuthString extends StringLiteral {
-  BasicAuthString() { exists(string s | this.getRepresentedString() = s | s.matches("Basic %")) }
+  BasicAuthString() { exists(string s | this.getValue() = s | s.matches("Basic %")) }
 }
diff --git a/java/ql/lib/semmle/code/java/security/RelativePaths.qll b/java/ql/lib/semmle/code/java/security/RelativePaths.qll
@@ -5,7 +5,7 @@ import java
  * An element that starts with a relative path.
  */
 predicate relativePath(Element tree, string command) {
-  exists(StringLiteral lit, string text | tree = lit and text = lit.getRepresentedString() |
+  exists(StringLiteral lit, string text | tree = lit and text = lit.getValue() |
     text != "" and
     text.regexpMatch(["[^/\\\\ \t]*", "[^/\\\\ \t]*[ \t].*"]) and
     command = text.replaceAll("\t", " ").splitAt(" ", 0).replaceAll("\"", "")
diff --git a/java/ql/lib/semmle/code/java/security/SecurityFlag.qll b/java/ql/lib/semmle/code/java/security/SecurityFlag.qll
@@ -27,7 +27,7 @@ abstract class FlagKind extends string {
         flag.asExpr() = v and v.getType() instanceof FlagType
       )
       or
-      exists(StringLiteral s | s.getRepresentedString() = getAFlagName() | flag.asExpr() = s)
+      exists(StringLiteral s | s.getValue() = getAFlagName() | flag.asExpr() = s)
       or
       exists(MethodAccess ma | ma.getMethod().getName() = getAFlagName() |
         flag.asExpr() = ma and
diff --git a/java/ql/lib/semmle/code/java/security/SensitiveActions.qll b/java/ql/lib/semmle/code/java/security/SensitiveActions.qll
@@ -41,9 +41,7 @@ class SensitiveMethodAccess extends SensitiveExpr, MethodAccess {
     or
     // This is particularly to pick up methods with an argument like "password", which
     // may indicate a lookup.
-    exists(string s |
-      this.getAnArgument().(StringLiteral).getRepresentedString().toLowerCase() = s
-    |
+    exists(string s | this.getAnArgument().(StringLiteral).getValue().toLowerCase() = s |
       s.matches(suspicious()) and
       not s.matches(nonSuspicious())
     )
diff --git a/java/ql/src/Performance/InefficientEmptyStringTest.ql b/java/ql/src/Performance/InefficientEmptyStringTest.ql
@@ -16,7 +16,7 @@ where
   mc.getQualifier().getType() instanceof TypeString and
   mc.getMethod().hasName("equals") and
   (
-    mc.getArgument(0).(StringLiteral).getRepresentedString() = "" or
-    mc.getQualifier().(StringLiteral).getRepresentedString() = ""
+    mc.getArgument(0).(StringLiteral).getValue() = "" or
+    mc.getQualifier().(StringLiteral).getValue() = ""
   )
 select mc, "Inefficient comparison to empty string, check for zero length instead."
diff --git a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
@@ -17,14 +17,14 @@ import DataFlow
 import PathGraph
 
 private class ShortStringLiteral extends StringLiteral {
-  ShortStringLiteral() { getRepresentedString().length() < 100 }
+  ShortStringLiteral() { getValue().length() < 100 }
 }
 
 class BrokenAlgoLiteral extends ShortStringLiteral {
   BrokenAlgoLiteral() {
-    getRepresentedString().regexpMatch(getInsecureAlgorithmRegex()) and
+    getValue().regexpMatch(getInsecureAlgorithmRegex()) and
     // Exclude German and French sentences.
-    not getRepresentedString().regexpMatch(".*\\p{IsLowercase} des \\p{IsLetter}.*")
+    not getValue().regexpMatch(".*\\p{IsLowercase} des \\p{IsLetter}.*")
   }
 }
 
@@ -48,4 +48,4 @@ where
   source.getNode().asExpr() = s and
   conf.hasFlowPath(source, sink)
 select c, source, sink, "Cryptographic algorithm $@ is weak and should not be used.", s,
-  s.getRepresentedString()
+  s.getValue()
diff --git a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
@@ -18,14 +18,14 @@ import semmle.code.java.dispatch.VirtualDispatch
 import PathGraph
 
 private class ShortStringLiteral extends StringLiteral {
-  ShortStringLiteral() { getRepresentedString().length() < 100 }
+  ShortStringLiteral() { getValue().length() < 100 }
 }
 
