From 60e58f8219f6cdc78f1859cf87dac98d7b4c273f Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Sat, 14 Feb 2026 01:26:46 +0000
Subject: [PATCH] Refactor logInjectionGuard part 2

---
 .../code/java/security/LogInjection.qll       | 41 ++++++++-----------
 1 file changed, 16 insertions(+), 25 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/LogInjection.qll b/java/ql/lib/semmle/code/java/security/LogInjection.qll
index 302b5cd8482..deb72e5cf6a 100644
--- a/java/ql/lib/semmle/code/java/security/LogInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/LogInjection.qll
@@ -103,35 +103,26 @@ private predicate logInjectionGuard(Guard g, Expr e, boolean branch) {
     branch = false
   )
   or
-  exists(MethodCall ma, CompileTimeConstantExpr target |
-    ma = g and
-    target = ma.getArgument(0)
+  exists(RegexMatch rm, CompileTimeConstantExpr target |
+    rm = g and
+    target = rm.getRegex() and
+    e = rm.getString()
   |
-    ma.getMethod().hasName("matches") and
+    // Allow anything except line breaks
     (
-      ma.getMethod().getDeclaringType() instanceof TypeString and
-      e = ma.getQualifier()
+      not target.getStringValue().matches("%[^%]%") and
+      not target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
       or
-      ma.getMethod().getDeclaringType().hasQualifiedName("java.util.regex", "Pattern") and
-      e = ma.getArgument(1)
+      target.getStringValue().matches("%[^%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%]%")
     ) and
+    branch = true
+    or
+    // Disallow line breaks
     (
-      // Allow anything except line breaks
-      (
-        not target.getStringValue().matches("%[^%]%") and
-        not target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
-        or
-        target.getStringValue().matches("%[^%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%]%")
-      ) and
-      branch = true
-      or
-      // Disallow line breaks
-      (
-        not target.getStringValue().matches("%[^%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%]%") and
-        // Assuming a regex containing line breaks is correctly matching line breaks in a string
-        target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
-      ) and
-      branch = false
-    )
+      not target.getStringValue().matches("%[^%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%]%") and
+      // Assuming a regex containing line breaks is correctly matching line breaks in a string
+      target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
+    ) and
+    branch = false
   )
 }