From 6c0c1d558ec49f3924defdc92ca68c95caa9ae7a Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Sat, 14 Feb 2026 01:20:41 +0000
Subject: [PATCH] Refactor logInjectionGuard part 1

---
 .../lib/semmle/code/java/security/LogInjection.qll  | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/LogInjection.qll b/java/ql/lib/semmle/code/java/security/LogInjection.qll
index da5a1dc73a0..302b5cd8482 100644
--- a/java/ql/lib/semmle/code/java/security/LogInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/LogInjection.qll
@@ -96,16 +96,17 @@ private predicate logInjectionSanitizer(MethodCall ma) {
  * by checking if there are line breaks in `e`.
  */
 private predicate logInjectionGuard(Guard g, Expr e, boolean branch) {
+  exists(MethodCall ma | ma = g |
+    ma.getMethod() instanceof StringContainsMethod and
+    ma.getArgument(0).(CompileTimeConstantExpr).getStringValue() = ["\n", "\r"] and
+    e = ma.getQualifier() and
+    branch = false
+  )
+  or
   exists(MethodCall ma, CompileTimeConstantExpr target |
     ma = g and
     target = ma.getArgument(0)
   |
-    ma.getMethod().getDeclaringType() instanceof TypeString and
-    ma.getMethod().hasName("contains") and
-    target.getStringValue() = ["\n", "\r"] and
-    e = ma.getQualifier() and
-    branch = false
-    or
     ma.getMethod().hasName("matches") and
     (
       ma.getMethod().getDeclaringType() instanceof TypeString and