Merge pull request #6884 from geoffw0/setliterals

Replace or chains with set literals.

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateData.qll

@@ -13,26 +13,25 @@ import cpp
 
 /** A string for `match` that identifies strings that look like they represent private data. */
 private string privateNames() {
-  // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
-  // Government identifiers, such as Social Security Numbers
-  result = "%social%security%number%" or
-  // Contact information, such as home addresses and telephone numbers
-  result = "%postcode%" or
-  result = "%zipcode%" or
-  // result = "%telephone%" or
-  // Geographic location - where the user is (or was)
-  result = "%latitude%" or
-  result = "%longitude%" or
-  // Financial data - such as credit card numbers, salary, bank accounts, and debts
-  result = "%creditcard%" or
-  result = "%salary%" or
-  result = "%bankaccount%" or
-  // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
-  // result = "%email%" or
-  // result = "%mobile%" or
-  result = "%employer%" or
-  // Health - medical conditions, insurance status, prescription records
-  result = "%medical%"
+  result =
+    [
+      // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
+      // Government identifiers, such as Social Security Numbers
+      "%social%security%number%",
+      // Contact information, such as home addresses and telephone numbers
+      "%postcode%", "%zipcode%",
+      // result = "%telephone%" or
+      // Geographic location - where the user is (or was)
+      "%latitude%", "%longitude%",
+      // Financial data - such as credit card numbers, salary, bank accounts, and debts
+      "%creditcard%", "%salary%", "%bankaccount%",
+      // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
+      // result = "%email%" or
+      // result = "%mobile%" or
+      "%employer%",
+      // Health - medical conditions, insurance status, prescription records
+      "%medical%"
+    ]
 }
 
 /** An expression that might contain private data. */

cpp/ql/lib/semmle/code/cpp/Specifier.qll

@@ -31,11 +31,7 @@ class Specifier extends Element, @specifier {
  * A C/C++ function specifier: `inline`, `virtual`, or `explicit`.
  */
 class FunctionSpecifier extends Specifier {
-  FunctionSpecifier() {
-    this.hasName("inline") or
-    this.hasName("virtual") or
-    this.hasName("explicit")
-  }
+  FunctionSpecifier() { this.hasName(["inline", "virtual", "explicit"]) }
 
   override string getAPrimaryQlClass() { result = "FunctionSpecifier" }
 }
@@ -45,13 +41,7 @@ class FunctionSpecifier extends Specifier {
  * or `mutable".
  */
 class StorageClassSpecifier extends Specifier {
-  StorageClassSpecifier() {
-    this.hasName("auto") or
-    this.hasName("register") or
-    this.hasName("static") or
-    this.hasName("extern") or
-    this.hasName("mutable")
-  }
+  StorageClassSpecifier() { this.hasName(["auto", "register", "static", "extern", "mutable"]) }
 
   override string getAPrimaryQlClass() { result = "StorageClassSpecifier" }
 }
@@ -60,11 +50,7 @@ class StorageClassSpecifier extends Specifier {
  * A C++ access specifier: `public`, `protected`, or `private`.
  */
 class AccessSpecifier extends Specifier {
-  AccessSpecifier() {
-    this.hasName("public") or
-    this.hasName("protected") or
-    this.hasName("private")
-  }
+  AccessSpecifier() { this.hasName(["public", "protected", "private"]) }
 
   /**
    * Gets the visibility of a field with access specifier `this` if it is

cpp/ql/lib/semmle/code/cpp/security/CommandExecution.qll

@@ -28,35 +28,19 @@ class SystemFunction extends FunctionWithWrappers instanceof CommandExecutionFun
  */
 class VarargsExecFunctionCall extends FunctionCall {
   VarargsExecFunctionCall() {
-    getTarget().hasGlobalName("execl") or
-    getTarget().hasGlobalName("execle") or
-    getTarget().hasGlobalName("execlp") or
-    // Windows
-    getTarget().hasGlobalName("_execl") or
-    getTarget().hasGlobalName("_execle") or
-    getTarget().hasGlobalName("_execlp") or
-    getTarget().hasGlobalName("_execlpe") or
-    getTarget().hasGlobalName("_spawnl") or
-    getTarget().hasGlobalName("_spawnle") or
-    getTarget().hasGlobalName("_spawnlp") or
-    getTarget().hasGlobalName("_spawnlpe") or
-    getTarget().hasGlobalName("_wexecl") or
-    getTarget().hasGlobalName("_wexecle") or
-    getTarget().hasGlobalName("_wexeclp") or
-    getTarget().hasGlobalName("_wexeclpe") or
-    getTarget().hasGlobalName("_wspawnl") or
-    getTarget().hasGlobalName("_wspawnle") or
-    getTarget().hasGlobalName("_wspawnlp") or
-    getTarget().hasGlobalName("_wspawnlpe")
+    getTarget()
+        .hasGlobalName([
+            "execl", "execle", "execlp",
+            // Windows
+            "_execl", "_execle", "_execlp", "_execlpe", "_spawnl", "_spawnle", "_spawnlp",
+            "_spawnlpe", "_wexecl", "_wexecle", "_wexeclp", "_wexeclpe", "_wspawnl", "_wspawnle",
+            "_wspawnlp", "_wspawnlpe"
+          ])
   }
 
