InstanceOf check instead of comparing classnames

Timo Mueller · Timo Mueller · commit f7437422c190 · 2021-05-04T15:51:40.000+02:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql
@@ -57,8 +57,8 @@ class MapToPutCredentialstypeConfiguration extends DataFlow2::Configuration {
       put.getKey().toString() = "RMIConnectorServer.CREDENTIALS_FILTER_PATTERN" // This can probably be solved more nicely
     |
       put.getQualifier() = qualifier and
-      put.getMethod().(MapMethod).getReceiverKeyType().getName() = "String" and
-      put.getMethod().(MapMethod).getReceiverValueType().getName() = "Object"
+      put.getMethod().(MapMethod).getReceiverKeyType() instanceof TypeString and
+      put.getMethod().(MapMethod).getReceiverValueType() instanceof TypeObject
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -57,8 +57,8 @@ class MapToPutCredentialstypeConfiguration extends DataFlow2::Configuration {`
`57`	`57`	`put.getKey().toString() = "RMIConnectorServer.CREDENTIALS_FILTER_PATTERN" // This can probably be solved more nicely`
`58`	`58`	`\|`
`59`	`59`	`put.getQualifier() = qualifier and`
`60`		`- put.getMethod().(MapMethod).getReceiverKeyType().getName() = "String" and`
`61`		`- put.getMethod().(MapMethod).getReceiverValueType().getName() = "Object"`
	`60`	`+ put.getMethod().(MapMethod).getReceiverKeyType() instanceof TypeString and`
	`61`	`+ put.getMethod().(MapMethod).getReceiverValueType() instanceof TypeObject`
`62`	`62`	`)`
`63`	`63`	`}`
`64`	`64`	`}`