simplify expressions that could be type-casts

2026-04-28 18:25:24 +02:00 · 2022-01-20 10:41:35 +01:00
parent 547f492be0
commit 4e8e3a7420
70 changed files with 123 additions and 143 deletions
--- a/java/ql/lib/semmle/code/java/Expr.qll
+++ b/java/ql/lib/semmle/code/java/Expr.qll
@@ -1750,7 +1750,7 @@ class TypeAccess extends Expr, Annotatable, @typeaccess {
  Expr getQualifier() { result.isNthChildOf(this, -1) }

  /** Holds if this type access has a qualifier. */
-  predicate hasQualifier() { exists(Expr e | e = this.getQualifier()) }
+  predicate hasQualifier() { exists(this.getQualifier()) }

  /** Gets a type argument supplied to this type access. */
  Expr getATypeArgument() { result.getIndex() >= 0 and result.getParent() = this }
@@ -1762,7 +1762,7 @@ class TypeAccess extends Expr, Annotatable, @typeaccess {
  }

  /** Holds if this type access has a type argument. */
-  predicate hasTypeArgument() { exists(Expr e | e = this.getATypeArgument()) }
+  predicate hasTypeArgument() { exists(this.getATypeArgument()) }

  /** Gets the compilation unit in which this type access occurs. */
  override CompilationUnit getCompilationUnit() { result = Expr.super.getCompilationUnit() }
--- a/java/ql/lib/semmle/code/java/Generics.qll
+++ b/java/ql/lib/semmle/code/java/Generics.qll
@@ -101,7 +101,7 @@ class GenericInterface extends GenericType, Interface {
 */
 abstract class BoundedType extends RefType, @boundedtype {
  /** Holds if this type is bounded. */
-  predicate hasTypeBound() { exists(TypeBound tb | tb = this.getATypeBound()) }
+  predicate hasTypeBound() { exists(this.getATypeBound()) }

  /** Gets a type bound for this type, if any. */
  TypeBound getATypeBound() { result.getBoundedType() = this }
--- a/java/ql/lib/semmle/code/java/Statement.qll
+++ b/java/ql/lib/semmle/code/java/Statement.qll
@@ -636,7 +636,7 @@ class BreakStmt extends Stmt, @breakstmt {
  string getLabel() { namestrings(result, _, this) }

  /** Holds if this `break` statement has an explicit label. */
-  predicate hasLabel() { exists(string s | s = this.getLabel()) }
+  predicate hasLabel() { exists(this.getLabel()) }

  override string pp() {
    if this.hasLabel() then result = "break " + this.getLabel() else result = "break"
@@ -673,7 +673,7 @@ class ContinueStmt extends Stmt, @continuestmt {
  string getLabel() { namestrings(result, _, this) }

  /** Holds if this `continue` statement has an explicit label. */
-  predicate hasLabel() { exists(string s | s = this.getLabel()) }
+  predicate hasLabel() { exists(this.getLabel()) }

  override string pp() {
    if this.hasLabel() then result = "continue " + this.getLabel() else result = "continue"
--- a/java/ql/lib/semmle/code/java/controlflow/UnreachableBlocks.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/UnreachableBlocks.qll
@@ -212,7 +212,7 @@ class UnreachableBasicBlock extends BasicBlock {
    not exists(Callable c | c.getBody() = this) and
    not this instanceof Callable and
    not exists(Annotation a | a.getAChildExpr*() = this) and
-    not exists(AssertStmt a | a = this.(Expr).getEnclosingStmt()) and
+    not this.(Expr).getEnclosingStmt() instanceof AssertStmt and
    not this instanceof CatchClause
    or
    // Switch statements with a constant comparison expression may have unreachable cases.
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -109,7 +109,7 @@ private class MessageBodyReaderParameterSource extends RemoteFlowSource {
 }