 class InsecureAlgoLiteral extends ShortStringLiteral {
   InsecureAlgoLiteral() {
     // Algorithm identifiers should be at least two characters.
-    getRepresentedString().length() > 1 and
-    exists(string s | s = getRepresentedString() |
+    getValue().length() > 1 and
+    exists(string s | s = getValue() |
       not s.regexpMatch(getSecureAlgorithmRegex()) and
       // Exclude results covered by another query.
       not s.regexpMatch(getInsecureAlgorithmRegex())
@@ -72,4 +72,4 @@ where
   conf.hasFlowPath(source, sink)
 select c, source, sink,
   "Cryptographic algorithm $@ may not be secure, consider using a different algorithm.", s,
-  s.getRepresentedString()
+  s.getValue()
diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentials.qll b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentials.qll
@@ -31,7 +31,7 @@ private class HardcodedCharArray extends ArrayCreationExpr {
  */
 class HardcodedExpr extends Expr {
   HardcodedExpr() {
-    this.(StringLiteral).getRepresentedString() != "" or
+    this.(StringLiteral).getValue() != "" or
     this instanceof HardcodedByteArray or
     this instanceof HardcodedCharArray
   }
diff --git a/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql b/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql
@@ -34,7 +34,7 @@ predicate subjectToAtomicReferenceFieldUpdater(Field f) {
     c.getMethod().getSourceDeclaration() = newUpdater and
     isClassOf(c.getArgument(0).getType(), f.getDeclaringType()) and
     isClassOf(c.getArgument(1).getType(), f.getType()) and
-    c.getArgument(2).(StringLiteral).getRepresentedString() = f.getName()
+    c.getArgument(2).(StringLiteral).getValue() = f.getName()
   )
 }
 
@@ -45,7 +45,7 @@ predicate lookedUpReflectively(Field f) {
   exists(MethodAccess getDeclaredField |
     isClassOf(getDeclaredField.getQualifier().getType(), f.getDeclaringType()) and
     getDeclaredField.getMethod().hasName("getDeclaredField") and
-    getDeclaredField.getArgument(0).(StringLiteral).getRepresentedString() = f.getName()
+    getDeclaredField.getArgument(0).(StringLiteral).getValue() = f.getName()
   )
 }
 
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll
@@ -59,7 +59,7 @@ class SpringViewManipulationConfig extends TaintTracking::Configuration {
     exists(AddExpr e, StringLiteral sl |
       node.asExpr() = e.getControlFlowNode().getASuccessor*() and
       sl = e.getLeftOperand*() and
-      sl.getRepresentedString().matches(["redirect:%", "ajaxredirect:%", "forward:%"])
+      sl.getValue().matches(["redirect:%", "ajaxredirect:%", "forward:%"])
     )
     or
     // Block flows like
@@ -79,7 +79,7 @@ class SpringViewManipulationConfig extends TaintTracking::Configuration {
         sl = ca.getQualifier()
       ) and
       ca = getAStringCombiningCall() and
-      sl.getRepresentedString().matches(["redirect:%", "ajaxredirect:%", "forward:%"])
+      sl.getValue().matches(["redirect:%", "ajaxredirect:%", "forward:%"])
     |
       exists(Call cc | DataFlow::localExprFlow(ca.getQualifier(), cc.getQualifier()) |
         cc = node.asExpr()
diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
@@ -139,7 +139,7 @@ predicate hasShortECKeyPair(MethodAccess ma, string msg) {
     kc.hasFlowPath(source, dest) and
     DataFlow::localExprFlow(cie, ma.getArgument(0)) and
     ma.getArgument(0).getType() instanceof ECGenParameterSpec and
-    getECKeySize(cie.getArgument(0).(StringLiteral).getRepresentedString()) < 256