   /** Whether the last argument to the function is an environment pointer */
   predicate hasEnvironmentArgument() {
-    getTarget().hasGlobalName("execle") or
-    getTarget().hasGlobalName("_execle") or
-    getTarget().hasGlobalName("_execlpe") or
-    getTarget().hasGlobalName("_wexecle") or
-    getTarget().hasGlobalName("_wexeclpe")
+    getTarget().hasGlobalName(["execle", "_execle", "_execlpe", "_wexecle", "_wexeclpe"])
   }
 
   /**
@@ -83,11 +67,7 @@ class VarargsExecFunctionCall extends FunctionCall {
    * all the other ones start with the command.
    */
   private int getCommandIdx() {
-    if
-      getTarget().getName().matches("\\_spawn%") or
-      getTarget().getName().matches("\\_wspawn%")
-    then result = 1
-    else result = 0
+    if getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) then result = 1 else result = 0
   }
 }
 
@@ -98,28 +78,14 @@ class VarargsExecFunctionCall extends FunctionCall {
  */
 class ArrayExecFunctionCall extends FunctionCall {
   ArrayExecFunctionCall() {
-    getTarget().hasGlobalName("execv") or
-    getTarget().hasGlobalName("execvp") or
-    getTarget().hasGlobalName("execvpe") or
-    getTarget().hasGlobalName("execve") or
-    getTarget().hasGlobalName("fexecve") or
-    // Windows variants
-    getTarget().hasGlobalName("_execv") or
-    getTarget().hasGlobalName("_execve") or
-    getTarget().hasGlobalName("_execvp") or
-    getTarget().hasGlobalName("_execvpe") or
-    getTarget().hasGlobalName("_spawnv") or
-    getTarget().hasGlobalName("_spawnve") or
-    getTarget().hasGlobalName("_spawnvp") or
-    getTarget().hasGlobalName("_spawnvpe") or
-    getTarget().hasGlobalName("_wexecv") or
-    getTarget().hasGlobalName("_wexecve") or
-    getTarget().hasGlobalName("_wexecvp") or
-    getTarget().hasGlobalName("_wexecvpe") or
-    getTarget().hasGlobalName("_wspawnv") or
-    getTarget().hasGlobalName("_wspawnve") or
-    getTarget().hasGlobalName("_wspawnvp") or
-    getTarget().hasGlobalName("_wspawnvpe")
+    getTarget()
+        .hasGlobalName([
+            "execv", "execvp", "execvpe", "execve", "fexecve",
+            // Windows variants
+            "_execv", "_execve", "_execvp", "_execvpe", "_spawnv", "_spawnve", "_spawnvp",
+            "_spawnvpe", "_wexecv", "_wexecve", "_wexecvp", "_wexecvpe", "_wspawnv", "_wspawnve",
+            "_wspawnvp", "_wspawnvpe"
+          ])
   }
 
   /** The argument with the array of command arguments */
@@ -133,11 +99,7 @@ class ArrayExecFunctionCall extends FunctionCall {
    * all the other ones start with the command.
    */
   private int getCommandIdx() {
-    if
-      getTarget().getName().matches("\\_spawn%") or
-      getTarget().getName().matches("\\_wspawn%")
-    then result = 1
-    else result = 0
+    if getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) then result = 1 else result = 0
   }
 }
 

cpp/ql/lib/semmle/code/cpp/security/OutputWrite.qll

@@ -21,14 +21,12 @@ class OutputWrite extends Expr {
  * A standard output or standard error variable.
  */
 private predicate outputVariable(Variable v) {
-  // standard output
-  v.hasName("cout") or
-  v.hasName("wcout") or
-  // standard error
-  v.hasName("cerr") or
-  v.hasName("clog") or
-  v.hasName("wcerr") or
-  v.hasName("wclog")
+  v.hasName([
+      // standard output
+      "cout", "wcout",
+      // standard error
+      "cerr", "clog", "wcerr", "wclog"
+    ])
 }
 
 /**
@@ -64,10 +62,7 @@ private predicate outputWrite(Expr write, Expr source) {
     arg >= f.(FormattingFunction).getFormatParameterIndex()
     or
     // puts, putchar
-    (
-      f.hasGlobalOrStdName("puts") or
-      f.hasGlobalOrStdName("putchar")
-    ) and
+    f.hasGlobalOrStdName(["puts", "putchar"]) and
     arg = 0
     or
     exists(Call wrappedCall, Expr wrappedSource |

cpp/ql/lib/semmle/code/cpp/security/SensitiveExprs.qll

@@ -11,17 +11,8 @@ import cpp
  */
 bindingset[s]
 private predicate suspicious(string s) {
-  (
-    s.matches("%password%") or
-    s.matches("%passwd%") or
-    s.matches("%trusted%")
-  ) and
-  not (
-    s.matches("%hash%") or
-    s.matches("%crypt%") or
-    s.matches("%file%") or
-    s.matches("%path%")
-  )
+  s.matches(["%password%", "%passwd%", "%trusted%"]) and
+  not s.matches(["%hash%", "%crypt%", "%file%", "%path%"])
 }
 
 /**