diff --git a/java/ql/lib/semmle/code/java/JDK.qll b/java/ql/lib/semmle/code/java/JDK.qll index 504c70bff862..f32336ab2514 100644 --- a/java/ql/lib/semmle/code/java/JDK.qll +++ b/java/ql/lib/semmle/code/java/JDK.qll @@ -4,6 +4,7 @@ import Member import semmle.code.java.security.ExternalProcess +private import semmle.code.java.dataflow.FlowSteps // --- Standard types --- /** The class `java.lang.Object`. */ @@ -37,6 +38,27 @@ class StringLengthMethod extends Method { StringLengthMethod() { this.hasName("length") and this.getDeclaringType() instanceof TypeString } } +/** + * The methods on the class `java.lang.String` that are used to perform partial matches with a specified substring or char. + */ +class StringPartialMatchMethod extends Method { + StringPartialMatchMethod() { + this.hasName([ + "contains", "startsWith", "endsWith", "matches", "indexOf", "lastIndexOf", "regionMatches" + ]) and + this.getDeclaringType() instanceof TypeString + } + + /** + * Gets the index of the parameter that is being matched against. + */ + int getMatchParameterIndex() { + if this.hasName("regionMatches") + then this.getParameterType(result) instanceof TypeString + else result = 0 + } +} + /** The class `java.lang.StringBuffer`. */ class TypeStringBuffer extends Class { TypeStringBuffer() { this.hasQualifiedName("java.lang", "StringBuffer") } @@ -228,11 +250,13 @@ class MethodSystemGetenv extends Method { /** * Any method named `getProperty` on class `java.lang.System`. */ -class MethodSystemGetProperty extends Method { +class MethodSystemGetProperty extends ValuePreservingMethod { MethodSystemGetProperty() { this.hasName("getProperty") and this.getDeclaringType() instanceof TypeSystem } + + override predicate returnsValue(int arg) { arg = 1 } } /** @@ -244,6 +268,9 @@ class MethodAccessSystemGetProperty extends MethodAccess { /** * Holds if this call has a compile-time constant first argument with the value `propertyName`. * For example: `System.getProperty("user.dir")`. + * + * Note: Better to use `semmle.code.java.environment.SystemProperty#getSystemProperty` instead + * as that predicate covers ways of accessing the same information via various libraries. */ predicate hasCompileTimeConstantGetPropertyName(string propertyName) { this.getArgument(0).(CompileTimeConstantExpr).getStringValue() = propertyName diff --git a/java/ql/lib/semmle/code/java/StringFormat.qll b/java/ql/lib/semmle/code/java/StringFormat.qll index bfc893ab7566..f8ebac41d9ab 100644 --- a/java/ql/lib/semmle/code/java/StringFormat.qll +++ b/java/ql/lib/semmle/code/java/StringFormat.qll @@ -4,6 +4,7 @@ import java import dataflow.DefUse +private import semmle.code.java.environment.SystemProperty /** * A library method that formats a number of its arguments according to a @@ -312,27 +313,7 @@ private predicate formatStringValue(Expr e, string fmtvalue) { or formatStringValue(e.(ChooseExpr).getAResultExpr(), fmtvalue) or - exists(Method getprop, MethodAccess ma, string prop | - e = ma and - ma.getMethod() = getprop and - getprop.hasName("getProperty") and - getprop.getDeclaringType().hasQualifiedName("java.lang", "System") and - getprop.getNumberOfParameters() = 1 and - ma.getAnArgument().(StringLiteral).getValue() = prop and - (prop = "line.separator" or prop = "file.separator" or prop = "path.separator") and - fmtvalue = "x" // dummy value - ) - or - exists(Field f | - e = f.getAnAccess() and - f.getDeclaringType() instanceof TypeFile and - fmtvalue = "x" // dummy value - | - f.hasName("pathSeparator") or - f.hasName("pathSeparatorChar") or - f.hasName("separator") or - f.hasName("separatorChar") - ) + e = getSystemProperty(["line.separator", "file.separator", "path.separator"]) and fmtvalue = "x" // dummy value ) } diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index 2d49800545a6..d90e96e78982 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -203,6 +203,7 @@ class EnvReadMethod extends Method { EnvReadMethod() { this instanceof MethodSystemGetenv or this instanceof PropertiesGetPropertyMethod or + this instanceof PropertiesGetMethod or this instanceof MethodSystemGetProperty } } diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll index 84d885797ab6..4f350ec9ccb8 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll @@ -10,11 +10,13 @@ private import semmle.code.java.dataflow.DataFlow * ensuring that they are visible to the taint tracking library. */ private module Frameworks { + private import semmle.code.java.JDK private import semmle.code.java.frameworks.jackson.JacksonSerializability private import semmle.code.java.frameworks.android.AsyncTask private import semmle.code.java.frameworks.android.Intent private import semmle.code.java.frameworks.android.SQLite private import semmle.code.java.frameworks.Guice + private import semmle.code.java.frameworks.Properties private import semmle.code.java.frameworks.Protobuf private import semmle.code.java.frameworks.guava.Guava private import semmle.code.java.frameworks.apache.Lang diff --git a/java/ql/lib/semmle/code/java/environment/SystemProperty.qll b/java/ql/lib/semmle/code/java/environment/SystemProperty.qll new file mode 100644 index 000000000000..6a3ffde76ebe --- /dev/null +++ b/java/ql/lib/semmle/code/java/environment/SystemProperty.qll @@ -0,0 +1,286 @@ +/** + * Provides classes and predicates for working with java system properties. + */ + +import java +private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.frameworks.Properties +private import semmle.code.java.frameworks.apache.Lang + +/** + * Gets an expression that retrieves the value of `propertyName` from `System.getProperty()`. + * + * Note: Expression type is not just `String`. + */ +Expr getSystemProperty(string propertyName) { + result = getSystemPropertyFromSystem(propertyName) or + result = getSystemPropertyFromSystemGetProperties(propertyName) or + result = getSystemPropertyFromFile(propertyName) or + result = getSystemPropertyFromApacheSystemUtils(propertyName) or + result = getSystemPropertyFromApacheFileUtils(propertyName) or + result = getSystemPropertyFromGuava(propertyName) or + result = getSystemPropertyFromOperatingSystemMXBean(propertyName) or + result = getSystemPropertyFromSpringProperties(propertyName) +} + +private MethodAccess getSystemPropertyFromSystem(string propertyName) { + result.(MethodAccessSystemGetProperty).hasCompileTimeConstantGetPropertyName(propertyName) + or + result.getMethod().hasName("lineSeparator") and propertyName = "line.separator" +} + +/** + * A method access that retrieves the value of `propertyName` from the following methods: + * - `System.getProperties().getProperty(...)` + * - `System.getProperties().get(...)` + */ +private MethodAccess getSystemPropertyFromSystemGetProperties(string propertyName) { + exists(Method getMethod | + getMethod instanceof PropertiesGetMethod + or + getMethod instanceof PropertiesGetPropertyMethod and + result.getMethod() = getMethod + ) and + result.getArgument(0).(CompileTimeConstantExpr).getStringValue() = propertyName and + localExprFlowPlusInitializers(any(MethodAccess m | + m.getMethod().getDeclaringType() instanceof TypeSystem and + m.getMethod().hasName("getProperties") + ), result.getQualifier()) +} + +private FieldAccess getSystemPropertyFromFile(string propertyName) { + result.getField() instanceof FieldFileSeparator and propertyName = "file.separator" + or + result.getField() instanceof FieldFilePathSeparator and propertyName = "path.separator" +} + +/** The field `java.io.File.separator` or `java.io.File.separatorChar` */ +private class FieldFileSeparator extends Field { + FieldFileSeparator() { + this.getDeclaringType() instanceof TypeFile and this.hasName(["separator", "separatorChar"]) + } +} + +/* The field `java.io.File.pathSeparator` or `java.io.File.pathSeparatorChar` */ +private class FieldFilePathSeparator extends Field { + FieldFilePathSeparator() { + this.getDeclaringType() instanceof TypeFile and + this.hasName(["pathSeparator", "pathSeparatorChar"]) + } +} + +/** + * A field access to the system property. + * See: https://commons.apache.org/proper/commons-lang/apidocs/org/apache/commons/lang3/SystemUtils.html + */ +private FieldAccess getSystemPropertyFromApacheSystemUtils(string propertyName) { + exists(Field f | f = result.getField() and f.getDeclaringType() instanceof TypeApacheSystemUtils | + f.hasName("AWT_TOOLKIT") and propertyName = "awt.toolkit" + or + f.hasName("FILE_ENCODING") and propertyName = "file.encoding" + or + f.hasName("FILE_SEPARATOR") and propertyName = "file.separator" + or + f.hasName("JAVA_AWT_FONTS") and propertyName = "java.awt.fonts" + or + f.hasName("JAVA_AWT_GRAPHICSENV") and propertyName = "java.awt.graphicsenv" + or + f.hasName("JAVA_AWT_HEADLESS") and propertyName = "java.awt.headless" + or + f.hasName("JAVA_AWT_PRINTERJOB") and propertyName = "java.awt.printerjob" + or + f.hasName("JAVA_CLASS_PATH") and propertyName = "java.class.path" + or + f.hasName("JAVA_CLASS_VERSION") and propertyName = "java.class.version" + or + f.hasName("JAVA_COMPILER") and propertyName = "java.compiler" + or + f.hasName("JAVA_EXT_DIRS") and propertyName = "java.ext.dirs" + or + f.hasName("JAVA_HOME") and propertyName = "java.home" + or + f.hasName("JAVA_IO_TMPDIR") and propertyName = "java.io.tmpdir" + or + f.hasName("JAVA_LIBRARY_PATH") and propertyName = "java.library.path" + or + f.hasName("JAVA_RUNTIME_NAME") and propertyName = "java.runtime.name" + or + f.hasName("JAVA_RUNTIME_VERSION") and propertyName = "java.runtime.version" + or + f.hasName("JAVA_SPECIFICATION_NAME") and propertyName = "java.specification.name" + or + f.hasName("JAVA_SPECIFICATION_VENDOR") and propertyName = "java.specification.vendor" + or + f.hasName("JAVA_UTIL_PREFS_PREFERENCES_FACTORY") and + propertyName = "java.util.prefs.PreferencesFactory" // This really does break the lowercase convention obeyed everywhere else + or + f.hasName("JAVA_VENDOR") and propertyName = "java.vendor" + or + f.hasName("JAVA_VENDOR_URL") and propertyName = "java.vendor.url" + or + f.hasName("JAVA_VERSION") and propertyName = "java.version" + or + f.hasName("JAVA_VM_INFO") and propertyName = "java.vm.info" + or + f.hasName("JAVA_VM_NAME") and propertyName = "java.vm.name" + or + f.hasName("JAVA_VM_SPECIFICATION_NAME") and propertyName = "java.vm.specification.name" + or + f.hasName("JAVA_VM_SPECIFICATION_VENDOR") and propertyName = "java.vm.specification.vendor" + or + f.hasName("JAVA_VM_VENDOR") and propertyName = "java.vm.vendor" + or + f.hasName("JAVA_VM_VERSION") and propertyName = "java.vm.version" + or + f.hasName("LINE_SEPARATOR") and propertyName = "line.separator" + or + f.hasName("OS_ARCH") and propertyName = "os.arch" + or + f.hasName("OS_NAME") and propertyName = "os.name" + or + f.hasName("OS_VERSION") and propertyName = "os.version" + or + f.hasName("PATH_SEPARATOR") and propertyName = "path.separator" + or + f.hasName("USER_COUNTRY") and propertyName = "user.country" + or + f.hasName("USER_DIR") and propertyName = "user.dir" + or + f.hasName("USER_HOME") and propertyName = "user.home" + or + f.hasName("USER_LANGUAGE") and propertyName = "user.language" + or + f.hasName("USER_NAME") and propertyName = "user.name" + or + f.hasName("USER_TIMEZONE") and propertyName = "user.timezone" + ) +} + +private MethodAccess getSystemPropertyFromApacheFileUtils(string propertyName) { + exists(Method m | + result.getMethod() = m and + m.getDeclaringType().hasQualifiedName("org.apache.commons.io", "FileUtils") + | + m.hasName(["getTempDirectory", "getTempDirectoryPath"]) and propertyName = "java.io.tmpdir" + or + m.hasName(["getUserDirectory", "getUserDirectoryPath"]) and propertyName = "user.home" + ) +} + +private MethodAccess getSystemPropertyFromGuava(string propertyName) { + exists(EnumConstant ec | + ec.getDeclaringType().hasQualifiedName("com.google.common.base", "StandardSystemProperty") and + // Example: `StandardSystemProperty.JAVA_IO_TMPDIR.value()` + ( + localExprFlowPlusInitializers(ec.getAnAccess(), result.getQualifier()) and + result.getMethod().hasName("value") + ) + or + // Example: `System.getProperty(StandardSystemProperty.JAVA_IO_TMPDIR.key())` + exists(MethodAccess keyMa | + localExprFlowPlusInitializers(ec.getAnAccess(), keyMa.getQualifier()) and + keyMa.getMethod().hasName("key") and + localExprFlowPlusInitializers(keyMa, result.(MethodAccessSystemGetProperty).getArgument(0)) + ) + | + ec.hasName("JAVA_VERSION") and propertyName = "java.version" + or + ec.hasName("JAVA_VENDOR") and propertyName = "java.vendor" + or + ec.hasName("JAVA_VENDOR_URL") and propertyName = "java.vendor.url" + or + ec.hasName("JAVA_HOME") and propertyName = "java.home" + or + ec.hasName("JAVA_VM_SPECIFICATION_VERSION") and propertyName = "java.vm.specification.version" + or + ec.hasName("JAVA_VM_SPECIFICATION_VENDOR") and propertyName = "java.vm.specification.vendor" + or + ec.hasName("JAVA_VM_SPECIFICATION_NAME") and propertyName = "java.vm.specification.name" + or + ec.hasName("JAVA_VM_VERSION") and propertyName = "java.vm.version" + or + ec.hasName("JAVA_VM_VENDOR") and propertyName = "java.vm.vendor" + or + ec.hasName("JAVA_VM_NAME") and propertyName = "java.vm.name" + or + ec.hasName("JAVA_SPECIFICATION_VERSION") and propertyName = "java.specification.version" + or + ec.hasName("JAVA_SPECIFICATION_VENDOR") and propertyName = "java.specification.vendor" + or + ec.hasName("JAVA_SPECIFICATION_NAME") and propertyName = "java.specification.name" + or + ec.hasName("JAVA_CLASS_VERSION") and propertyName = "java.class.version" + or + ec.hasName("JAVA_CLASS_PATH") and propertyName = "java.class.path" + or + ec.hasName("JAVA_LIBRARY_PATH") and propertyName = "java.library.path" + or + ec.hasName("JAVA_IO_TMPDIR") and propertyName = "java.io.tmpdir" + or + ec.hasName("JAVA_COMPILER") and propertyName = "java.compiler" + or + ec.hasName("JAVA_EXT_DIRS") and propertyName = "java.ext.dirs" + or + ec.hasName("OS_NAME") and propertyName = "os.name" + or + ec.hasName("OS_ARCH") and propertyName = "os.arch" + or + ec.hasName("OS_VERSION") and propertyName = "os.version" + or + ec.hasName("FILE_SEPARATOR") and propertyName = "file.separator" + or + ec.hasName("PATH_SEPARATOR") and propertyName = "path.separator" + or + ec.hasName("LINE_SEPARATOR") and propertyName = "line.separator" + or + ec.hasName("USER_NAME") and propertyName = "user.name" + or + ec.hasName("USER_HOME") and propertyName = "user.home" + or + ec.hasName("USER_DIR") and propertyName = "user.dir" + ) +} + +private MethodAccess getSystemPropertyFromOperatingSystemMXBean(string propertyName) { + exists(Method m | + m = result.getMethod() and + m.getDeclaringType().hasQualifiedName("java.lang.management", "OperatingSystemMXBean") + | + m.getName() = "getName" and propertyName = "os.name" + or + m.getName() = "getArch" and propertyName = "os.arch" + or + m.getName() = "getVersion" and propertyName = "os.version" + ) +} + +private MethodAccess getSystemPropertyFromSpringProperties(string propertyName) { + exists(Method m | + m = result.getMethod() and + m.getDeclaringType().hasQualifiedName("org.springframework.core", "SpringProperties") and + m.hasName("getProperty") + ) and + result.getArgument(0).