 private class PlayParameterSource extends RemoteFlowSource {
-  PlayParameterSource() { exists(PlayActionMethodQueryParameter p | p = this.asParameter()) }
+  PlayParameterSource() { this.asParameter() instanceof PlayActionMethodQueryParameter }

  override string getSourceType() { result = "Play Query Parameters" }
 }
--- a/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll
@@ -60,7 +60,7 @@ predicate exception(EnumConstant e) {
    )
    or
    // Entire `Enum` annotated with reflective annotation.
-    exists(ReflectiveAccessAnnotation ann | ann = t.getAnAnnotation())
+    t.getAnAnnotation() instanceof ReflectiveAccessAnnotation
  )
  or
  // Enum field annotated with reflective annotation.
--- a/java/ql/lib/semmle/code/java/deadcode/frameworks/CamelEntryPoints.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/frameworks/CamelEntryPoints.qll
@@ -12,6 +12,6 @@ import semmle.code.java.frameworks.Camel
 class CamelMessageCallableEntryPoint extends CallableEntryPoint {
  CamelMessageCallableEntryPoint() {
    exists(CamelTargetClass camelTargetClass | this = camelTargetClass.getACamelCalledMethod()) or
-    exists(CamelConsumeMethod consumeMethod | this = consumeMethod)
+    this instanceof CamelConsumeMethod
  }
 }
--- a/java/ql/lib/semmle/code/java/frameworks/Mockito.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Mockito.qll
@@ -357,7 +357,7 @@ class MockitoSettableField extends Field {
  MockitoSettableField() {
    not this.isFinal() and
    not this.isStatic() and
-    exists(MockitoMockInjectedClass injectedClass | injectedClass = this.getDeclaringType())
+    this.getDeclaringType() instanceof MockitoMockInjectedClass
  }

  /**
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringBean.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringBean.qll
@@ -233,7 +233,7 @@ class SpringBean extends SpringXMLElement {
  SpringBean getBeanParent() { result.getBeanIdentifier() = this.getBeanParentName() }

  /** Holds if this bean has a parent bean. */
-  predicate hasBeanParent() { exists(SpringBean b | b = this.getBeanParent()) }
+  predicate hasBeanParent() { exists(this.getBeanParent()) }

  predicate hasBeanAncestor(SpringBean ancestor) {
    ancestor = this.getBeanParent() or
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringBeanFile.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringBeanFile.qll
@@ -58,7 +58,7 @@ class SpringBeanFile extends XMLFile {

  /** Gets the `default-dependency-check` value for this file. */
  string getDefaultDependencyCheck() {
-    if exists(XMLAttribute a | this.getBeansElement().getAttribute("default-dependency-check") = a)
+    if exists(this.getBeansElement().getAttribute("default-dependency-check"))
    then result = this.getBeansElement().getAttributeValue("default-dependency-check")
    else result = "none"
  }
@@ -70,7 +70,7 @@ class SpringBeanFile extends XMLFile {

  /** Holds if this file has a `default-destroy-method` value. */
  predicate hasDefaultDestroyMethod() {
-    exists(XMLAttribute a | this.getBeansElement().getAttribute("default-destroy-method") = a)
+    exists(this.getBeansElement().getAttribute("default-destroy-method"))
  }

  /** Gets the `default-init-method` value for this file. */
@@ -80,7 +80,7 @@ class SpringBeanFile extends XMLFile {

  /** Holds if the file has a `default-destroy-method` value. */
  predicate hasDefaultInitMethod() {
-    exists(XMLAttribute a | this.getBeansElement().getAttribute("default-init-method") = a)
+    exists(this.getBeansElement().getAttribute("default-init-method"))
  }

