Merge pull request #2488 from geoffw0/speedup2

CPP: Speed up SensitiveExprs.qll

cpp/ql/src/semmle/code/cpp/security/SensitiveExprs.qll

@@ -1,37 +1,32 @@
 import cpp
 
-private string suspicious() {
+bindingset[s]
-  result = "%password%" or
+private predicate suspicious(string s) {
-  result = "%passwd%" or
+  (
-  result = "%account%" or
+    s.matches("%password%") or
-  result = "%accnt%" or
+    s.matches("%passwd%") or
-  result = "%trusted%"
+    s.matches("%account%") or
+    s.matches("%accnt%") or
+    s.matches("%trusted%")
+  ) and
+  not (
+    s.matches("%hashed%") or
+    s.matches("%encrypted%") or
+    s.matches("%crypt%")
+  )
 }
 
-private string nonSuspicious() {
+class SensitiveVariable extends Variable {
-  result = "%hashed%" or
+  SensitiveVariable() { suspicious(getName().toLowerCase()) }
-  result = "%encrypted%" or
-  result = "%crypt%"
 }
 
-abstract class SensitiveExpr extends Expr { }
+class SensitiveFunction extends Function {
+  SensitiveFunction() { suspicious(getName().toLowerCase()) }
+}
 
-class SensitiveVarAccess extends SensitiveExpr {
+class SensitiveExpr extends Expr {
-  SensitiveVarAccess() {
+  SensitiveExpr() {
-    this instanceof VariableAccess and
+    this.(VariableAccess).getTarget() instanceof SensitiveVariable or
-    exists(string s | this.toString().toLowerCase() = s |
+    this.(FunctionCall).getTarget() instanceof SensitiveFunction
-      s.matches(suspicious()) and
-      not s.matches(nonSuspicious())
-    )
-  }
-}
-
-class SensitiveCall extends SensitiveExpr {
-  SensitiveCall() {
-    this instanceof FunctionCall and
-    exists(string s | this.toString().toLowerCase() = s |
-      s.matches(suspicious()) and
-      not s.matches(nonSuspicious())
-    )
   }
 }