Include constructors in abstract class

Author: owen-mc

java/ql/src/semmle/code/java/JDK.qll

@@ -180,21 +180,34 @@ class TypeFile extends Class {
 /**
  * Any of the methods named `command` on class `java.lang.ProcessBuilder`.
  */
-class MethodProcessBuilderCommand extends ExecMethod {
+class ProcessBuilderConstructor extends Constructor, ExecCallable {
+  ProcessBuilderConstructor() { this.getDeclaringType() instanceof TypeProcessBuilder }
+
+  override int getAnExecutedArgument() { result = 0 }
+}
+
+/**
+ * Any of the methods named `command` on class `java.lang.ProcessBuilder`.
+ */
+class MethodProcessBuilderCommand extends Method, ExecCallable {
   MethodProcessBuilderCommand() {
     hasName("command") and
     getDeclaringType() instanceof TypeProcessBuilder
   }
+
+  override int getAnExecutedArgument() { result = 0 }
 }
 
 /**
  * Any method named `exec` on class `java.lang.Runtime`.
  */
-class MethodRuntimeExec extends ExecMethod {
+class MethodRuntimeExec extends Method, ExecCallable {
   MethodRuntimeExec() {
     hasName("exec") and
     getDeclaringType() instanceof TypeRuntime
   }
+
+  override int getAnExecutedArgument() { result = 0 }
 }
 
 /**

java/ql/src/semmle/code/java/frameworks/apache/Exec.qll

@@ -6,16 +6,20 @@ library class TypeCommandLine extends Class {
   TypeCommandLine() { hasQualifiedName("org.apache.commons.exec", "CommandLine") }
 }
 
-library class MethodCommandLineParse extends ExecMethod {
+library class MethodCommandLineParse extends Method, ExecCallable {
   MethodCommandLineParse() {
     getDeclaringType() instanceof TypeCommandLine and
     hasName("parse")
   }
+
+  override int getAnExecutedArgument() { result = 0 }
 }
 
-library class MethodCommandLineAddArguments extends ExecMethod {
+library class MethodCommandLineAddArguments extends Method, ExecCallable {
   MethodCommandLineAddArguments() {
     getDeclaringType() instanceof TypeCommandLine and
     hasName("addArguments")
   }
+
+  override int getAnExecutedArgument() { result = 0 }
 }

java/ql/src/semmle/code/java/security/ExternalProcess.qll

@@ -6,7 +6,9 @@ import semmle.code.java.frameworks.apache.Exec
 /**
  * A method that executes a command.
  */
-abstract class ExecMethod extends Method { }
+abstract class ExecCallable extends Callable {
+  abstract int getAnExecutedArgument();
+}
 
 /**
  * An expression used as an argument to a call that executes an external command. For calls to
@@ -15,15 +17,10 @@ abstract class ExecMethod extends Method { }
  */
 class ArgumentToExec extends Expr {
   ArgumentToExec() {
-    exists(MethodAccess execCall, ExecMethod method |
-      execCall.getArgument(0) = this and
-      method = execCall.getMethod()
-    )
-    or
-    exists(ConstructorCall expr, Constructor cons |
-      expr.getConstructor() = cons and
-      cons.getDeclaringType().hasQualifiedName("java.lang", "ProcessBuilder") and
-      expr.getArgument(0) = this
+    exists(Call execCall, ExecCallable execCallable, int i |
+      execCall.getArgument(i) = this and
+      execCallable = execCall.getCallee() and
+      i = execCallable.getAnExecutedArgument()
     )
   }
 }