  /** Holds if `default-lazy-init` is specified to be `true` for this file. */
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringXMLElement.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringXMLElement.qll
@@ -18,7 +18,7 @@ class SpringXMLElement extends XMLElement {
   */
  string getAttributeValueWithDefault(string attributeName) {
    this.hasAttribute(attributeName) and
-    if exists(XMLAttribute a | a = this.getAttribute(attributeName))
+    if exists(this.getAttribute(attributeName))
    then result = this.getAttributeValue(attributeName)
    else result = "default"
  }
--- a/java/ql/lib/semmle/code/java/metrics/MetricElement.qll
+++ b/java/ql/lib/semmle/code/java/metrics/MetricElement.qll
@@ -43,11 +43,11 @@ class MetricElement extends Element {
    this.fromSource() and
    not this.getADependencySrc+() = this and
    (
-      not exists(MetricElement t | t = this.getADependency()) and
+      not exists(this.getADependency()) and
      result = 0
      or
      not this.getADependency().fromSource() and
-      exists(MetricElement e | this.getADependency() = e) and
+      exists(this.getADependency()) and
      result = 1
      or
      result = this.getADependency().getALevel() + 1
--- a/java/ql/lib/semmle/code/java/metrics/MetricStmt.qll
+++ b/java/ql/lib/semmle/code/java/metrics/MetricStmt.qll
@@ -18,7 +18,7 @@ class MetricStmt extends Stmt {

  /** Gets the nested depth of this statement. */
  int getNestedDepth() {
-    not exists(Stmt s | s = this.getParent()) and result = 0
+    not this.getParent() instanceof Stmt and result = 0
    or
    exists(MetricStmt s | s = this.getParent() and result = s.getNestedDepth() + 1)
  }
--- a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
@@ -312,7 +312,7 @@ MethodAccess getASafeFlexjsonUseCall() {
    result.getArgument(0) instanceof NullLiteral
    or
    result.getMethod().getParameterType(0) instanceof FlexjsonObjectFactory and
-    exists(NullLiteral e | e = result.getAnArgument())
+    result.getAnArgument() instanceof NullLiteral
  )
 }

--- a/java/ql/lib/semmle/code/xml/XML.qll
+++ b/java/ql/lib/semmle/code/xml/XML.qll
@@ -233,7 +233,7 @@ class XMLElement extends @xmlelement, XMLParent, XMLLocatable {
  XMLAttribute getAttribute(string name) { result.getElement() = this and result.getName() = name }

  /** Holds if this XML element has an attribute with the specified `name`. */
-  predicate hasAttribute(string name) { exists(XMLAttribute a | a = this.getAttribute(name)) }
+  predicate hasAttribute(string name) { exists(this.getAttribute(name)) }

  /** Gets the value of the attribute with the specified `name`, if any. */
  string getAttributeValue(string name) { result = this.getAttribute(name).getValue() }
--- a/java/ql/src/Architecture/Dependencies/UnusedMavenDependencyBinary.ql
+++ b/java/ql/src/Architecture/Dependencies/UnusedMavenDependencyBinary.ql
@@ -23,7 +23,7 @@ where
  source.getADependency() = d and
  // There is not a Pom file for the target of this dependency, so we assume that it was resolved by
  // a binary file in the local maven repository.
-  not exists(Pom target | target = d.getPom()) and
+  not exists(d.getPom()) and
  // In order to accurately identify whether this binary dependency is required, we must have identified
  // a Maven repository. If we have not found a repository, it's likely that it has a custom path of
  // which we are unaware, so do not report any problems.
--- a/java/ql/src/DeadCode/DeadField.ql
+++ b/java/ql/src/DeadCode/DeadField.ql
@@ -16,12 +16,9 @@ import semmle.code.java.deadcode.DeadCode
 from DeadField f, Element origin, string reason
 where
  not f.isInDeadScope() and
-  if exists(FieldRead read | read = f.getAnAccess())
+  if f.getAnAccess() instanceof FieldRead
  then (
-    if
-      exists(DeadRoot root |
-        root = getADeadRoot(f.getAnAccess().(FieldRead).getEnclosingCallable())
-      )
+    if exists(getADeadRoot(f.getAnAccess().(FieldRead).getEnclosingCallable()))
    then (
      origin = getADeadRoot(f.getAnAccess().(FieldRead).getEnclosingCallable()) and
      reason = " is only read from dead code originating at $@."
--- a/java/ql/src/Frameworks/Spring/Violations
+++ b/java/ql/src/Frameworks/Spring/Violations
@@ -14,5 +14,5 @@ import java
 import semmle.code.java.frameworks.spring.Spring

