Fix performance change in SecurityFlag

2025-12-19 18:33:16 +01:00 · 2022-06-21 15:17:02 +02:00
parent 79ec998636
commit 579bfc22f3
1 changed files with 25 additions and 12 deletions
--- a/java/ql/lib/semmle/code/java/security/SecurityFlag.qll
+++ b/java/ql/lib/semmle/code/java/security/SecurityFlag.qll
@@ -20,21 +20,34 @@ abstract class FlagKind extends string {
  bindingset[result]
  abstract string getAFlagName();

+  private predicate flagFlowStepTC(DataFlow::Node node1, DataFlow::Node node2) {
+    node2 = node1 and
+    isFlagWithName(node1)
+    or
+    exists(DataFlow::Node nodeMid |
+      flagFlowStep(nodeMid, node2) and
+      flagFlowStepTC(node1, nodeMid)
+    )
+  }
+
+  private predicate isFlagWithName(DataFlow::Node flag) {
+    exists(VarAccess v | v.getVariable().getName() = getAFlagName() |
+      flag.asExpr() = v and v.getType() instanceof FlagType
+    )
+    or
+    exists(StringLiteral s | s.getValue() = getAFlagName() | flag.asExpr() = s)
+    or
+    exists(MethodAccess ma | ma.getMethod().getName() = getAFlagName() |
+      flag.asExpr() = ma and
+      ma.getType() instanceof FlagType
+    )
+  }
+
  /** Gets a node representing a (likely) security flag. */
  DataFlow::Node getAFlag() {
    exists(DataFlow::Node flag |
-      exists(VarAccess v | v.getVariable().getName() = getAFlagName() |
-        flag.asExpr() = v and v.getType() instanceof FlagType
-      )
-      or
-      exists(StringLiteral s | s.getValue() = getAFlagName() | flag.asExpr() = s)
-      or
-      exists(MethodAccess ma | ma.getMethod().getName() = getAFlagName() |
-        flag.asExpr() = ma and
-        ma.getType() instanceof FlagType
-      )
-    |
-      flagFlowStep*(flag, result)
+      isFlagWithName(flag) and
+      flagFlowStepTC(flag, result)
    )
  }
 }