Java: Remove omittable exists variables

2026-04-26 09:15:12 +02:00 · 2022-12-21 16:31:20 +01:00
parent 7a92970d89
commit 32471d326e
63 changed files with 319 additions and 418 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll
@@ -177,10 +177,8 @@ class CryptoOperationSource extends DataFlow::Node {

  /** Holds if remote user input was used in the cryptographic operation. */
  predicate includesUserInput() {
-    exists(
-      DataFlow2::PathNode source, DataFlow2::PathNode sink, UserInputInCryptoOperationConfig config
-    |
-      config.hasFlowPath(source, sink)
+    exists(DataFlow2::PathNode sink, UserInputInCryptoOperationConfig config |
+      config.hasFlowPath(_, sink)
    |
      sink.getNode().asExpr() = call.getQualifier()
    )
--- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflectionLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflectionLib.qll
@@ -31,9 +31,7 @@ class UnsafeReflectionSink extends DataFlow::ExprNode {
 * and its name contains "resolve", "load", etc.
 */
 predicate looksLikeResolveClassStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
-  exists(MethodAccess ma, Method m, int i, Expr arg |
-    m = ma.getMethod() and arg = ma.getArgument(i)
-  |
+  exists(MethodAccess ma, Method m, Expr arg | m = ma.getMethod() and arg = ma.getAnArgument() |
    m.getReturnType() instanceof TypeClass and
    m.getName().toLowerCase() = ["resolve", "load", "class", "type"] and
    arg.getType() instanceof TypeString and
@@ -48,9 +46,7 @@ predicate looksLikeResolveClassStep(DataFlow::Node fromNode, DataFlow::Node toNo
 * and its name contains "instantiate" or similar terms.
 */
 predicate looksLikeInstantiateClassStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
-  exists(MethodAccess ma, Method m, int i, Expr arg |
-    m = ma.getMethod() and arg = ma.getArgument(i)
-  |
+  exists(MethodAccess ma, Method m, Expr arg | m = ma.getMethod() and arg = ma.getAnArgument() |
    m.getReturnType() instanceof TypeObject and
    m.getName().toLowerCase() = ["instantiate", "instance", "create", "make", "getbean"] and
    arg.getType() instanceof TypeClass and
--- a/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql
@@ -158,7 +158,7 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
      ma.getArgument(0) = node.asExpr()
    ) // System.arraycopy(password.getBytes(), ...)
    or
-    exists(AddExpr e | hasAddExprAncestor(e, node.asExpr())) // password+salt
+    hasAddExprAncestor(_, node.asExpr()) // password+salt
    or
    exists(ConditionalExpr ce | ce.getAChildExpr() = node.asExpr()) // useSalt?password+":"+salt:password
    or