(CompileTimeConstantExpr).getStringValue() = propertyName +} + +/** + * Holds if data can flow from `e1` to `e2` in zero or more + * local (intra-procedural) steps or via local variable intializers + * for final variables. + */ +private predicate localExprFlowPlusInitializers(Expr e1, Expr e2) { + localFlowPlusInitializers(DataFlow::exprNode(e1), DataFlow::exprNode(e2)) +} + +/** + * Holds if data can flow from `pred` to `succ` in zero or more + * local (intra-procedural) steps or via instance or static variable intializers + * for final variables. + */ +private predicate localFlowPlusInitializers(DataFlow::Node pred, DataFlow::Node succ) { + exists(Variable v | v.isFinal() and pred.asExpr() = v.getInitializer() | + DataFlow::localFlow(DataFlow::exprNode(v.getAnAccess()), succ) + ) + or + DataFlow::localFlow(pred, succ) +} diff --git a/java/ql/lib/semmle/code/java/frameworks/Properties.qll b/java/ql/lib/semmle/code/java/frameworks/Properties.qll index 2e6088d984f6..7b749a13e059 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Properties.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Properties.qll @@ -1,25 +1,44 @@ /* Definitions related to `java.util.Properties`. */ import semmle.code.java.Type +private import semmle.code.java.dataflow.FlowSteps -library class TypeProperty extends Class { +/** + * The `java.util.Properties` class. + */ +class TypeProperty extends Class { TypeProperty() { hasQualifiedName("java.util", "Properties") } } -library class PropertiesGetPropertyMethod extends Method { +/** The `getProperty` method of the class `java.util.Properties`. */ +class PropertiesGetPropertyMethod extends ValuePreservingMethod { PropertiesGetPropertyMethod() { getDeclaringType() instanceof TypeProperty and hasName("getProperty") } + + override predicate returnsValue(int arg) { arg = 1 } +} + +/** The `get` method of the class `java.util.Properties`. */ +class PropertiesGetMethod extends Method { + PropertiesGetMethod() { + getDeclaringType() instanceof TypeProperty and + hasName("get") + } } -library class PropertiesSetPropertyMethod extends Method { +/** The `setProperty` method of the class `java.util.Properties`. */ +class PropertiesSetPropertyMethod extends Method { PropertiesSetPropertyMethod() { getDeclaringType() instanceof TypeProperty and hasName("setProperty") } } -library class PropertiesStoreMethod extends Method { +/** + * The methods of the class `java.util.Properties` that write the contents to an output. + */ +class PropertiesStoreMethod extends Method { PropertiesStoreMethod() { getDeclaringType() instanceof TypeProperty and (getName().matches("store%") or getName() = "save") diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll b/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll index b536539670ee..84db672e9355 100644 --- a/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll +++ b/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll @@ -37,3 +37,12 @@ private class ApacheStrBuilderFluentMethod extends FluentMethod { this.getReturnType().(RefType).hasQualifiedName("org.apache.commons.lang3.text", "StrBuilder") } } + +/** + * The class `org.apache.commons.lang.SystemUtils` or `org.apache.commons.lang3.SystemUtils`. + */ +class TypeApacheSystemUtils extends Class { + TypeApacheSystemUtils() { + this.hasQualifiedName(["org.apache.commons.lang", "org.apache.commons.lang3"], "SystemUtils") + } +} diff --git a/java/ql/lib/semmle/code/java/os/OSCheck.qll b/java/ql/lib/semmle/code/java/os/OSCheck.qll new file mode 100644 index 000000000000..f78086476dea --- /dev/null +++ b/java/ql/lib/semmle/code/java/os/OSCheck.qll @@ -0,0 +1,161 @@ +/** + * Provides classes and predicates for guards that check for the current OS. + */ + +import java +import semmle.code.java.controlflow.Guards +private import semmle.code.java.environment.SystemProperty +private import semmle.code.java.frameworks.apache.Lang +private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.TaintTracking + +/** + * A guard that checks if the current OS is Windows. + * When True, the OS is Windows. + * When False, the OS is not Windows. + */ +abstract class IsWindowsGuard extends Guard { } + +/** + * A guard that checks if the current OS is a specific Windows variant. + * When True, the OS is Windows. + * When False, the OS *may* still be Windows. + */ +abstract class IsSpecificWindowsVariant extends Guard { } + +/** + * A guard that checks if the current OS is unix or unix-like. + * When True, the OS is unix or unix-like. + * When False, the OS is not unix or unix-like. + */ +abstract class IsUnixGuard extends Guard { } + +/** + * A guard that checks if the current OS is a specific unix or unix-like variant. + * When True, the OS is unix or unix-like. + * When False, the OS *may* still be unix or unix-like. + */ +abstract class IsSpecificUnixVariant extends Guard { } + +/** + * Holds when `ma` compares the current OS against the string constant `osString`. + */ +private predicate isOsFromSystemProp(MethodAccess ma, string osString) { + TaintTracking::localExprTaint(getSystemProperty("os.name"), ma.getQualifier()) and // Call from System.getProperty (or equivalent) to some partial match method + exists(StringPartialMatchMethod m, CompileTimeConstantExpr matchedStringConstant | + m = ma.getMethod() and + matchedStringConstant.getStringValue().toLowerCase() = osString + | + DataFlow::localExprFlow(matchedStringConstant, ma.getArgument(m.getMatchParameterIndex())) + ) +} + +private class IsWindowsFromSystemProp extends IsWindowsGuard instanceof MethodAccess { + IsWindowsFromSystemProp() { isOsFromSystemProp(this, any(string s | s.regexpMatch("windows?"))) } +} + +/** + * Holds when the Guard is an equality check between the system property with the name `propertyName` + * and the string or char constant `compareToLiteral`, and the branch evaluates to `branch`. + */ +private Guard isOsFromSystemPropertyEqualityCheck( + string propertyName, string compareToLiteral, boolean branch +) { + result + .isEquality(getSystemProperty(propertyName), + any(Literal literal | + (literal instanceof CharacterLiteral or literal instanceof StringLiteral) and + literal.getValue() = compareToLiteral + ), branch) +} + +private class IsWindowsFromPathSeparator extends IsWindowsGuard { + IsWindowsFromPathSeparator() { + this = isOsFromSystemPropertyEqualityCheck("path.separator", ";", true) or + this = isOsFromSystemPropertyEqualityCheck("path.separator", ":", false) + } +} + +private class IsWindowsFromFileSeparator extends IsWindowsGuard { + IsWindowsFromFileSeparator() { + this = isOsFromSystemPropertyEqualityCheck("file.separator", "\\", true) or + this = isOsFromSystemPropertyEqualityCheck("file.separator", "/", false) + } +} + +private class IsUnixFromPathSeparator extends IsUnixGuard { + IsUnixFromPathSeparator() { + this = isOsFromSystemPropertyEqualityCheck("path.separator", ":", true) or + this = isOsFromSystemPropertyEqualityCheck("path.separator", ";", false) + } +} + +private class IsUnixFromFileSeparator extends IsUnixGuard { + IsUnixFromFileSeparator() { + this = isOsFromSystemPropertyEqualityCheck("file.separator", "/", true) or + this = isOsFromSystemPropertyEqualityCheck("file.separator", "\\", false) + } +} + +private class IsUnixFromSystemProp extends IsSpecificUnixVariant instanceof MethodAccess { + IsUnixFromSystemProp() { + isOsFromSystemProp(this, any(string s | s.regexpMatch(["mac.*", "linux.*"]))) + } +} + +bindingset[fieldNamePattern] +private predicate isOsFromApacheCommons(FieldAccess fa, string fieldNamePattern) { + exists(Field f | f = fa.getField() | + f.getDeclaringType() instanceof TypeApacheSystemUtils and + f.getName().matches(fieldNamePattern) + ) +} + +private class IsWindowsFromApacheCommons extends IsWindowsGuard instanceof FieldAccess { + IsWindowsFromApacheCommons() { isOsFromApacheCommons(this, "IS_OS_WINDOWS") } +} + +private class IsSpecificWindowsVariantFromApacheCommons extends IsSpecificWindowsVariant instanceof FieldAccess { + IsSpecificWindowsVariantFromApacheCommons() { isOsFromApacheCommons(this, "IS_OS_WINDOWS_%") } +} + +private class IsUnixFromApacheCommons extends IsUnixGuard instanceof FieldAccess { + IsUnixFromApacheCommons() { isOsFromApacheCommons(this, "IS_OS_UNIX") } +} + +private class IsSpecificUnixVariantFromApacheCommons extends IsSpecificUnixVariant instanceof FieldAccess { + IsSpecificUnixVariantFromApacheCommons() { + isOsFromApacheCommons(this, + [ + "IS_OS_AIX", "IS_OS_HP_UX", "IS_OS_IRIX", "IS_OS_LINUX", "IS_OS_MAC%", "IS_OS_FREE_BSD", + "IS_OS_OPEN_BSD", "IS_OS_NET_BSD", "IS_OS_SOLARIS", "IS_OS_SUN_OS", "IS_OS_ZOS" + ]) + } +} + +/** + * A guard that checks if the `java.nio.file.FileSystem` supports posix file permissions. + * This is often used to infer if the OS is unix-based and can generally be considered to be true for all unix-based OSes + * ([source](https://en.wikipedia.org/wiki/POSIX#POSIX-oriented_operating_systems)). + * Looks for calls to `contains("posix")` on the `supportedFileAttributeViews()` method returned by `FileSystem`. + */ +private class IsUnixFromPosixFromFileSystem extends IsUnixGuard instanceof MethodAccess { + IsUnixFromPosixFromFileSystem() { + exists(Method m | m = this.getMethod() | + m.getDeclaringType() + .getASupertype*() + .getSourceDeclaration() + .hasQualifiedName("java.util", "Set") and + m.hasName("contains") + ) and + this.getArgument(0).(CompileTimeConstantExpr).getStringValue() = "posix" and + exists(Method supportedFileAttributeViewsMethod | + supportedFileAttributeViewsMethod.hasName("supportedFileAttributeViews") and + supportedFileAttributeViewsMethod.getDeclaringType() instanceof TypeFileSystem + | + DataFlow::localExprFlow(any(MethodAccess ma | + ma.getMethod() = supportedFileAttributeViewsMethod + ), super.getQualifier()) + ) + } +} diff --git a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql index a3faddf6ab73..5992ca11fd4a 100644 --- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql @@ -11,6 +11,7 @@ */ import java +import semmle.code.java.os.OSCheck import TempDirUtils import DataFlow::PathGraph import semmle.code.java.dataflow.TaintTracking2 @@ -102,11 +103,36 @@ private class FileCreateTempFileSink extends FileCreationSink { } } +/** + * A guard that holds when the program is definitely running under some version of Windows. + */ +abstract private class WindowsOsBarrierGuard extends DataFlow::BarrierGuard { } + +private class IsNotUnixBarrierGuard extends WindowsOsBarrierGuard instanceof IsUnixGuard { + override predicate checks(Expr e, boolean branch) { + this.controls(e.getBasicBlock(), branch.booleanNot()) + } +} + +private class IsWindowsBarrierGuard extends WindowsOsBarrierGuard instanceof IsWindowsGuard { + override predicate checks(Expr e, boolean branch) { this.controls(e.getBasicBlock(), branch) } +} + +private class IsSpecificWindowsBarrierGuard extends WindowsOsBarrierGuard instanceof IsSpecificWindowsVariant { + override predicate checks(Expr e, boolean branch) { + branch = true and this.controls(e.getBasicBlock(), branch) + } +} + +/** + * A taint tracking configuration tracking the access of the system temporary directory + * flowing to the creation of files or directories. + */ private class TempDirSystemGetPropertyToCreateConfig extends TaintTracking::Configuration { TempDirSystemGetPropertyToCreateConfig() { this = "TempDirSystemGetPropertyToCreateConfig" } override predicate isSource(DataFlow::Node source) { - source.asExpr() instanceof MethodAccessSystemGetPropertyTempDirTainted + source.asExpr() instanceof ExprSystemGetPropertyTempDirTainted } /** @@ -129,6 +155,10 @@ private class TempDirSystemGetPropertyToCreateConfig extends TaintTracking::Conf sanitizer.asExpr() = sanitisingMethodAccess.getArgument(0) ) } + + override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { + guard instanceof WindowsOsBarrierGuard + } } /** @@ -147,10 +177,8 @@ private class TempDirSystemGetPropertyDirectlyToMkdirConfig extends TaintTrackin } override predicate isSource(DataFlow::Node node) { - exists( - MethodAccessSystemGetPropertyTempDirTainted propertyGetMethodAccess, DataFlow::Node callSite - | - DataFlow::localFlow(DataFlow::exprNode(propertyGetMethodAccess), callSite) + exists(ExprSystemGetPropertyTempDirTainted propertyGetExpr, DataFlow::Node callSite | + DataFlow::localFlow(DataFlow::exprNode(propertyGetExpr), callSite) | isFileConstructorArgument(callSite.asExpr(), node.asExpr(), 1) ) diff --git a/java/ql/src/Security/CWE/CWE-200/TempDirUsageSafe.java b/java/ql/src/Security/CWE/CWE-200/TempDirUsageSafe.java index f44ead7accbe..75efa6af6ecc 100644 --- a/java/ql/src/Security/CWE/CWE-200/TempDirUsageSafe.java +++ b/java/ql/src/Security/CWE/CWE-200/TempDirUsageSafe.java @@ -1,10 +1,14 @@ import java.io.File; import java.io.IOException; +import java.io.UncheckedIOException; import java.nio.file.Files; +import java.nio.file.Path; import java.nio.file.attribute.PosixFilePermission; import java.nio.file.attribute.PosixFilePermissions; + import java.util.EnumSet; + public class TempDirUsageSafe { void exampleSafe() throws IOException { Path temp1 = Files.createTempFile("random", ".txt"); // GOOD: File has permissions `-rw-------` @@ -30,7 +34,7 @@ void exampleSafeWithWindowsSupportFile() { createTempFile(tempChildFile.toPath()); // GOOD: Good has permissions `-rw-------` } - static void createTempFile(Path tempDir) { + static void createTempFile(Path tempDirChild) { try { if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains("posix")) { // Explicit permissions setting is only required on unix-like systems because diff --git a/java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll b/java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll index d2a2bcb5a6fb..a2ee4fc13d17 100644 --- a/java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll +++ b/java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll @@ -3,34 +3,14 @@ */ import java +private import semmle.code.java.environment.SystemProperty import semmle.code.java.dataflow.FlowSources /** - * A method that returns a `String` or `File` that has been tainted by `System.getProperty("java.io.tmpdir")`. + * A method or field access that returns a `String` or `File` that has been tainted by `System.getProperty("java.io.tmpdir")`. */ -abstract class MethodAccessSystemGetPropertyTempDirTainted extends MethodAccess { } - -/** - * Method access `System.getProperty("java.io.tmpdir")`. - */ -private class MethodAccessSystemGetPropertyTempDir extends MethodAccessSystemGetPropertyTempDirTainted, - MethodAccessSystemGetProperty { - MethodAccessSystemGetPropertyTempDir() { - this.hasCompileTimeConstantGetPropertyName("java.io.tmpdir") - } -} - -/** - * A method call to the `org.apache.commons.io.FileUtils` methods `getTempDirectory` or `getTempDirectoryPath`. - */ -private class MethodAccessApacheFileUtilsTempDir extends MethodAccessSystemGetPropertyTempDirTainted { - MethodAccessApacheFileUtilsTempDir() { - exists(Method m | - m.getDeclaringType().hasQualifiedName("org.apache.commons.io", "FileUtils") and - m.hasName(["getTempDirectory", "getTempDirectoryPath"]) and - this.getMethod() = m - ) - } +class ExprSystemGetPropertyTempDirTainted extends Expr { + ExprSystemGetPropertyTempDirTainted() { this = getSystemProperty("java.io.tmpdir") } } /** diff --git a/java/ql/src/change-notes/2022-02-14-os-guards.md b/java/ql/src/change-notes/2022-02-14-os-guards.md new file mode 100644 index 000000000000..a3a24edb9167 --- /dev/null +++ b/java/ql/src/change-notes/2022-02-14-os-guards.md @@ -0,0 +1,7 @@ +--- +category: minorAnalysis +--- + * Added new guards `IsWindowsGuard`, `IsSpecificWindowsVariant`, `IsUnixGuard`, and `IsSpecificUnixVariant` to detect OS specific guards. + * Added a new predicate `getSystemProperty` that gets all expressions that retrieve system properties from a variety of sources (eg. alternative JDK API's, Google Guava, Apache Commons, Apache IO, etc..). + * Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard. + diff --git a/java/ql/test/library-tests/JDK/PrintAst.expected b/java/ql/test/library-tests/JDK/PrintAst.expected index 6aff48adce55..e6f240b325ed 100644 --- a/java/ql/test/library-tests/JDK/PrintAst.expected +++ b/java/ql/test/library-tests/JDK/PrintAst.expected @@ -60,6 +60,75 @@ jdk/A.java: # 28| 0: [ArrayTypeAccess] ...