+    getECKeySize(cie.getArgument(0).(StringLiteral).getValue()) < 256
   ) and
   msg = "Key size should be at least 256 bits for EC encryption."
 }
diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql
@@ -42,7 +42,7 @@ private class UnsafeBeanInitMethod extends Method {
     exists(Annotation a | this.getAnAnnotation() = a |
       a.getType().hasQualifiedName("org.springframework.context.annotation", "Bean") and
       if a.getValue("name") instanceof StringLiteral
-      then identifier = a.getValue("name").(StringLiteral).getRepresentedString()
+      then identifier = a.getValue("name").(StringLiteral).getValue()
       else identifier = this.getName()
     )
   }
diff --git a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql
@@ -23,7 +23,7 @@ import DataFlow::PathGraph
 class InsecureLdapUrlLiteral extends StringLiteral {
   InsecureLdapUrlLiteral() {
     // Match connection strings with the LDAP protocol and without private IP addresses to reduce false positives.
-    exists(string s | this.getRepresentedString() = s |
+    exists(string s | this.getValue() = s |
       s.regexpMatch("(?i)ldap://[\\[a-zA-Z0-9].*") and
       not s.substring(7, s.length()) instanceof PrivateHostName
     )
diff --git a/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql b/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql
@@ -54,7 +54,7 @@ class HostVerificationMethodAccess extends MethodAccess {
     ) and
     this.getMethod().getNumberOfParameters() = 1 and
     (
-      this.getArgument(0).(StringLiteral).getRepresentedString().charAt(0) != "." //string constant comparison e.g. uri.getHost().endsWith("example.com")
+      this.getArgument(0).(StringLiteral).getValue().charAt(0) != "." //string constant comparison e.g. uri.getHost().endsWith("example.com")
       or
       this.getArgument(0)
           .(AddExpr)
@@ -63,15 +63,10 @@ class HostVerificationMethodAccess extends MethodAccess {
           .getVariable()
           .getAnAssignedValue()
           .(StringLiteral)
-          .getRepresentedString()
+          .getValue()
           .charAt(0) != "." //var1+var2, check var1 starts with "." e.g. String domainName = "example"; Uri.parse(url).getHost().endsWith(domainName+".com")
       or
-      this.getArgument(0)
-          .(AddExpr)
-          .getLeftOperand()
-          .(StringLiteral)
-          .getRepresentedString()
-          .charAt(0) != "." //"."+var2, check string constant "." e.g. String domainName = "example.com";  Uri.parse(url).getHost().endsWith("www."+domainName)
+      this.getArgument(0).(AddExpr).getLeftOperand().(StringLiteral).getValue().charAt(0) != "." //"."+var2, check string constant "." e.g. String domainName = "example.com";  Uri.parse(url).getHost().endsWith("www."+domainName)
       or
       exists(MethodAccess ma, Method m, Field f |
         this.getArgument(0) = ma and
@@ -87,7 +82,7 @@ class HostVerificationMethodAccess extends MethodAccess {
           .getVariable()
           .getAnAssignedValue()
           .(StringLiteral)
-          .getRepresentedString()
+          .getValue()
           .charAt(0) != "." //check variable starts with "." e.g. String domainName = "example.com";  Uri.parse(url).getHost().endsWith(domainName)
     )
   }
diff --git a/java/ql/test/library-tests/Encryption/insecure.ql b/java/ql/test/library-tests/Encryption/insecure.ql
@@ -2,5 +2,5 @@ import default
 import semmle.code.java.security.Encryption
 