 from SpringBean b
-where exists(SpringConstructorArg carg | b.getASpringChild() = carg)
+where b.getASpringChild() instanceof SpringConstructorArg
 select b, "Use setter injection instead of constructor injection."
--- a/java/ql/src/Frameworks/Spring/Violations
+++ b/java/ql/src/Frameworks/Spring/Violations
@@ -15,12 +15,12 @@ import semmle.code.java.frameworks.spring.Spring
 class SpringConstructorArgUseShortcut extends SpringConstructorArg {
  SpringConstructorArgUseShortcut() {
    not this.hasArgValueString() and
-    exists(SpringValue val | val = this.getASpringChild())
+    this.getASpringChild() instanceof SpringValue
  }

  string getMessage() {
    not this.hasArgValueString() and
-    exists(SpringValue val | val = this.getASpringChild()) and
+    this.getASpringChild() instanceof SpringValue and
    result = "Use the shortcut \"value\" attribute instead of a nested <value> element."
  }
 }
@@ -28,12 +28,12 @@ class SpringConstructorArgUseShortcut extends SpringConstructorArg {
 class SpringEntryUseShortcut extends SpringEntry {
  SpringEntryUseShortcut() {
    not this.hasValueStringRaw() and
-    exists(SpringValue val | val = this.getASpringChild())
+    this.getASpringChild() instanceof SpringValue
  }

  string getMessage() {
    not this.hasValueStringRaw() and
-    exists(SpringValue val | val = this.getASpringChild()) and
+    this.getASpringChild() instanceof SpringValue and
    result = "Use the shortcut \"value\" attribute instead of a nested <value> element."
  }
 }
@@ -41,12 +41,12 @@ class SpringEntryUseShortcut extends SpringEntry {
 class SpringPropertyUseShortcut extends SpringProperty {
  SpringPropertyUseShortcut() {
    not this.hasPropertyValueString() and
-    exists(SpringValue val | val = this.getASpringChild())
+    this.getASpringChild() instanceof SpringValue
  }

  string getMessage() {
    not this.hasPropertyValueString() and
-    exists(SpringValue val | val = this.getASpringChild()) and
+    this.getASpringChild() instanceof SpringValue and
    result = "Use the shortcut \"value\" attribute instead of a nested <value> element."
  }
 }
--- a/Bugs/Cloning/MissingMethodClone.ql
+++ b/Bugs/Cloning/MissingMethodClone.ql
@@ -16,7 +16,7 @@ from Class t, TypeCloneable cloneable
 where
  t.hasSupertype+(cloneable) and
  not t.isAbstract() and
-  not exists(CloneMethod m | t.getAMethod() = m) and
+  not t.getAMethod() instanceof CloneMethod and
  exists(Field f | f.getDeclaringType() = t and not f.isStatic()) and
  t.fromSource()
 select t, "No clone method, yet implements Cloneable."
--- a/Bugs/Concurrency/WaitOutsideLoop.ql
+++ b/Bugs/Concurrency/WaitOutsideLoop.ql
@@ -23,5 +23,5 @@ class WaitMethod extends Method {
 from MethodAccess ma
 where
  ma.getMethod() instanceof WaitMethod and
-  not exists(LoopStmt s | ma.getEnclosingStmt().getEnclosingStmt*() = s)
+  not ma.getEnclosingStmt().getEnclosingStmt*() instanceof LoopStmt
 select ma, "To avoid spurious wake-ups, 'wait' should only be called inside a loop."
--- a/Bugs/Serialization/IncorrectSerialVersionUID.ql
+++ b/Bugs/Serialization/IncorrectSerialVersionUID.ql
@@ -21,5 +21,5 @@ where
    not f.isStatic() or
    not f.getType().hasName("long")
  ) and
-  exists(TypeSerializable serializable | f.getDeclaringType().getASupertype+() = serializable)
+  f.getDeclaringType().getASupertype+() instanceof TypeSerializable
 select f, "serialVersionUID should be final, static, and of type long."
--- a/Bugs/Serialization/NonSerializableInnerClass.ql
+++ b/Bugs/Serialization/NonSerializableInnerClass.ql
@@ -14,7 +14,7 @@
 import java
 import semmle.code.java.JDKAnnotations