[] # 28| 0: [TypeAccess] String # 28| 5: [BlockStmt] { ... } +jdk/StringMatch.java: +# 0| [CompilationUnit] StringMatch +# 1| 1: [Class] StringMatch +# 2| 3: [FieldDeclaration] String STR; +# 2| -1: [TypeAccess] String +# 2| 0: [StringLiteral] "the quick brown fox jumps over the lazy dog" +# 4| 4: [Method] a +# 4| 3: [TypeAccess] void +# 4| 5: [BlockStmt] { ... } +# 5| 0: [ExprStmt] ; +# 5| 0: [MethodAccess] matches(...) +# 5| -1: [VarAccess] STR +# 5| 0: [StringLiteral] "[a-z]+" +# 8| 5: [Method] b +# 8| 3: [TypeAccess] void +# 8| 5: [BlockStmt] { ... } +# 9| 0: [ExprStmt] ; +# 9| 0: [MethodAccess] contains(...) +# 9| -1: [VarAccess] STR +# 9| 0: [StringLiteral] "the" +# 12| 6: [Method] c +# 12| 3: [TypeAccess] void +# 12| 5: [BlockStmt] { ... } +# 13| 0: [ExprStmt] ; +# 13| 0: [MethodAccess] startsWith(...) +# 13| -1: [VarAccess] STR +# 13| 0: [StringLiteral] "the" +# 16| 7: [Method] d +# 16| 3: [TypeAccess] void +# 16| 5: [BlockStmt] { ... } +# 17| 0: [ExprStmt] ; +# 17| 0: [MethodAccess] endsWith(...) +# 17| -1: [VarAccess] STR +# 17| 0: [StringLiteral] "dog" +# 20| 8: [Method] e +# 20| 3: [TypeAccess] void +# 20| 5: [BlockStmt] { ... } +# 21| 0: [ExprStmt] ; +# 21| 0: [MethodAccess] indexOf(...) +# 21| -1: [VarAccess] STR +# 21| 0: [StringLiteral] "lazy" +# 24| 9: [Method] f +# 24| 3: [TypeAccess] void +# 24| 5: [BlockStmt] { ... } +# 25| 0: [ExprStmt] ; +# 25| 0: [MethodAccess] lastIndexOf(...) +# 25| -1: [VarAccess] STR +# 25| 0: [StringLiteral] "lazy" +# 28| 10: [Method] g +# 28| 3: [TypeAccess] void +# 28| 5: [BlockStmt] { ... } +# 29| 0: [ExprStmt] ; +# 29| 0: [MethodAccess] regionMatches(...) +# 29| -1: [VarAccess] STR +# 29| 0: [IntegerLiteral] 0 +# 29| 1: [StringLiteral] "fox" +# 29| 2: [IntegerLiteral] 0 +# 29| 3: [IntegerLiteral] 4 +# 32| 11: [Method] h +# 32| 3: [TypeAccess] void +# 32| 5: [BlockStmt] { ... } +# 33| 0: [ExprStmt] ; +# 33| 0: [MethodAccess] regionMatches(...) +# 33| -1: [VarAccess] STR +# 33| 0: [BooleanLiteral] true +# 33| 1: [IntegerLiteral] 0 +# 33| 2: [StringLiteral] "FOX" +# 33| 3: [IntegerLiteral] 0 +# 33| 4: [IntegerLiteral] 4 jdk/SystemGetPropertyCall.java: # 0| [CompilationUnit] SystemGetPropertyCall # 3| 1: [Class] SystemGetPropertyCall diff --git a/java/ql/test/library-tests/JDK/StringMatch.expected b/java/ql/test/library-tests/JDK/StringMatch.expected new file mode 100644 index 000000000000..ae88868ae82c --- /dev/null +++ b/java/ql/test/library-tests/JDK/StringMatch.expected @@ -0,0 +1,8 @@ +| jdk/StringMatch.java:5:9:5:29 | matches(...) | jdk/StringMatch.java:5:21:5:28 | "[a-z]+" | +| jdk/StringMatch.java:9:9:9:27 | contains(...) | jdk/StringMatch.java:9:22:9:26 | "the" | +| jdk/StringMatch.java:13:9:13:29 | startsWith(...) | jdk/StringMatch.java:13:24:13:28 | "the" | +| jdk/StringMatch.java:17:9:17:27 | endsWith(...) | jdk/StringMatch.java:17:22:17:26 | "dog" | +| jdk/StringMatch.java:21:9:21:27 | indexOf(...) | jdk/StringMatch.java:21:21:21:26 | "lazy" | +| jdk/StringMatch.java:25:9:25:31 | lastIndexOf(...) | jdk/StringMatch.java:25:25:25:30 | "lazy" | +| jdk/StringMatch.java:29:9:29:41 | regionMatches(...) | jdk/StringMatch.java:29:30:29:34 | "fox" | +| jdk/StringMatch.java:33:9:33:47 | regionMatches(...) | jdk/StringMatch.java:33:36:33:40 | "FOX" | diff --git a/java/ql/test/library-tests/JDK/StringMatch.ql b/java/ql/test/library-tests/JDK/StringMatch.ql new file mode 100644 index 000000000000..213c72a71e8e --- /dev/null +++ b/java/ql/test/library-tests/JDK/StringMatch.ql @@ -0,0 +1,5 @@ +import java + +from MethodAccess ma, StringPartialMatchMethod m +where ma.getMethod() = m +select ma, ma.getArgument(m.getMatchParameterIndex()) diff --git a/java/ql/test/library-tests/JDK/jdk/StringMatch.java b/java/ql/test/library-tests/JDK/jdk/StringMatch.java new file mode 100644 index 000000000000..3ceb1a06b5d7 --- /dev/null +++ b/java/ql/test/library-tests/JDK/jdk/StringMatch.java @@ -0,0 +1,35 @@ +public class StringMatch { + private static String STR = "the quick brown fox jumps over the lazy dog"; + + void a() { + STR.matches("[a-z]+"); + } + + void b() { + STR.contains("the"); + } + + void c() { + STR.startsWith("the"); + } + + void d() { + STR.endsWith("dog"); + } + + void e() { + STR.indexOf("lazy"); + } + + void f() { + STR.lastIndexOf("lazy"); + } + + void g() { + STR.regionMatches(0, "fox", 0, 4); + } + + void h() { + STR.regionMatches(true, 0, "FOX", 0, 4); + } +} diff --git a/java/ql/test/library-tests/environment/SystemPropertyAccess.java b/java/ql/test/library-tests/environment/SystemPropertyAccess.java new file mode 100644 index 000000000000..9c22fa89563a --- /dev/null +++ b/java/ql/test/library-tests/environment/SystemPropertyAccess.java @@ -0,0 +1,30 @@ +import java.io.File; +import java.util.Properties; +import org.apache.commons.lang3.SystemUtils; +import com.google.common.base.StandardSystemProperty; + +public class SystemPropertyAccess { + private static final Properties SYSTEM_PROPERTIES = System.getProperties(); + + void test() { + System.getProperty("os.name"); + System.getProperty("os.name", "default"); + System.getProperties().getProperty("os.name"); + System.getProperties().get("java.io.tmpdir"); + SYSTEM_PROPERTIES.getProperty("java.home"); + SYSTEM_PROPERTIES.get("file.encoding"); + System.lineSeparator(); + String awtToolkit = SystemUtils.AWT_TOOLKIT; + String fileEncoding = SystemUtils.FILE_ENCODING; + String tmpDir = SystemUtils.JAVA_IO_TMPDIR; + String separator = File.separator; + char separatorChar = File.separatorChar; + String pathSeparator = File.pathSeparator; + char pathSeparatorChar = File.pathSeparatorChar; + StandardSystemProperty.JAVA_VERSION.value(); + StandardSystemProperty property = StandardSystemProperty.JAVA_VERSION; + property.value(); + System.getProperty(StandardSystemProperty.JAVA_IO_TMPDIR.key()); + } + +} diff --git a/java/ql/test/library-tests/environment/SystemPropertyTest.expected b/java/ql/test/library-tests/environment/SystemPropertyTest.expected new file mode 100644 index 000000000000..ad6eb384deed --- /dev/null +++ b/java/ql/test/library-tests/environment/SystemPropertyTest.expected @@ -0,0 +1,57 @@ +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:93:5:93:50 | AWT_TOOLKIT | awt.toolkit | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:115:5:115:52 | FILE_ENCODING | file.encoding | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:141:5:142:53 | FILE_SEPARATOR | file.separator | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:160:5:160:53 | JAVA_AWT_FONTS | java.awt.fonts | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:178:5:178:59 | JAVA_AWT_GRAPHICSENV | java.awt.graphicsenv | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:199:5:199:56 | JAVA_AWT_HEADLESS | java.awt.headless | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:217:5:217:58 | JAVA_AWT_PRINTERJOB | java.awt.printerjob | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:235:5:235:54 | JAVA_CLASS_PATH | java.class.path | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:253:5:253:57 | JAVA_CLASS_VERSION | java.class.version | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:272:5:272:52 | JAVA_COMPILER | java.compiler | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:308:5:308:52 | JAVA_EXT_DIRS | java.ext.dirs | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:326:5:326:48 | JAVA_HOME | java.home | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:344:5:344:53 | JAVA_IO_TMPDIR | java.io.tmpdir | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:362:5:362:56 | JAVA_LIBRARY_PATH | java.library.path | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:381:5:381:56 | JAVA_RUNTIME_NAME | java.runtime.name | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:400:5:400:59 | JAVA_RUNTIME_VERSION | java.runtime.version | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:418:5:418:62 | JAVA_SPECIFICATION_NAME | java.specification.name | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:436:5:436:64 | JAVA_SPECIFICATION_VENDOR | java.specification.vendor | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:473:5:474:13 | JAVA_UTIL_PREFS_PREFERENCES_FACTORY | java.util.prefs.PreferencesFactory | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:492:5:492:50 | JAVA_VENDOR | java.vendor | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:510:5:510:54 | JAVA_VENDOR_URL | java.vendor.url | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:528:5:528:51 | JAVA_VERSION | java.version | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:547:5:547:51 | JAVA_VM_INFO | java.vm.info | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:565:5:565:51 | JAVA_VM_NAME | java.vm.name | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:583:5:583:65 | JAVA_VM_SPECIFICATION_NAME | java.vm.specification.name | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:601:5:601:67 | JAVA_VM_SPECIFICATION_VENDOR | java.vm.specification.vendor | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:637:5:637:53 | JAVA_VM_VENDOR | java.vm.vendor | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:655:5:655:54 | JAVA_VM_VERSION | java.vm.version | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:674:5:675:53 | LINE_SEPARATOR | line.separator | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:693:5:693:46 | OS_ARCH | os.arch | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:711:5:711:46 | OS_NAME | os.name | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:729:5:729:49 | OS_VERSION | os.version | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:749:5:750:53 | PATH_SEPARATOR | path.separator | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:770:5:770:73 | USER_COUNTRY | user.country | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:788:5:788:47 | USER_DIR | user.dir | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:806:5:806:48 | USER_HOME | user.home | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:825:5:825:52 | USER_LANGUAGE | user.language | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:843:5:843:48 | USER_NAME | user.name | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:861:5:861:52 | USER_TIMEZONE | user.timezone | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1762:47:1762:63 | JAVA_AWT_HEADLESS | java.awt.headless | +| SystemPropertyAccess.java:10:9:10:37 | getProperty(...) | os.name | +| SystemPropertyAccess.java:11:9:11:48 | getProperty(...) | os.name | +| SystemPropertyAccess.java:12:9:12:53 | getProperty(...) | os.name | +| SystemPropertyAccess.java:13:9:13:52 | get(...) | java.io.tmpdir | +| SystemPropertyAccess.java:14:9:14:50 | getProperty(...) | java.home | +| SystemPropertyAccess.java:15:9:15:46 | get(...) | file.encoding | +| SystemPropertyAccess.java:16:9:16:30 | lineSeparator(...) | line.separator | +| SystemPropertyAccess.java:17:29:17:51 | SystemUtils.AWT_TOOLKIT | awt.toolkit | +| SystemPropertyAccess.java:18:31:18:55 | SystemUtils.FILE_ENCODING | file.encoding | +| SystemPropertyAccess.java:19:25:19:50 | SystemUtils.JAVA_IO_TMPDIR | java.io.tmpdir | +| SystemPropertyAccess.java:20:28:20:41 | File.separator | file.separator | +| SystemPropertyAccess.java:21:30:21:47 | File.separatorChar | file.separator | +| SystemPropertyAccess.java:22:32:22:49 | File.pathSeparator | path.separator | +| SystemPropertyAccess.java:23:34:23:55 | File.pathSeparatorChar | path.separator | +| SystemPropertyAccess.java:24:9:24:51 | value(...) | java.version | +| SystemPropertyAccess.java:26:9:26:24 | value(...) | java.version | +| SystemPropertyAccess.java:27:9:27:71 | getProperty(...) | java.io.tmpdir | diff --git a/java/ql/test/library-tests/environment/SystemPropertyTest.ql b/java/ql/test/library-tests/environment/SystemPropertyTest.ql new file mode 100644 index 000000000000..c8d33c0e1e62 --- /dev/null +++ b/java/ql/test/library-tests/environment/SystemPropertyTest.ql @@ -0,0 +1,6 @@ +import default +import semmle.code.java.environment.SystemProperty + +from Expr systemPropertyAccess, string propertyName +where systemPropertyAccess = getSystemProperty(propertyName) +select systemPropertyAccess, propertyName diff --git a/java/ql/test/library-tests/environment/options b/java/ql/test/library-tests/environment/options new file mode 100644 index 000000000000..11f1248298f9 --- /dev/null +++ b/java/ql/test/library-tests/environment/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../stubs/apache-commons-lang3-3.7/:${testdir}/../../stubs/guava-30.0/ \ No newline at end of file diff --git a/java/ql/test/library-tests/os/Test.java b/java/ql/test/library-tests/os/Test.java new file mode 100644 index 000000000000..bae22e423e0b --- /dev/null +++ b/java/ql/test/library-tests/os/Test.java @@ -0,0 +1,147 @@ + +import java.io.File; +import java.nio.file.FileSystems; +import java.nio.file.Path; + +import org.apache.commons.lang3.SystemUtils; + +public class Test { + /** + * Should only be called on windows + */ + private void onlyOnWindows() {} + + /** + * Should only be called on unix-like systems + */ + private void onlyOnUnix() {} + + void testWindows() { + if (System.getProperty("os.name").contains("Windows")) { + onlyOnWindows(); + } + + if (System.getProperty("os.name").toLowerCase().contains("windows")) { + onlyOnWindows(); + } + + if (System.getProperty("os.name").toLowerCase().contains("window")) { + onlyOnWindows(); + } + + if (System.getProperty("os.name").toUpperCase().contains("WINDOWS")) { + onlyOnWindows(); + } + + if (SystemUtils.IS_OS_WINDOWS) { + onlyOnWindows(); + } else { + onlyOnUnix(); + } + + if (SystemUtils.IS_OS_WINDOWS_XP) { + onlyOnWindows(); + } else { + // Might be another version of windows + } + + if (File.pathSeparatorChar == ';') { + onlyOnWindows(); + } + + if (File.pathSeparator == ";") { + onlyOnWindows(); + } + + if (File.separatorChar == '\\') { + onlyOnWindows(); + } + + if (File.separator == "\\") { + onlyOnWindows(); + } + + if (System.getProperty("path.separator").equals(";")) { + onlyOnWindows(); + } + } + + void testUnix() { + if (Path.of("whatever").getFileSystem().supportedFileAttributeViews().contains("posix")) { + onlyOnUnix(); + } + + if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) { + onlyOnUnix(); + } + + if (SystemUtils.IS_OS_UNIX) { + onlyOnUnix(); + } else { + // Reasonable assumption, maybe not 100% accurate, but it's 'good enough' + onlyOnWindows(); + } + + if (File.pathSeparatorChar == ':') { + onlyOnUnix(); + } + + if (File.pathSeparator == ":") { + onlyOnUnix(); + } + + if (File.separatorChar == '/') { + onlyOnUnix(); + } + + if (File.separator == "/") { + onlyOnUnix(); + } + + if (System.getProperty("path.separator").equals(":")) { + onlyOnUnix(); + } + } + + void testLinux() { + if (System.getProperty("os.name").toLowerCase().contains("linux")) { + onlyOnUnix(); + } + + if (System.getProperty("os.name").contains("Linux")) { + onlyOnUnix(); + } + + if (SystemUtils.IS_OS_LINUX) { + onlyOnUnix(); + } else { + // Might be another different unix-like system, so this can't be `onlyOnWindows()`. + } + + if (!SystemUtils.IS_OS_LINUX) { + // Might be another different unix-like system, so this can't be `onlyOnWindows()`. + } else { + onlyOnUnix(); + } + } + + void testMacOs() { + if (System.getProperty("os.name").contains("Mac OS X")) { + onlyOnUnix(); + } + + if (System.getProperty("os.name").toLowerCase().contains("mac")) { + onlyOnUnix(); + } + + if (SystemUtils.IS_OS_MAC) { + onlyOnUnix(); + } else { + // Can't assume this is windows, it could be another unix-like OS + } + + if (SystemUtils.IS_OS_MAC_OSX_MOJAVE) { + onlyOnUnix(); + } + } +} diff --git a/java/ql/test/library-tests/os/options b/java/ql/test/library-tests/os/options new file mode 100644 index 000000000000..39337d5274a1 --- /dev/null +++ b/java/ql/test/library-tests/os/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../stubs/apache-commons-lang3-3.7/ \ No newline at end of file diff --git a/java/ql/test/library-tests/os/specific-unix-variant-test.expected b/java/ql/test/library-tests/os/specific-unix-variant-test.expected new file mode 100644 index 000000000000..a81e7d8e5e39 --- /dev/null +++ b/java/ql/test/library-tests/os/specific-unix-variant-test.expected @@ -0,0 +1,37 @@ +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1079:5:1079:80 | IS_OS_AIX | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1091:5:1091:82 | IS_OS_HP_UX | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1115:5:1115:81 | IS_OS_IRIX | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1127:5:1127:82 | IS_OS_LINUX | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1139:5:1139:80 | IS_OS_MAC | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1151:5:1151:84 | IS_OS_MAC_OSX | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1163:5:1163:92 | IS_OS_MAC_OSX_CHEETAH | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1175:5:1175:89 | IS_OS_MAC_OSX_PUMA | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1187:5:1187:91 | IS_OS_MAC_OSX_JAGUAR | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1199:5:1199:92 | IS_OS_MAC_OSX_PANTHER | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1211:5:1211:90 | IS_OS_MAC_OSX_TIGER | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1223:5:1223:92 | IS_OS_MAC_OSX_LEOPARD | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1235:5:1235:97 | IS_OS_MAC_OSX_SNOW_LEOPARD | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1247:5:1247:89 | IS_OS_MAC_OSX_LION | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1259:5:1259:98 | IS_OS_MAC_OSX_MOUNTAIN_LION | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1271:5:1271:94 | IS_OS_MAC_OSX_MAVERICKS | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1283:5:1283:93 | IS_OS_MAC_OSX_YOSEMITE | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1295:5:1295:95 | IS_OS_MAC_OSX_EL_CAPITAN | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1307:5:1307:91 | IS_OS_MAC_OSX_SIERRA | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1319:5:1319:96 | IS_OS_MAC_OSX_HIGH_SIERRA | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1331:5:1331:91 | IS_OS_MAC_OSX_MOJAVE | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1343:5:1343:93 | IS_OS_MAC_OSX_CATALINA | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1355:5:1355:92 | IS_OS_MAC_OSX_BIG_SUR | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1367:5:1367:85 | IS_OS_FREE_BSD | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1379:5:1379:85 | IS_OS_OPEN_BSD | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1391:5:1391:84 | IS_OS_NET_BSD | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1415:5:1415:84 | IS_OS_SOLARIS | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1427:5:1427:83 | IS_OS_SUN_OS | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1625:5:1625:80 | IS_OS_ZOS | +| Test.java:107:13:107:73 | contains(...) | +| Test.java:111:13:111:59 | contains(...) | +| Test.java:115:13:115:35 | SystemUtils.IS_OS_LINUX | +| Test.java:121:14:121:36 | SystemUtils.IS_OS_LINUX | +| Test.java:129:13:129:62 | contains(...) | +| Test.java:133:14:133:72 | contains(...) | +| Test.java:137:14:137:34 | SystemUtils.IS_OS_MAC | +| Test.java:143:14:143:45 | SystemUtils.IS_OS_MAC_OSX_MOJAVE | diff --git a/java/ql/test/library-tests/os/specific-unix-variant-test.ql b/java/ql/test/library-tests/os/specific-unix-variant-test.ql new file mode 100644 index 000000000000..9343f3c6ad22 --- /dev/null +++ b/java/ql/test/library-tests/os/specific-unix-variant-test.ql @@ -0,0 +1,5 @@ +import default +import semmle.code.java.os.OSCheck + +from IsSpecificUnixVariant isAnyUnix +select isAnyUnix diff --git a/java/ql/test/library-tests/os/specific-windows-variant-test.expected b/java/ql/test/library-tests/os/specific-windows-variant-test.expected new file mode 100644 index 000000000000..89630563d13b --- /dev/null +++ b/java/ql/test/library-tests/os/specific-windows-variant-test.expected @@ -0,0 +1,14 @@ +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1463:5:1463:89 | IS_OS_WINDOWS_2000 | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1475:5:1475:89 | IS_OS_WINDOWS_2003 | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1487:5:1487:89 | IS_OS_WINDOWS_2008 | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1499:5:1499:89 | IS_OS_WINDOWS_2012 | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1511:5:1511:87 | IS_OS_WINDOWS_95 | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1523:5:1523:87 | IS_OS_WINDOWS_98 | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1535:5:1535:87 | IS_OS_WINDOWS_ME | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1547:5:1547:87 | IS_OS_WINDOWS_NT | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1559:5:1559:87 | IS_OS_WINDOWS_XP | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1572:5:1572:90 | IS_OS_WINDOWS_VISTA | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1584:5:1584:86 | IS_OS_WINDOWS_7 | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1596:5:1596:86 | IS_OS_WINDOWS_8 | +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1608:5:1608:87 | IS_OS_WINDOWS_10 | +| Test.java:42:13:42:40 | SystemUtils.IS_OS_WINDOWS_XP | diff --git a/java/ql/test/library-tests/os/specific-windows-variant-test.ql b/java/ql/test/library-tests/os/specific-windows-variant-test.ql new file mode 100644 index 000000000000..fed895e389af --- /dev/null +++ b/java/ql/test/library-tests/os/specific-windows-variant-test.ql @@ -0,0 +1,5 @@ +import default +import semmle.code.java.os.OSCheck + +from IsSpecificWindowsVariant isAnyWindows +select isAnyWindows diff --git a/java/ql/test/library-tests/os/unix-test.expected b/java/ql/test/library-tests/os/unix-test.expected new file mode 100644 index 000000000000..826f7980e66e --- /dev/null +++ b/java/ql/test/library-tests/os/unix-test.expected @@ -0,0 +1,9 @@ +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1439:5:1439:81 | IS_OS_UNIX | +| Test.java:70:13:70:95 | contains(...) | +| Test.java:74:13:74:84 | contains(...) | +| Test.java:78:13:78:34 | SystemUtils.IS_OS_UNIX | +| Test.java:85:13:85:41 | ... == ... | +| Test.java:89:13:89:37 | ... == ... | +| Test.java:93:13:93:37 | ... == ... | +| Test.java:97:13:97:33 | ... == ... | +| Test.java:101:13:101:60 | equals(...) | diff --git a/java/ql/test/library-tests/os/unix-test.ql b/java/ql/test/library-tests/os/unix-test.ql new file mode 100644 index 000000000000..83f0bc01ccf3 --- /dev/null +++ b/java/ql/test/library-tests/os/unix-test.ql @@ -0,0 +1,5 @@ +import default +import semmle.code.java.os.OSCheck + +from IsUnixGuard isUnix +select isUnix diff --git a/java/ql/test/library-tests/os/windows-test.expected b/java/ql/test/library-tests/os/windows-test.expected new file mode 100644 index 000000000000..c06de71c5941 --- /dev/null +++ b/java/ql/test/library-tests/os/windows-test.expected @@ -0,0 +1,11 @@ +| ../../stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java:1451:5:1451:84 | IS_OS_WINDOWS | +| Test.java:20:13:20:61 | contains(...) | +| Test.java:24:13:24:75 | contains(...) | +| Test.java:28:13:28:74 | contains(...) | +| Test.java:32:13:32:75 | contains(...) | +| Test.java:36:13:36:37 | SystemUtils.IS_OS_WINDOWS | +| Test.java:48:13:48:41 | ... == ... | +| Test.java:52:13:52:37 | ... == ... | +| Test.java:56:13:56:38 | ... == ... | +| Test.java:60:13:60:34 | ... == ... | +| Test.java:64:13:64:60 | equals(...) | diff --git a/java/ql/test/library-tests/os/windows-test.ql b/java/ql/test/library-tests/os/windows-test.ql new file mode 100644 index 000000000000..17481a186c36 --- /dev/null +++ b/java/ql/test/library-tests/os/windows-test.ql @@ -0,0 +1,5 @@ +import default +import semmle.code.java.os.OSCheck + +from IsWindowsGuard isWindows +select isWindows diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure.expected b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure.expected index 7c21c3667a3f..5d471dcd671e 100644 --- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure.expected +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure.expected @@ -6,125 +6,152 @@ edges | Files.java:10:33:10:68 | getProperty(...) : String | Files.java:15:17:15:23 | tempDir | | Files.java:14:28:14:64 | new File(...) : File | Files.java:15:17:15:23 | tempDir | | Files.java:14:37:14:43 | baseDir : File | Files.java:14:28:14:64 | new File(...) : File | -| Test.java:34:24:34:69 | new File(...) : File | Test.java:37:63:37:69 | tempDir | -| Test.java:34:33:34:68 | getProperty(...) : String | Test.java:34:24:34:69 | new File(...) : File | -| Test.java:34:33:34:68 | getProperty(...) : String | Test.java:37:63:37:69 | tempDir | -| Test.java:48:29:48:94 | new File(...) : File | Test.java:51:63:51:74 | tempDirChild | -| Test.java:48:38:48:83 | new File(...) : File | Test.java:48:29:48:94 | new File(...) : File | -| Test.java:48:38:48:83 | new File(...) : File | Test.java:51:63:51:74 | tempDirChild | -| Test.java:48:47:48:82 | getProperty(...) : String | Test.java:48:38:48:83 | new File(...) : File | -| Test.java:48:47:48:82 | getProperty(...) : String | Test.java:51:63:51:74 | tempDirChild | -| Test.java:59:24:59:69 | new File(...) : File | Test.java:62:63:62:69 | tempDir | -| Test.java:59:33:59:68 | getProperty(...) : String | Test.java:59:24:59:69 | new File(...) : File | -| Test.java:59:33:59:68 | getProperty(...) : String | Test.java:62:63:62:69 | tempDir | -| Test.java:73:24:73:69 | new File(...) : File | Test.java:76:63:76:69 | tempDir | -| Test.java:73:33:73:68 | getProperty(...) : String | Test.java:73:24:73:69 | new File(...) : File | -| Test.java:73:33:73:68 | getProperty(...) : String | Test.java:76:63:76:69 | tempDir | -| Test.java:108:29:108:84 | new File(...) : File | Test.java:111:9:111:20 | tempDirChild | -| Test.java:108:38:108:73 | getProperty(...) : String | Test.java:108:29:108:84 | new File(...) : File | -| Test.java:108:38:108:73 | getProperty(...) : String | Test.java:111:9:111:20 | tempDirChild | -| Test.java:132:29:132:84 | new File(...) : File | Test.java:135:9:135:20 | tempDirChild | -| Test.java:132:38:132:73 | getProperty(...) : String | Test.java:132:29:132:84 | new File(...) : File | -| Test.java:132:38:132:73 | getProperty(...) : String | Test.java:135:9:135:20 | tempDirChild | -| Test.java:156:29:156:88 | new File(...) : File | Test.java:157:21:157:32 | tempDirChild : File | -| Test.java:156:38:156:73 | getProperty(...) : String | Test.java:156:29:156:88 | new File(...) : File | -| Test.java:156:38:156:73 | getProperty(...) : String | Test.java:157:21:157:32 | tempDirChild : File | -| Test.java:157:21:157:32 | tempDirChild : File | Test.java:157:21:157:41 | toPath(...) | -| Test.java:185:29:185:88 | new File(...) : File | Test.java:186:21:186:32 | tempDirChild : File | -| Test.java:185:38:185:73 | getProperty(...) : String | Test.java:185:29:185:88 | new File(...) : File | -| Test.java:185:38:185:73 | getProperty(...) : String | Test.java:186:21:186:32 | tempDirChild : File | -| Test.java:186:21:186:32 | tempDirChild : File | Test.java:186:21:186:41 | toPath(...) | -| Test.java:202:29:202:104 | new File(...) : File | Test.java:202:29:202:113 | toPath(...) : Path | -| Test.java:202:29:202:113 | toPath(...) : Path | Test.java:205:33:205:44 | tempDirChild | -| Test.java:202:38:202:73 | getProperty(...) : String | Test.java:202:29:202:104 | new File(...) : File | -| Test.java:214:29:214:102 | new File(...) : File | Test.java:214:29:214:111 | toPath(...) : Path | -| Test.java:214:29:214:111 | toPath(...) : Path | Test.java:217:31:217:42 | tempDirChild | -| Test.java:214:38:214:73 | getProperty(...) : String | Test.java:214:29:214:102 | new File(...) : File | -| Test.java:226:29:226:100 | new File(...) : File | Test.java:229:26:229:37 | tempDirChild : File | -| Test.java:226:38:226:73 | getProperty(...) : String | Test.java:226:29:226:100 | new File(...) : File | -| Test.java:226:38:226:73 | getProperty(...) : String | Test.java:229:26:229:37 | tempDirChild : File | -| Test.java:229:26:229:37 | tempDirChild : File | Test.java:229:26:229:46 | toPath(...) | -| Test.java:247:29:247:101 | new File(...) : File | Test.java:250:31:250:42 | tempDirChild : File | -| Test.java:247:38:247:73 | getProperty(...) : String | Test.java:247:29:247:101 | new File(...) : File | -| Test.java:247:38:247:73 | getProperty(...) : String | Test.java:250:31:250:42 | tempDirChild : File | -| Test.java:250:31:250:42 | tempDirChild : File | Test.java:250:31:250:51 | toPath(...) | -| Test.java:258:29:258:109 | new File(...) : File | Test.java:261:33:261:44 | tempDirChild : File | -| Test.java:258:38:258:73 | getProperty(...) : String | Test.java:258:29:258:109 | new File(...) : File | -| Test.java:258:38:258:73 | getProperty(...) : String | Test.java:261:33:261:44 | tempDirChild : File | -| Test.java:261:33:261:44 | tempDirChild : File | Test.java:261:33:261:53 | toPath(...) | +| Test.java:36:24:36:69 | new File(...) : File | Test.java:39:63:39:69 | tempDir | +| Test.java:36:33:36:68 | getProperty(...) : String | Test.java:36:24:36:69 | new File(...) : File | +| Test.java:36:33:36:68 | getProperty(...) : String | Test.java:39:63:39:69 | tempDir | +| Test.java:50:29:50:94 | new File(...) : File | Test.java:53:63:53:74 | tempDirChild | +| Test.java:50:38:50:83 | new File(...) : File | Test.java:50:29:50:94 | new File(...) : File | +| Test.java:50:38:50:83 | new File(...) : File | Test.java:53:63:53:74 | tempDirChild | +| Test.java:50:47:50:82 | getProperty(...) : String | Test.java:50:38:50:83 | new File(...) : File | +| Test.java:50:47:50:82 | getProperty(...) : String | Test.java:53:63:53:74 | tempDirChild | +| Test.java:61:24:61:69 | new File(...) : File | Test.java:64:63:64:69 | tempDir | +| Test.java:61:33:61:68 | getProperty(...) : String | Test.java:61:24:61:69 | new File(...) : File | +| Test.java:61:33:61:68 | getProperty(...) : String | Test.java:64:63:64:69 | tempDir | +| Test.java:75:24:75:69 | new File(...) : File | Test.java:78:63:78:69 | tempDir | +| Test.java:75:33:75:68 | getProperty(...) : String | Test.java:75:24:75:69 | new File(...) : File | +| Test.java:75:33:75:68 | getProperty(...) : String | Test.java:78:63:78:69 | tempDir | +| Test.java:110:29:110:84 | new File(...) : File | Test.java:113:9:113:20 | tempDirChild | +| Test.java:110:38:110:73 | getProperty(...) : String | Test.java:110:29:110:84 | new File(...) : File | +| Test.java:110:38:110:73 | getProperty(...) : String | Test.java:113:9:113:20 | tempDirChild | +| Test.java:134:29:134:84 | new File(...) : File | Test.java:137:9:137:20 | tempDirChild | +| Test.java:134:38:134:73 | getProperty(...) : String | Test.java:134:29:134:84 | new File(...) : File | +| Test.java:134:38:134:73 | getProperty(...) : String | Test.java:137:9:137:20 | tempDirChild | +| Test.java:158:29:158:88 | new File(...) : File | Test.java:159:21:159:32 | tempDirChild : File | +| Test.java:158:38:158:73 | getProperty(...) : String | Test.java:158:29:158:88 | new File(...) : File | +| Test.java:158:38:158:73 | getProperty(...) : String | Test.java:159:21:159:32 | tempDirChild : File | +| Test.java:159:21:159:32 | tempDirChild : File | Test.java:159:21:159:41 | toPath(...) | +| Test.java:187:29:187:88 | new File(...) : File | Test.java:188:21:188:32 | tempDirChild : File | +| Test.java:187:38:187:73 | getProperty(...) : String | Test.java:187:29:187:88 | new File(...) : File | +| Test.java:187:38:187:73 | getProperty(...) : String | Test.java:188:21:188:32 | tempDirChild : File | +| Test.java:188:21:188:32 | tempDirChild : File | Test.java:188:21:188:41 | toPath(...) | +| Test.java:204:29:204:104 | new File(...) : File | Test.java:204:29:204:113 | toPath(...) : Path | +| Test.java:204:29:204:113 | toPath(...) : Path | Test.java:207:33:207:44 | tempDirChild | +| Test.java:204:38:204:73 | getProperty(...) : String | Test.java:204:29:204:104 | new File(...) : File | +| Test.java:216:29:216:102 | new File(...) : File | Test.java:216:29:216:111 | toPath(...) : Path | +| Test.java:216:29:216:111 | toPath(...) : Path | Test.java:219:31:219:42 | tempDirChild | +| Test.java:216:38:216:73 | getProperty(...) : String | Test.java:216:29:216:102 | new File(...) : File | +| Test.java:228:29:228:100 | new File(...) : File | Test.java:231:26:231:37 | tempDirChild : File | +| Test.java:228:38:228:73 | getProperty(...) : String | Test.java:228:29:228:100 | new File(...) : File | +| Test.java:228:38:228:73 | getProperty(...) : String | Test.java:231:26:231:37 | tempDirChild : File | +| Test.java:231:26:231:37 | tempDirChild : File | Test.java:231:26:231:46 | toPath(...) | +| Test.java:249:29:249:101 | new File(...) : File | Test.java:252:31:252:42 | tempDirChild : File | +| Test.java:249:38:249:73 | getProperty(...) : String | Test.java:249:29:249:101 | new File(...) : File | +| Test.java:249:38:249:73 | getProperty(...) : String | Test.java:252:31:252:42 | tempDirChild : File | +| Test.java:252:31:252:42 | tempDirChild : File | Test.java:252:31:252:51 | toPath(...) | +| Test.java:260:29:260:109 | new File(...) : File | Test.java:263:33:263:44 | tempDirChild : File | +| Test.java:260:38:260:73 | getProperty(...) : String | Test.java:260:29:260:109 | new File(...) : File | +| Test.java:260:38:260:73 | getProperty(...) : String | Test.java:263:33:263:44 | tempDirChild : File | +| Test.java:263:33:263:44 | tempDirChild : File | Test.java:263:33:263:53 | toPath(...) | +| Test.java:294:29:294:101 | new File(...) : File | Test.java:298:35:298:46 | tempDirChild : File | +| Test.java:294:38:294:73 | getProperty(...) : String | Test.java:294:29:294:101 | new File(...) : File | +| Test.java:294:38:294:73 | getProperty(...) : String | Test.java:298:35:298:46 | tempDirChild : File | +| Test.java:298:35:298:46 | tempDirChild : File | Test.java:298:35:298:55 | toPath(...) | +| Test.java:313:29:313:101 | new File(...) : File | Test.java:316:35:316:46 | tempDirChild : File | +| Test.java:313:38:313:73 | getProperty(...) : String | Test.java:313:29:313:101 | new File(...) : File | +| Test.java:313:38:313:73 | getProperty(...) : String | Test.java:316:35:316:46 | tempDirChild : File | +| Test.java:316:35:316:46 | tempDirChild : File | Test.java:316:35:316:55 | toPath(...) | +| Test.java:322:29:322:101 | new File(...) : File | Test.java:326:35:326:46 | tempDirChild : File | +| Test.java:322:38:322:73 | getProperty(...) : String | Test.java:322:29:322:101 | new File(...) : File | +| Test.java:322:38:322:73 | getProperty(...) : String | Test.java:326:35:326:46 | tempDirChild : File | +| Test.java:326:35:326:46 | tempDirChild : File | Test.java:326:35:326:55 | toPath(...) | nodes | Files.java:10:24:10:69 | new File(...) : File | semmle.label | new File(...) : File | | Files.java:10:33:10:68 | getProperty(...) : String | semmle.label | getProperty(...) : String | | Files.java:14:28:14:64 | new File(...) : File | semmle.label | new File(...) : File | | Files.java:14:37:14:43 | baseDir : File | semmle.label | baseDir : File | | Files.java:15:17:15:23 | tempDir | semmle.label | tempDir | -| Test.java:18:25:18:61 | createTempFile(...) | semmle.label | createTempFile(...) | -| Test.java:26:25:26:67 | createTempFile(...) | semmle.label | createTempFile(...) | -| Test.java:34:24:34:69 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:34:33:34:68 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:37:63:37:69 | tempDir | semmle.label | tempDir | -| Test.java:48:29:48:94 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:48:38:48:83 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:48:47:48:82 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:51:63:51:74 | tempDirChild | semmle.label | tempDirChild | -| Test.java:59:24:59:69 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:59:33:59:68 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:62:63:62:69 | tempDir | semmle.label | tempDir | -| Test.java:73:24:73:69 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:73:33:73:68 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:76:63:76:69 | tempDir | semmle.label | tempDir | -| Test.java:95:24:95:65 | createTempDir(...) | semmle.label | createTempDir(...) | -| Test.java:108:29:108:84 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:108:38:108:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:111:9:111:20 | tempDirChild | semmle.label | tempDirChild | -| Test.java:132:29:132:84 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:132:38:132:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:135:9:135:20 | tempDirChild | semmle.label | tempDirChild | -| Test.java:156:29:156:88 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:156:38:156:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:157:21:157:32 | tempDirChild : File | semmle.label | tempDirChild : File | -| Test.java:157:21:157:41 | toPath(...) | semmle.label | toPath(...) | -| Test.java:185:29:185:88 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:185:38:185:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:186:21:186:32 | tempDirChild : File | semmle.label | tempDirChild : File | -| Test.java:186:21:186:41 | toPath(...) | semmle.label | toPath(...) | -| Test.java:202:29:202:104 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:202:29:202:113 | toPath(...) : Path | semmle.label | toPath(...) : Path | -| Test.java:202:38:202:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:205:33:205:44 | tempDirChild | semmle.label | tempDirChild | -| Test.java:214:29:214:102 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:214:29:214:111 | toPath(...) : Path | semmle.label | toPath(...) : Path | -| Test.java:214:38:214:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:217:31:217:42 | tempDirChild | semmle.label | tempDirChild | -| Test.java:226:29:226:100 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:226:38:226:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:229:26:229:37 | tempDirChild : File | semmle.label | tempDirChild : File | -| Test.java:229:26:229:46 | toPath(...) | semmle.label | toPath(...) | -| Test.java:247:29:247:101 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:247:38:247:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:250:31:250:42 | tempDirChild : File | semmle.label | tempDirChild : File | -| Test.java:250:31:250:51 | toPath(...) | semmle.label | toPath(...) | -| Test.java:258:29:258:109 | new File(...) : File | semmle.label | new File(...) : File | -| Test.java:258:38:258:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | -| Test.java:261:33:261:44 | tempDirChild : File | semmle.label | tempDirChild : File | -| Test.java:261:33:261:53 | toPath(...) | semmle.label | toPath(...) | -| Test.java:268:25:268:63 | createTempFile(...) | semmle.label | createTempFile(...) | +| Test.java:20:25:20:61 | createTempFile(...) | semmle.label | createTempFile(...) | +| Test.java:28:25:28:67 | createTempFile(...) | semmle.label | createTempFile(...) | +| Test.java:36:24:36:69 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:36:33:36:68 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:39:63:39:69 | tempDir | semmle.label | tempDir | +| Test.java:50:29:50:94 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:50:38:50:83 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:50:47:50:82 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:53:63:53:74 | tempDirChild | semmle.label | tempDirChild | +| Test.java:61:24:61:69 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:61:33:61:68 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:64:63:64:69 | tempDir | semmle.label | tempDir | +| Test.java:75:24:75:69 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:75:33:75:68 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:78:63:78:69 | tempDir | semmle.label | tempDir | +| Test.java:97:24:97:65 | createTempDir(...) | semmle.label | createTempDir(...) | +| Test.java:110:29:110:84 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:110:38:110:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:113:9:113:20 | tempDirChild | semmle.label | tempDirChild | +| Test.java:134:29:134:84 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:134:38:134:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:137:9:137:20 | tempDirChild | semmle.label | tempDirChild | +| Test.java:158:29:158:88 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:158:38:158:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:159:21:159:32 | tempDirChild : File | semmle.label | tempDirChild : File | +| Test.java:159:21:159:41 | toPath(...) | semmle.label | toPath(...) | +| Test.java:187:29:187:88 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:187:38:187:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:188:21:188:32 | tempDirChild : File | semmle.label | tempDirChild : File | +| Test.java:188:21:188:41 | toPath(...) | semmle.label | toPath(...) | +| Test.java:204:29:204:104 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:204:29:204:113 | toPath(...) : Path | semmle.label | toPath(...) : Path | +| Test.java:204:38:204:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:207:33:207:44 | tempDirChild | semmle.label | tempDirChild | +| Test.java:216:29:216:102 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:216:29:216:111 | toPath(...) : Path | semmle.label | toPath(...) : Path | +| Test.java:216:38:216:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:219:31:219:42 | tempDirChild | semmle.label | tempDirChild | +| Test.java:228:29:228:100 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:228:38:228:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:231:26:231:37 | tempDirChild : File | semmle.label | tempDirChild : File | +| Test.java:231:26:231:46 | toPath(...) | semmle.label | toPath(...) | +| Test.java:249:29:249:101 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:249:38:249:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:252:31:252:42 | tempDirChild : File | semmle.label | tempDirChild : File | +| Test.java:252:31:252:51 | toPath(...) | semmle.label | toPath(...) | +| Test.java:260:29:260:109 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:260:38:260:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:263:33:263:44 | tempDirChild : File | semmle.label | tempDirChild : File | +| Test.java:263:33:263:53 | toPath(...) | semmle.label | toPath(...) | +| Test.java:270:25:270:63 | createTempFile(...) | semmle.label | createTempFile(...) | +| Test.java:294:29:294:101 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:294:38:294:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:298:35:298:46 | tempDirChild : File | semmle.label | tempDirChild : File | +| Test.java:298:35:298:55 | toPath(...) | semmle.label | toPath(...) | +| Test.java:313:29:313:101 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:313:38:313:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:316:35:316:46 | tempDirChild : File | semmle.label | tempDirChild : File | +| Test.java:316:35:316:55 | toPath(...) | semmle.label | toPath(...) | +| Test.java:322:29:322:101 | new File(...) : File | semmle.label | new File(...) : File | +| Test.java:322:38:322:73 | getProperty(...) : String | semmle.label | getProperty(...) : String | +| Test.java:326:35:326:46 | tempDirChild : File | semmle.label | tempDirChild : File | +| Test.java:326:35:326:55 | toPath(...) | semmle.label | toPath(...) | subpaths #select | Files.java:10:33:10:68 | getProperty(...) | Files.java:10:33:10:68 | getProperty(...) : String | Files.java:15:17:15:23 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Files.java:10:33:10:68 | getProperty(...) | system temp directory | -| Test.java:18:25:18:61 | createTempFile(...) | Test.java:18:25:18:61 | createTempFile(...) | Test.java:18:25:18:61 | createTempFile(...) | Local information disclosure vulnerability due to use of file readable by other local users. | Test.java:18:25:18:61 | createTempFile(...) | system temp directory | -| Test.java:26:25:26:67 | createTempFile(...) | Test.java:26:25:26:67 | createTempFile(...) | Test.java:26:25:26:67 | createTempFile(...) | Local information disclosure vulnerability due to use of file readable by other local users. | Test.java:26:25:26:67 | createTempFile(...) | system temp directory | -| Test.java:34:33:34:68 | getProperty(...) | Test.java:34:33:34:68 | getProperty(...) : String | Test.java:37:63:37:69 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:34:33:34:68 | getProperty(...) | system temp directory | -| Test.java:48:47:48:82 | getProperty(...) | Test.java:48:47:48:82 | getProperty(...) : String | Test.java:51:63:51:74 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:48:47:48:82 | getProperty(...) | system temp directory | -| Test.java:59:33:59:68 | getProperty(...) | Test.java:59:33:59:68 | getProperty(...) : String | Test.java:62:63:62:69 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:59:33:59:68 | getProperty(...) | system temp directory | -| Test.java:73:33:73:68 | getProperty(...) | Test.java:73:33:73:68 | getProperty(...) : String | Test.java:76:63:76:69 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:73:33:73:68 | getProperty(...) | system temp directory | -| Test.java:95:24:95:65 | createTempDir(...) | Test.java:95:24:95:65 | createTempDir(...) | Test.java:95:24:95:65 | createTempDir(...) | Local information disclosure vulnerability due to use of directory readable by other local users. | Test.java:95:24:95:65 | createTempDir(...) | system temp directory | -| Test.java:108:38:108:73 | getProperty(...) | Test.java:108:38:108:73 | getProperty(...) : String | Test.java:111:9:111:20 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:108:38:108:73 | getProperty(...) | system temp directory | -| Test.java:132:38:132:73 | getProperty(...) | Test.java:132:38:132:73 | getProperty(...) : String | Test.java:135:9:135:20 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:132:38:132:73 | getProperty(...) | system temp directory | -| Test.java:156:38:156:73 | getProperty(...) | Test.java:156:38:156:73 | getProperty(...) : String | Test.java:157:21:157:41 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:156:38:156:73 | getProperty(...) | system temp directory | -| Test.java:185:38:185:73 | getProperty(...) | Test.java:185:38:185:73 | getProperty(...) : String | Test.java:186:21:186:41 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:185:38:185:73 | getProperty(...) | system temp directory | -| Test.java:202:38:202:73 | getProperty(...) | Test.java:202:38:202:73 | getProperty(...) : String | Test.java:205:33:205:44 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:202:38:202:73 | getProperty(...) | system temp directory | -| Test.java:214:38:214:73 | getProperty(...) | Test.java:214:38:214:73 | getProperty(...) : String | Test.java:217:31:217:42 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:214:38:214:73 | getProperty(...) | system temp directory | -| Test.java:226:38:226:73 | getProperty(...) | Test.java:226:38:226:73 | getProperty(...) : String | Test.java:229:26:229:46 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:226:38:226:73 | getProperty(...) | system temp directory | -| Test.java:247:38:247:73 | getProperty(...) | Test.java:247:38:247:73 | getProperty(...) : String | Test.java:250:31:250:51 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:247:38:247:73 | getProperty(...) | system temp directory | -| Test.java:258:38:258:73 | getProperty(...) | Test.java:258:38:258:73 | getProperty(...) : String | Test.java:261:33:261:53 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:258:38:258:73 | getProperty(...) | system temp directory | +| Test.java:20:25:20:61 | createTempFile(...) | Test.java:20:25:20:61 | createTempFile(...) | Test.java:20:25:20:61 | createTempFile(...) | Local information disclosure vulnerability due to use of file readable by other local users. | Test.java:20:25:20:61 | createTempFile(...) | system temp directory | +| Test.java:28:25:28:67 | createTempFile(...) | Test.java:28:25:28:67 | createTempFile(...) | Test.java:28:25:28:67 | createTempFile(...) | Local information disclosure vulnerability due to use of file readable by other local users. | Test.java:28:25:28:67 | createTempFile(...) | system temp directory | +| Test.java:36:33:36:68 | getProperty(...) | Test.java:36:33:36:68 | getProperty(...) : String | Test.java:39:63:39:69 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:36:33:36:68 | getProperty(...) | system temp directory | +| Test.java:50:47:50:82 | getProperty(...) | Test.java:50:47:50:82 | getProperty(...) : String | Test.java:53:63:53:74 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:50:47:50:82 | getProperty(...) | system temp directory | +| Test.java:61:33:61:68 | getProperty(...) | Test.java:61:33:61:68 | getProperty(...) : String | Test.java:64:63:64:69 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:61:33:61:68 | getProperty(...) | system temp directory | +| Test.java:75:33:75:68 | getProperty(...) | Test.java:75:33:75:68 | getProperty(...) : String | Test.java:78:63:78:69 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:75:33:75:68 | getProperty(...) | system temp directory | +| Test.java:97:24:97:65 | createTempDir(...) | Test.java:97:24:97:65 | createTempDir(...) | Test.java:97:24:97:65 | createTempDir(...) | Local information disclosure vulnerability due to use of directory readable by other local users. | Test.java:97:24:97:65 | createTempDir(...) | system temp directory | +| Test.java:110:38:110:73 | getProperty(...) | Test.java:110:38:110:73 | getProperty(...) : String | Test.java:113:9:113:20 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:110:38:110:73 | getProperty(...) | system temp directory | +| Test.java:134:38:134:73 | getProperty(...) | Test.java:134:38:134:73 | getProperty(...) : String | Test.java:137:9:137:20 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:134:38:134:73 | getProperty(...) | system temp directory | +| Test.java:158:38:158:73 | getProperty(...) | Test.java:158:38:158:73 | getProperty(...) : String | Test.java:159:21:159:41 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:158:38:158:73 | getProperty(...) | system temp directory | +| Test.java:187:38:187:73 | getProperty(...) | Test.java:187:38:187:73 | getProperty(...) : String | Test.java:188:21:188:41 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:187:38:187:73 | getProperty(...) | system temp directory | +| Test.java:204:38:204:73 | getProperty(...) | Test.java:204:38:204:73 | getProperty(...) : String | Test.java:207:33:207:44 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:204:38:204:73 | getProperty(...) | system temp directory | +| Test.java:216:38:216:73 | getProperty(...) | Test.java:216:38:216:73 | getProperty(...) : String | Test.java:219:31:219:42 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:216:38:216:73 | getProperty(...) | system temp directory | +| Test.java:228:38:228:73 | getProperty(...) | Test.java:228:38:228:73 | getProperty(...) : String | Test.java:231:26:231:46 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:228:38:228:73 | getProperty(...) | system temp directory | +| Test.java:249:38:249:73 | getProperty(...) | Test.java:249:38:249:73 | getProperty(...) : String | Test.java:252:31:252:51 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:249:38:249:73 | getProperty(...) | system temp directory | +| Test.java:260:38:260:73 | getProperty(...) | Test.java:260:38:260:73 | getProperty(...) : String | Test.java:263:33:263:53 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:260:38:260:73 | getProperty(...) | system temp directory | +| Test.java:294:38:294:73 | getProperty(...) | Test.java:294:38:294:73 | getProperty(...) : String | Test.java:298:35:298:55 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:294:38:294:73 | getProperty(...) | system temp directory | +| Test.java:313:38:313:73 | getProperty(...) | Test.java:313:38:313:73 | getProperty(...) : String | Test.java:316:35:316:55 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:313:38:313:73 | getProperty(...) | system temp directory | +| Test.java:322:38:322:73 | getProperty(...) | Test.java:322:38:322:73 | getProperty(...) : String | Test.java:326:35:326:55 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:322:38:322:73 | getProperty(...) | system temp directory | diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-200/semmle/tests/Test.java index b5b708692f1b..3ea5fe3e112f 100644 --- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/Test.java @@ -11,6 +11,8 @@ import java.nio.file.attribute.PosixFilePermissions; import java.util.EnumSet; +import org.apache.commons.lang3.SystemUtils; + public class Test { void vulnerableFileCreateTempFile() throws IOException { @@ -279,4 +281,67 @@ void notVulnerableCreateOnSystemPropertyDirs() throws IOException { File tempDir = new File(System.getProperty("java.io.tmpdir")); tempDir.mkdirs(); } + + void safeBecauseWindows() { + File tempDir = new File(System.getProperty("java.io.tmpdir"), "child"); + if (System.getProperty("os.name").toLowerCase().contains("windows")) { + tempDir.mkdir(); // Safe on windows + } + } + + void vulnerableBecauseInvertedPosixCheck() throws IOException { + // GIVEN: + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + + // Oops, this check should be inverted + if (tempDirChild.toPath().getFileSystem().supportedFileAttributeViews().contains("posix")) { + Files.createDirectory(tempDirChild.toPath()); // Creates with permissions 'drwxr-xr-x' + } + } + + void safeBecauseCheckingForWindowsVersion() throws IOException { + // GIVEN: + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + + if (SystemUtils.IS_OS_WINDOWS_10) { + Files.createDirectory(tempDirChild.toPath()); + } + } + + void vulnerableBecauseCheckingForNotLinux() throws IOException { + // GIVEN: + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + + if (!SystemUtils.IS_OS_LINUX) { + Files.createDirectory(tempDirChild.toPath()); + } + } + + void vulnerableBecauseInvertedFileSeparatorCheck() throws IOException { + // GIVEN: + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + + // Oops, this check should be inverted + if (File.separatorChar != '\\') { + Files.createDirectory(tempDirChild.toPath()); // Creates with permissions 'drwxr-xr-x' + } + } + + void safeBecauseFileSeparatorCheck() throws IOException { + // GIVEN: + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + + if (File.separatorChar == '\\') { + Files.createDirectory(tempDirChild.toPath()); + } + } + + void safeBecauseInvertedFileSeperatorCheck() throws IOException { + // GIVEN: + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + + if (File.separatorChar != '/') { + Files.createDirectory(tempDirChild.toPath()); + } + } } diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/TestSafe.java b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TestSafe.java new file mode 100644 index 000000000000..8ac7e8ac0e82 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TestSafe.java @@ -0,0 +1,88 @@ +import java.io.File; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.PosixFilePermissions; + +import java.util.EnumSet; + +public class TestSafe { + /* + * An example of a safe use of createFile or createDirectory if your code must support windows and unix-like systems. + */ + void exampleSafeWithWindowsSupportFile() { + // Creating a temporary file with a non-randomly generated name + File tempChildFile = new File(System.getProperty("java.io.tmpdir"), "/child-create-file.txt"); + createTempFile(tempChildFile.toPath()); // GOOD: Good has permissions `-rw-------` + } + + static void createTempFile(Path tempDirChild) { + try { + if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains("posix")) { + // Explicit permissions setting is only required on unix-like systems because + // the temporary directory is shared between all users. + // This is not necessary on Windows, each user has their own temp directory + final EnumSet posixFilePermissions = + EnumSet.of( + PosixFilePermission.OWNER_READ, + PosixFilePermission.OWNER_WRITE + ); + if (!Files.exists(tempDirChild)) { + Files.createFile( + tempDirChild, + PosixFilePermissions.asFileAttribute(posixFilePermissions) + ); // GOOD: Directory has permissions `-rw-------` + } else { + Files.setPosixFilePermissions( + tempDirChild, + posixFilePermissions + ); // GOOD: Good has permissions `-rw-------`, or will throw an exception if this fails + } + } else if (!Files.exists(tempDirChild)) { + // On Windows, we still need to create the directory, when it doesn't already exist. + Files.createDirectory(tempDirChild); // GOOD: Windows doesn't share the temp directory between users + } + } catch (IOException exception) { + throw new UncheckedIOException("Failed to create temp file", exception); + } + } + + void exampleSafeWithWindowsSupportDirectory() { + File tempDirChildDir = new File(System.getProperty("java.io.tmpdir"), "/child-dir"); + createTempDirectories(tempDirChildDir.toPath()); // GOOD: Directory has permissions `drwx------` + } + + static void createTempDirectories(Path tempDirChild) { + try { + if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains("posix")) { + // Explicit permissions setting is only required on unix-like systems because + // the temporary directory is shared between all users. + // This is not necessary on Windows, each user has their own temp directory + final EnumSet posixFilePermissions = + EnumSet.of( + PosixFilePermission.OWNER_READ, + PosixFilePermission.OWNER_WRITE, + PosixFilePermission.OWNER_EXECUTE + ); + if (!Files.exists(tempDirChild)) { + Files.createDirectories( + tempDirChild, + PosixFilePermissions.asFileAttribute(posixFilePermissions) + ); // GOOD: Directory has permissions `drwx------` + } else { + Files.setPosixFilePermissions( + tempDirChild, + posixFilePermissions + ); // GOOD: Good has permissions `drwx------`, or will throw an exception if this fails + } + } else if (!Files.exists(tempDirChild)) { + // On Windows, we still need to create the directory, when it doesn't already exist. + Files.createDirectories(tempDirChild); // GOOD: Windows doesn't share the temp directory between users + } + } catch (IOException exception) { + throw new UncheckedIOException("Failed to create temp dir", exception); + } + } +} diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/options b/java/ql/test/query-tests/security/CWE-200/semmle/tests/options new file mode 100644 index 000000000000..8b14bf08cd2b --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/apache-commons-lang3-3.7/ \ No newline at end of file diff --git a/java/ql/test/stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java b/java/ql/test/stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java new file mode 100644 index 000000000000..ad9eff212bb6 --- /dev/null +++ b/java/ql/test/stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/SystemUtils.java @@ -0,0 +1,1786 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.commons.lang3; + +import java.io.File; + +/** + *