 from StringLiteral s
-where s.getRepresentedString().regexpMatch(getInsecureAlgorithmRegex())
+where s.getValue().regexpMatch(getInsecureAlgorithmRegex())
 select s
diff --git a/java/ql/test/library-tests/Encryption/secure.ql b/java/ql/test/library-tests/Encryption/secure.ql
@@ -2,5 +2,5 @@ import default
 import semmle.code.java.security.Encryption
 
 from StringLiteral s
-where s.getRepresentedString().regexpMatch(getSecureAlgorithmRegex())
+where s.getValue().regexpMatch(getSecureAlgorithmRegex())
 select s
diff --git a/java/ql/test/library-tests/literals/stringLiterals/stringLiterals.expected b/java/ql/test/library-tests/literals/stringLiterals/stringLiterals.expected
diff --git a/java/ql/test/library-tests/literals/stringLiterals/stringLiterals.ql b/java/ql/test/library-tests/literals/stringLiterals/stringLiterals.ql

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* The predicate `StringLiteral.getRepresentedString()` has been deprecated for removal in a future version because it is just an alias for `getValue()`. That predicate should be used instead.
Original file line number	Diff line number	Diff line change
`@@ -25,9 +25,7 @@ class SuppressWarningsAnnotation extends Annotation {`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`/** Gets the name of a warning suppressed by this annotation. */`
`28`		`- string getASuppressedWarning() {`
`29`		`- result = this.getASuppressedWarningLiteral().getRepresentedString()`
`30`		`- }`
	`28`	`+ string getASuppressedWarning() { result = this.getASuppressedWarningLiteral().getValue() }`
`31`	`29`	`}`
`32`	`30`
`33`	`31`	/** A `@Target` annotation. */
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ class ReflectiveClassIdentifierMethodAccess extends ReflectiveClassIdentifier, M`
`75`	`75`	`/**`
`76`	`76`	* If the argument to this call is a `StringLiteral`, then return that string.
`77`	`77`	`*/`
`78`		`- string getTypeName() { result = this.getArgument(0).(StringLiteral).getRepresentedString() }`
	`78`	`+ string getTypeName() { result = this.getArgument(0).(StringLiteral).getValue() }`
`79`	`79`
`80`	`80`	`override RefType getReflectivelyIdentifiedClass() {`
`81`	`81`	`// We only handle cases where the class is specified as a string literal to this call.`
`@@ -360,7 +360,7 @@ class ReflectiveMethodAccess extends ClassMethodAccess {`
`360`	`360`	`this.getInferredClassType().inherits(result)`
`361`	`361`	`) and`
`362`	`362`	// Only consider instances where the method name is provided as a `StringLiteral`.
`363`		`- result.hasName(this.getArgument(0).(StringLiteral).getRepresentedString())`
	`363`	`+ result.hasName(this.getArgument(0).(StringLiteral).getValue())`
`364`	`364`	`}`
`365`	`365`	`}`
`366`	`366`
`@@ -400,6 +400,6 @@ class ReflectiveFieldAccess extends ClassMethodAccess {`
`400`	`400`	`this.getInferredClassType().inherits(result)`
`401`	`401`	`)`
`402`	`402`	`) and`
`403`		`- result.hasName(this.getArgument(0).(StringLiteral).getRepresentedString())`
	`403`	`+ result.hasName(this.getArgument(0).(StringLiteral).getValue())`
`404`	`404`	`}`
`405`	`405`	`}`
Original file line number	Diff line number	Diff line change
`@@ -162,7 +162,7 @@ class TestNGTestMethod extends Method {`
`162`	`162`	`testAnnotation = this.getAnAnnotation() and`
`163`	`163`	`// The data provider must have the same name as the referenced data provider`
`164`	`164`	`result.getDataProviderName() =`
`165`		`- testAnnotation.getValue("dataProvider").(StringLiteral).getRepresentedString()`
	`165`	`+ testAnnotation.getValue("dataProvider").(StringLiteral).getValue()`
`166`	`166`	`\|`
`167`	`167`	`// Either the data provider should be on the current class, or a supertype`
`168`	`168`	`this.getDeclaringType().getAnAncestor() = result.getDeclaringType()`
`@@ -258,7 +258,7 @@ class TestNGDataProviderMethod extends Method {`
`258`	`258`	`.(TestNGDataProviderAnnotation)`
`259`	`259`	`.getValue("name")`
`260`	`260`	`.(StringLiteral)`
`261`		`- .getRepresentedString()`
	`261`	`+ .getValue()`
`262`	`262`	`}`
`263`	`263`	`}`
`264`	`264`
Original file line number	Diff line number	Diff line change
`@@ -300,8 +300,8 @@ private predicate unsafeEscape(MethodAccess ma) {`
`300`	`300`	// Removing `<script>` tags using a string-replace method is
`301`	`301`	// unsafe if such a tag is embedded inside another one (e.g. `<scr<script>ipt>`).
`302`	`302`	`exists(StringReplaceMethod m \| ma.getMethod() = m \|`
`303`		`- ma.getArgument(0).(StringLiteral).getRepresentedString() = "(<script>)" and`
`304`		`- ma.getArgument(1).(StringLiteral).getRepresentedString() = ""`
	`303`	`+ ma.getArgument(0).(StringLiteral).getValue() = "(<script>)" and`
	`304`	`+ ma.getArgument(1).(StringLiteral).getValue() = ""`
`305`	`305`	`)`
`306`	`306`	`}`
`307`	`307`
Original file line number	Diff line number	Diff line change
`@@ -37,9 +37,9 @@ class SpringComponentScan extends Annotation {`
`37`	`37`	`*/`
`38`	`38`	`string getBasePackages() {`
`39`	`39`	`// "value" and "basePackages" are synonymous, and are simple strings`
`40`		`- result = this.getAValue("basePackages").(StringLiteral).getRepresentedString()`
	`40`	`+ result = this.getAValue("basePackages").(StringLiteral).getValue()`
`41`	`41`	`or`
`42`		`- result = this.getAValue("value").(StringLiteral).getRepresentedString()`
	`42`	`+ result = this.getAValue("value").(StringLiteral).getValue()`
`43`	`43`	`or`
`44`	`44`	`exists(TypeLiteral typeLiteral \|`
`45`	`45`	`// Base package classes are type literals whose package should be considered a base package.`
`@@ -201,7 +201,7 @@ class SpringComponent extends RefType {`
`201`	`201`	`.getType()`
`202`	`202`	`.hasQualifiedName("org.springframework.context.annotation", "Profile")`
`203`	`203`	`\|`
`204`		`- result = profileAnnotation.getAValue("value").(StringLiteral).getRepresentedString()`
	`204`	`+ result = profileAnnotation.getAValue("value").(StringLiteral).getValue()`
`205`	`205`	`)`
`206`	`206`	`}`
`207`	`207`	`}`