From 43b49628fc54cd2de38768e14ff9f22720852919 Mon Sep 17 00:00:00 2001
From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local>
Date: Tue, 5 Mar 2024 14:36:43 -0500
Subject: [PATCH] Java: use new 'SimpleTypeSanitizer', and update some
 non-extending subtype relationships

---
 .../semmle/code/java/security/UrlForward.qll    | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/UrlForward.qll b/java/ql/lib/semmle/code/java/security/UrlForward.qll
index 79f8e5f2b28..d19b8c163fd 100644
--- a/java/ql/lib/semmle/code/java/security/UrlForward.qll
+++ b/java/ql/lib/semmle/code/java/security/UrlForward.qll
@@ -6,6 +6,7 @@ private import semmle.code.java.dataflow.FlowSources
 private import semmle.code.java.dataflow.StringPrefixes
 private import semmle.code.java.security.PathSanitizer
 private import semmle.code.java.controlflow.Guards
+private import semmle.code.java.security.Sanitizers
 
 /** A URL forward sink. */
 abstract class UrlForwardSink extends DataFlow::Node { }
@@ -38,13 +39,7 @@ private class ForwardPrefix extends InterestingPrefix {
 /** A URL forward barrier. */
 abstract class UrlForwardBarrier extends DataFlow::Node { }
 
-private class PrimitiveBarrier extends UrlForwardBarrier {
-  PrimitiveBarrier() {
-    this.getType() instanceof PrimitiveType or
-    this.getType() instanceof BoxedType or
-    this.getType() instanceof NumberType
-  }
-}
+private class PrimitiveBarrier extends UrlForwardBarrier instanceof SimpleTypeSanitizer { }
 
 // TODO: should this also take URL encoding/decoding into account?
 // TODO: and PathSanitization in general?
@@ -87,9 +82,7 @@ private class DefaultUrlDecodeCall extends UrlDecodeCall {
 // TODO: this can probably be named/designed better...
 abstract class RepeatedStmt extends Stmt { }
 
-private class DefaultRepeatedStmt extends RepeatedStmt {
-  DefaultRepeatedStmt() { this instanceof LoopStmt }
-}
+private class DefaultRepeatedStmt extends RepeatedStmt instanceof LoopStmt { }
 
 abstract class CheckEncodingCall extends MethodCall { }
 
@@ -111,9 +104,7 @@ private class RepeatedUrlDecodeCall extends MethodCall {
   }
 }
 
-private class CheckEncodingGuard extends Guard instanceof MethodCall {
-  CheckEncodingGuard() { this instanceof CheckEncodingCall }
-
+private class CheckEncodingGuard extends Guard instanceof MethodCall, CheckEncodingCall {
   Expr getCheckedExpr() { result = this.(MethodCall).getQualifier() }
 }