+ * Helpers for {@code java.lang.System}. + *

+ *

+ * If a system property cannot be read due to security restrictions, the corresponding field in this class will be set + * to {@code null} and a message will be written to {@code System.err}. + *

+ *

+ * #ThreadSafe# + *

+ * + * @since 1.0 + */ +public class SystemUtils { + + /** + * The prefix String for all Windows OS. + */ + private static final String OS_NAME_WINDOWS_PREFIX = "Windows"; + + // System property constants + // ----------------------------------------------------------------------- + // These MUST be declared first. Other constants depend on this. + + /** + * The System property key for the user home directory. + */ + private static final String USER_HOME_KEY = "user.home"; + + /** + * The System property key for the user name. + */ + private static final String USER_NAME_KEY = "user.name"; + + /** + * The System property key for the user directory. + */ + private static final String USER_DIR_KEY = "user.dir"; + + /** + * The System property key for the Java IO temporary directory. + */ + private static final String JAVA_IO_TMPDIR_KEY = "java.io.tmpdir"; + + /** + * The System property key for the Java home directory. + */ + private static final String JAVA_HOME_KEY = "java.home"; + + /** + *

+ * The {@code awt.toolkit} System Property. + *

+ *

+ * Holds a class name, on Windows XP this is {@code sun.awt.windows.WToolkit}. + *

+ *

+ * On platforms without a GUI, this value is {@code null}. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.1 + */ + public static final String AWT_TOOLKIT = null; + + /** + *

+ * The {@code file.encoding} System Property. + *

+ *

+ * File encoding, such as {@code Cp1252}. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.0 + * @since Java 1.2 + */ + public static final String FILE_ENCODING = null; + + /** + *

+ * The {@code file.separator} System Property. + * The file separator is: + *

+ *
    + *
  • {@code "/"} on UNIX
    • + *
  • {@code "\"} on Windows.
    • + *
+ * + *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @deprecated Use {@link File#separator}, since it is guaranteed to be a + * string containing a single character and it does not require a privilege check. + * @since Java 1.1 + */ + @Deprecated + public static final String FILE_SEPARATOR = null; + + /** + *

+ * The {@code java.awt.fonts} System Property. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.1 + */ + public static final String JAVA_AWT_FONTS = null; + + /** + *

+ * The {@code java.awt.graphicsenv} System Property. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.1 + */ + public static final String JAVA_AWT_GRAPHICSENV = null; + + /** + *

+ * The {@code java.awt.headless} System Property. The value of this property is the String {@code "true"} or + * {@code "false"}. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @see #isJavaAwtHeadless() + * @since 2.1 + * @since Java 1.4 + */ + public static final String JAVA_AWT_HEADLESS = null; + + /** + *

+ * The {@code java.awt.printerjob} System Property. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.1 + */ + public static final String JAVA_AWT_PRINTERJOB = null; + + /** + *

+ * The {@code java.class.path} System Property. Java class path. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String JAVA_CLASS_PATH = null; + + /** + *

+ * The {@code java.class.version} System Property. Java class format version number. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String JAVA_CLASS_VERSION = null; + + /** + *

+ * The {@code java.compiler} System Property. Name of JIT compiler to use. First in JDK version 1.2. Not used in Sun + * JDKs after 1.2. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.2. Not used in Sun versions after 1.2. + */ + public static final String JAVA_COMPILER = null; + + /** + *

+ * The {@code java.endorsed.dirs} System Property. Path of endorsed directory or directories. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.4 + */ + public static final String JAVA_ENDORSED_DIRS = null; + + /** + *

+ * The {@code java.ext.dirs} System Property. Path of extension directory or directories. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.3 + */ + public static final String JAVA_EXT_DIRS = null; + + /** + *

+ * The {@code java.home} System Property. Java installation directory. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String JAVA_HOME = null; + + /** + *

+ * The {@code java.io.tmpdir} System Property. Default temp file path. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.2 + */ + public static final String JAVA_IO_TMPDIR = null; + + /** + *

+ * The {@code java.library.path} System Property. List of paths to search when loading libraries. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.2 + */ + public static final String JAVA_LIBRARY_PATH = null; + + /** + *

+ * The {@code java.runtime.name} System Property. Java Runtime Environment name. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.0 + * @since Java 1.3 + */ + public static final String JAVA_RUNTIME_NAME = null; + + /** + *

+ * The {@code java.runtime.version} System Property. Java Runtime Environment version. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.0 + * @since Java 1.3 + */ + public static final String JAVA_RUNTIME_VERSION = null; + + /** + *

+ * The {@code java.specification.name} System Property. Java Runtime Environment specification name. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.2 + */ + public static final String JAVA_SPECIFICATION_NAME = null; + + /** + *

+ * The {@code java.specification.vendor} System Property. Java Runtime Environment specification vendor. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.2 + */ + public static final String JAVA_SPECIFICATION_VENDOR = null; + + /** + *

+ * The {@code java.specification.version} System Property. Java Runtime Environment specification version. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.3 + */ + public static final String JAVA_SPECIFICATION_VERSION = null; + + /** + *

+ * The {@code java.util.prefs.PreferencesFactory} System Property. A class name. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.1 + * @since Java 1.4 + */ + public static final String JAVA_UTIL_PREFS_PREFERENCES_FACTORY = + null; + + /** + *

+ * The {@code java.vendor} System Property. Java vendor-specific string. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String JAVA_VENDOR = null; + + /** + *

+ * The {@code java.vendor.url} System Property. Java vendor URL. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String JAVA_VENDOR_URL = null; + + /** + *

+ * The {@code java.version} System Property. Java version number. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String JAVA_VERSION = null; + + /** + *

+ * The {@code java.vm.info} System Property. Java Virtual Machine implementation info. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.0 + * @since Java 1.2 + */ + public static final String JAVA_VM_INFO = null; + + /** + *

+ * The {@code java.vm.name} System Property. Java Virtual Machine implementation name. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.2 + */ + public static final String JAVA_VM_NAME = null; + + /** + *

+ * The {@code java.vm.specification.name} System Property. Java Virtual Machine specification name. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.2 + */ + public static final String JAVA_VM_SPECIFICATION_NAME = null; + + /** + *

+ * The {@code java.vm.specification.vendor} System Property. Java Virtual Machine specification vendor. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.2 + */ + public static final String JAVA_VM_SPECIFICATION_VENDOR = null; + + /** + *

+ * The {@code java.vm.specification.version} System Property. Java Virtual Machine specification version. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.2 + */ + public static final String JAVA_VM_SPECIFICATION_VERSION = null; + + /** + *

+ * The {@code java.vm.vendor} System Property. Java Virtual Machine implementation vendor. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.2 + */ + public static final String JAVA_VM_VENDOR = null; + + /** + *

+ * The {@code java.vm.version} System Property. Java Virtual Machine implementation version. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.2 + */ + public static final String JAVA_VM_VERSION = null; + + /** + *

+ * The {@code line.separator} System Property. Line separator ({@code "\n"} on UNIX). + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @deprecated Use {@link System#lineSeparator()} instead, since it does not require a privilege check. + * @since Java 1.1 + */ + @Deprecated + public static final String LINE_SEPARATOR = null; + + /** + *

+ * The {@code os.arch} System Property. Operating system architecture. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String OS_ARCH = null; + + /** + *

+ * The {@code os.name} System Property. Operating system name. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String OS_NAME = null; + + /** + *

+ * The {@code os.version} System Property. Operating system version. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String OS_VERSION = null; + + /** + *

+ * The {@code path.separator} System Property. Path separator ({@code ":"} on UNIX). + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @deprecated Use {@link File#pathSeparator}, since it is guaranteed to be a + * string containing a single character and it does not require a privilege check. + * @since Java 1.1 + */ + @Deprecated + public static final String PATH_SEPARATOR = null; + + /** + *

+ * The {@code user.country} or {@code user.region} System Property. User's country code, such as {@code GB}. First + * in Java version 1.2 as {@code user.region}. Renamed to {@code user.country} in 1.4 + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.0 + * @since Java 1.2 + */ + public static final String USER_COUNTRY = null == null ? null : null; + + /** + *

+ * The {@code user.dir} System Property. User's current working directory. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String USER_DIR = null; + + /** + *

+ * The {@code user.home} System Property. User's home directory. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String USER_HOME = null; + + /** + *

+ * The {@code user.language} System Property. User's language code, such as {@code "en"}. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.0 + * @since Java 1.2 + */ + public static final String USER_LANGUAGE = null; + + /** + *