-predicate isSerializable(RefType t) { exists(TypeSerializable ts | ts = t.getASupertype*()) }
+predicate isSerializable(RefType t) { t.getASupertype*() instanceof TypeSerializable }

 predicate withinStaticContext(NestedClass c) {
  c.isStatic() or
--- a/Practice/Implementation
+++ b/Practice/Implementation
@@ -16,7 +16,7 @@ predicate nonEmptyArrayLiteralOrNull(Expr e) {
  exists(ArrayCreationExpr arr | arr = e |
    // Array initializer expressions such as `{1, 2, 3}`.
    // Array is empty if the initializer expression is empty.
-    exists(Expr arrayValue | arrayValue = arr.getInit().getAnInit())
+    exists(arr.getInit().getAnInit())
    or
    // Array creation with dimensions (but without initializers).
    // Empty if the first dimension is 0.
--- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql
@@ -58,7 +58,7 @@ where
  not m.getParameterType(_) instanceof HttpServletResponse and
  // A spring request mapping method which does not have response body annotation applied to it
  m.getAnAnnotation().getType() instanceof SpringRequestMappingAnnotationType and
-  not exists(SpringResponseBodyAnnotationType t | t = m.getAnAnnotation().getType()) and
+  not m.getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType and
  // `@RestController` inherits `@ResponseBody` internally so it should be ignored.
  not m.getDeclaringType() instanceof SpringRestController
 select m, "This method may be vulnerable to spring view manipulation vulnerabilities"
--- a/java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSource.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSource.qll
@@ -32,9 +32,7 @@ class GetContentIntent extends ClassInstanceExpr {
 class GetContentIntentConfig extends TaintTracking2::Configuration {
  GetContentIntentConfig() { this = "GetContentIntentConfig" }

-  override predicate isSource(DataFlow2::Node src) {
-    exists(GetContentIntent gi | src.asExpr() = gi)
-  }
+  override predicate isSource(DataFlow2::Node src) { src.asExpr() instanceof GetContentIntent }

  override predicate isSink(DataFlow2::Node sink) {
    exists(MethodAccess ma |
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
@@ -52,7 +52,7 @@ class KeyGeneratorInitConfiguration extends TaintTracking::Configuration {
  KeyGeneratorInitConfiguration() { this = "KeyGeneratorInitConfiguration" }

  override predicate isSource(DataFlow::Node source) {
-    exists(JavaxCryptoKeyGenerator jcg | jcg = source.asExpr())
+    source.asExpr() instanceof JavaxCryptoKeyGenerator
  }

  override predicate isSink(DataFlow::Node sink) {
@@ -68,7 +68,7 @@ class KeyPairGeneratorInitConfiguration extends TaintTracking::Configuration {
  KeyPairGeneratorInitConfiguration() { this = "KeyPairGeneratorInitConfiguration" }

  override predicate isSource(DataFlow::Node source) {
-    exists(JavaSecurityKeyPairGenerator jkg | jkg = source.asExpr())
+    source.asExpr() instanceof JavaSecurityKeyPairGenerator
  }

  override predicate isSink(DataFlow::Node sink) {