+ * The {@code user.name} System Property. User's account name. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since Java 1.1 + */ + public static final String USER_NAME = null; + + /** + *

+ * The {@code user.timezone} System Property. For example: {@code "America/Los_Angeles"}. + *

+ *

+ * Defaults to {@code null} if the runtime does not have security access to read this property or the property does + * not exist. + *

+ *

+ * This value is initialized when the class is loaded. If {@link System#setProperty(String,String)} or + * {@link System#setProperties(java.util.Properties)} is called after this class is loaded, the value will be out of + * sync with that System property. + *

+ * + * @since 2.1 + */ + public static final String USER_TIMEZONE = null; + + // Java version checks + // ----------------------------------------------------------------------- + // These MUST be declared after those above as they depend on the + // values being set up + + /** + *

+ * Is {@code true} if this is Java version 1.1 (also 1.1.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ */ + public static final boolean IS_JAVA_1_1 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 1.2 (also 1.2.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ */ + public static final boolean IS_JAVA_1_2 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 1.3 (also 1.3.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ */ + public static final boolean IS_JAVA_1_3 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 1.4 (also 1.4.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ */ + public static final boolean IS_JAVA_1_4 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 1.5 (also 1.5.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ */ + public static final boolean IS_JAVA_1_5 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 1.6 (also 1.6.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ */ + public static final boolean IS_JAVA_1_6 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 1.7 (also 1.7.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ * + * @since 3.0 + */ + public static final boolean IS_JAVA_1_7 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 1.8 (also 1.8.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ * + * @since 3.3.2 + */ + public static final boolean IS_JAVA_1_8 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 1.9 (also 1.9.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ * + * @since 3.4 + * + * @deprecated As of release 3.5, replaced by {@link #IS_JAVA_9} + */ + @Deprecated + public static final boolean IS_JAVA_1_9 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 9 (also 9.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ * + * @since 3.5 + */ + public static final boolean IS_JAVA_9 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 10 (also 10.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ * + * @since 3.7 + */ + public static final boolean IS_JAVA_10 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 11 (also 11.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ * + * @since 3.8 + */ + public static final boolean IS_JAVA_11 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 12 (also 12.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ * + * @since 3.9 + */ + public static final boolean IS_JAVA_12 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 13 (also 13.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ * + * @since 3.9 + */ + public static final boolean IS_JAVA_13 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 14 (also 14.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ * + * @since 3.10 + */ + public static final boolean IS_JAVA_14 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Java version 15 (also 15.x versions). + *

+ *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ * + * @since 3.10 + */ + public static final boolean IS_JAVA_15 = compileTimeConstantBreakerBoolean(); + + /** + * Is {@code true} if this is Java version 16 (also 16.x versions). + *

+ * The field will return {@code false} if {@link #JAVA_VERSION} is {@code null}. + *

+ * + * @since 3.13.0 + */ + public static final boolean IS_JAVA_16 = compileTimeConstantBreakerBoolean(); + + // Operating system checks + // ----------------------------------------------------------------------- + // These MUST be declared after those above as they depend on the + // values being set up + // OS names from http://www.vamphq.com/os.html + // Selected ones included - please advise dev@commons.apache.org + // if you want another added or a mistake corrected + + /** + *

+ * Is {@code true} if this is AIX. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_AIX = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is HP-UX. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_HP_UX = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is IBM OS/400. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.3 + */ + public static final boolean IS_OS_400 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Irix. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_IRIX = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Linux. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_LINUX = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_MAC = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_MAC_OSX = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Cheetah. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_MAC_OSX_CHEETAH = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Puma. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_MAC_OSX_PUMA = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Jaguar. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_MAC_OSX_JAGUAR = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Panther. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_MAC_OSX_PANTHER = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Tiger. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_MAC_OSX_TIGER = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Leopard. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_MAC_OSX_LEOPARD = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Snow Leopard. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_MAC_OSX_SNOW_LEOPARD = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Lion. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_MAC_OSX_LION = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Mountain Lion. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_MAC_OSX_MOUNTAIN_LION = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Mavericks. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_MAC_OSX_MAVERICKS = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Yosemite. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_MAC_OSX_YOSEMITE = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X El Capitan. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.5 + */ + public static final boolean IS_OS_MAC_OSX_EL_CAPITAN = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Sierra. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.12.0 + */ + public static final boolean IS_OS_MAC_OSX_SIERRA = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X High Sierra. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.12.0 + */ + public static final boolean IS_OS_MAC_OSX_HIGH_SIERRA = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Mojave. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.12.0 + */ + public static final boolean IS_OS_MAC_OSX_MOJAVE = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Catalina. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.12.0 + */ + public static final boolean IS_OS_MAC_OSX_CATALINA = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Mac OS X Big Sur. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.12.0 + */ + public static final boolean IS_OS_MAC_OSX_BIG_SUR = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is FreeBSD. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.1 + */ + public static final boolean IS_OS_FREE_BSD = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is OpenBSD. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.1 + */ + public static final boolean IS_OS_OPEN_BSD = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is NetBSD. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.1 + */ + public static final boolean IS_OS_NET_BSD = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is OS/2. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_OS2 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Solaris. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_SOLARIS = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is SunOS. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_SUN_OS = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is a UNIX like system, as in any of AIX, HP-UX, Irix, Linux, MacOSX, Solaris or SUN OS. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.1 + */ + public static final boolean IS_OS_UNIX = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_WINDOWS = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows 2000. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_WINDOWS_2000 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows 2003. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.1 + */ + public static final boolean IS_OS_WINDOWS_2003 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows Server 2008. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.1 + */ + public static final boolean IS_OS_WINDOWS_2008 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows Server 2012. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.4 + */ + public static final boolean IS_OS_WINDOWS_2012 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows 95. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_WINDOWS_95 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows 98. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_WINDOWS_98 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows ME. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_WINDOWS_ME = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows NT. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_WINDOWS_NT = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows XP. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.0 + */ + public static final boolean IS_OS_WINDOWS_XP = compileTimeConstantBreakerBoolean(); + + // ----------------------------------------------------------------------- + /** + *

+ * Is {@code true} if this is Windows Vista. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 2.4 + */ + public static final boolean IS_OS_WINDOWS_VISTA = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows 7. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.0 + */ + public static final boolean IS_OS_WINDOWS_7 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows 8. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.2 + */ + public static final boolean IS_OS_WINDOWS_8 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is Windows 10. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.5 + */ + public static final boolean IS_OS_WINDOWS_10 = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Is {@code true} if this is z/OS. + *

+ *

+ * The field will return {@code false} if {@code OS_NAME} is {@code null}. + *

+ * + * @since 3.5 + */ + // Values on a z/OS system I tested (Gary Gregory - 2016-03-12) + // os.arch = s390x + // os.encoding = ISO8859_1 + // os.name = z/OS + // os.version = 02.02.00 + public static final boolean IS_OS_ZOS = compileTimeConstantBreakerBoolean(); + + /** + *

+ * Gets an environment variable, defaulting to {@code defaultValue} if the variable cannot be read. + *

+ *

+ * If a {@code SecurityException} is caught, the return value is {@code defaultValue} and a message is written to + * {@code System.err}. + *

+ * + * @param name + * the environment variable name + * @param defaultValue + * the default value + * @return the environment variable value or {@code defaultValue} if a security problem occurs + * @since 3.8 + */ + public static String getEnvironmentVariable(final String name, final String defaultValue) { + return null; + } + + /** + * Gets the host name from an environment variable + * (COMPUTERNAME on Windows, HOSTNAME elsewhere). + * + *

+ * If you want to know what the network stack says is the host name, you should use {@code InetAddress.getLocalHost().getHostName()}. + *

+ * + * @return the host name. Will be {@code null} if the environment variable is not defined. + * @since 3.6 + */ + public static String getHostName() { + return null; + } + + /** + *

+ * Gets the Java home directory as a {@code File}. + *

+ * + * @return a directory + * @throws SecurityException if a security manager exists and its {@code checkPropertyAccess} method doesn't allow + * access to the specified system property. + * @see System#getProperty(String) + * @since 2.1 + */ + public static File getJavaHome() { + return null; + } + + /** + *

+ * Gets the Java IO temporary directory as a {@code File}. + *

+ * + * @return a directory + * @throws SecurityException if a security manager exists and its {@code checkPropertyAccess} method doesn't allow + * access to the specified system property. + * @see System#getProperty(String) + * @since 2.1 + */ + public static File getJavaIoTmpDir() { + return null; + } + + /** + *

+ * Gets the user directory as a {@code File}. + *

+ * + * @return a directory + * @throws SecurityException if a security manager exists and its {@code checkPropertyAccess} method doesn't allow + * access to the specified system property. + * @see System#getProperty(String) + * @since 2.1 + */ + public static File getUserDir() { + return null; + } + + /** + *

+ * Gets the user home directory as a {@code File}. + *

+ * + * @return a directory + * @throws SecurityException if a security manager exists and its {@code checkPropertyAccess} method doesn't allow + * access to the specified system property. + * @see System#getProperty(String) + * @since 2.1 + */ + public static File getUserHome() { + return null; + } + + /** + *

+ * Gets the user name. + *

+ * + * @return a name + * @throws SecurityException if a security manager exists and its {@code checkPropertyAccess} method doesn't allow + * access to the specified system property. + * @see System#getProperty(String) + * @since 3.10 + */ + public static String getUserName() { + return null; + } + + /** + *

+ * Gets the user name. + *

+ * + * @param defaultValue A default value. + * @return a name + * @throws SecurityException if a security manager exists and its {@code checkPropertyAccess} method doesn't allow + * access to the specified system property. + * @see System#getProperty(String) + * @since 3.10 + */ + public static String getUserName(final String defaultValue) { + return null; + } + + /** + * Returns whether the {@link #JAVA_AWT_HEADLESS} value is {@code true}. + * + * @return {@code true} if {@code JAVA_AWT_HEADLESS} is {@code "true"}, {@code false} otherwise. + * @see #JAVA_AWT_HEADLESS + * @since 2.1 + * @since Java 1.4 + */ + public static boolean isJavaAwtHeadless() { + return Boolean.TRUE.toString().equals(JAVA_AWT_HEADLESS); + } + + /** + * A method that can be called to break the compile-time constant generation by the java compiler. + * This makes the CodeQL tests more accurate to when user code is compiled against the real implementation of this library. + */ + private static boolean compileTimeConstantBreakerBoolean() { + return "".contains("."); + } + + // ----------------------------------------------------------------------- + /** + *

+ * SystemUtils instances should NOT be constructed in standard programming. Instead, the class should be used as + * {@code SystemUtils.FILE_SEPARATOR}. + *

+ *

+ * This constructor is public to permit tools that require a JavaBean instance to operate. + *

+ */ + public SystemUtils() { + } + +} \ No newline at end of file diff --git a/java/ql/test/stubs/guava-30.0/com/google/common/base/StandardSystemProperty.java b/java/ql/test/stubs/guava-30.0/com/google/common/base/StandardSystemProperty.java new file mode 100644 index 000000000000..cde5c3fe5d61 --- /dev/null +++ b/java/ql/test/stubs/guava-30.0/com/google/common/base/StandardSystemProperty.java @@ -0,0 +1,131 @@ +/* + * Copyright (C) 2012 The Guava Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +package com.google.common.base; + +public enum StandardSystemProperty { + + /** Java Runtime Environment version. */ + JAVA_VERSION("java.version"), + + /** Java Runtime Environment vendor. */ + JAVA_VENDOR("java.vendor"), + + /** Java vendor URL. */ + JAVA_VENDOR_URL("java.vendor.url"), + + /** Java installation directory. */ + JAVA_HOME("java.home"), + + /** Java Virtual Machine specification version. */ + JAVA_VM_SPECIFICATION_VERSION("java.vm.specification.version"), + + /** Java Virtual Machine specification vendor. */ + JAVA_VM_SPECIFICATION_VENDOR("java.vm.specification.vendor"), + + /** Java Virtual Machine specification name. */ + JAVA_VM_SPECIFICATION_NAME("java.vm.specification.name"), + + /** Java Virtual Machine implementation version. */ + JAVA_VM_VERSION("java.vm.version"), + + /** Java Virtual Machine implementation vendor. */ + JAVA_VM_VENDOR("java.vm.vendor"), + + /** Java Virtual Machine implementation name. */ + JAVA_VM_NAME("java.vm.name"), + + /** Java Runtime Environment specification version. */ + JAVA_SPECIFICATION_VERSION("java.specification.version"), + + /** Java Runtime Environment specification vendor. */ + JAVA_SPECIFICATION_VENDOR("java.specification.vendor"), + + /** Java Runtime Environment specification name. */ + JAVA_SPECIFICATION_NAME("java.specification.name"), + + /** Java class format version number. */ + JAVA_CLASS_VERSION("java.class.version"), + + /** Java class path. */ + JAVA_CLASS_PATH("java.class.path"), + + /** List of paths to search when loading libraries. */ + JAVA_LIBRARY_PATH("java.library.path"), + + /** Default temp file path. */ + JAVA_IO_TMPDIR("java.io.tmpdir"), + + /** Name of JIT compiler to use. */ + JAVA_COMPILER("java.compiler"), + + /** + * Path of extension directory or directories. + * + * @deprecated This property was deprecated in + * Java 8 and removed in Java 9. We do not plan to remove this API from Guava, but if you are + * using it, it is probably not doing what you want. + */ + @Deprecated + JAVA_EXT_DIRS("java.ext.dirs"), + + /** Operating system name. */ + OS_NAME("os.name"), + + /** Operating system architecture. */ + OS_ARCH("os.arch"), + + /** Operating system version. */ + OS_VERSION("os.version"), + + /** File separator ("/" on UNIX). */ + FILE_SEPARATOR("file.separator"), + + /** Path separator (":" on UNIX). */ + PATH_SEPARATOR("path.separator"), + + /** Line separator ("\n" on UNIX). */ + LINE_SEPARATOR("line.separator"), + + /** User's account name. */ + USER_NAME("user.name"), + + /** User's home directory. */ + USER_HOME("user.home"), + + /** User's current working directory. */ + USER_DIR("user.dir"); + + private final String key; + + StandardSystemProperty(String key) { + this.key = key; + } + + /** Returns the key used to lookup this system property. */ + public String key() { + return null; + } + + public String value() { + return null; + } + + /** Returns a string representation of this system property. */ + @Override + public String toString() { + return null; + } +} \ No newline at end of file