Remove fields which are only used in char pred

2026-04-23 07:45:17 +02:00 · 2023-02-17 14:28:38 +00:00
parent a113b8e8a4
commit 7a25200962
8 changed files with 45 additions and 61 deletions
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
@@ -61,9 +61,8 @@ module Private {
  /** A data flow node that represents the output of a call. */
  class OutNode extends Node {
    DataFlow::CallNode call;
-    int i;

-    OutNode() { this = call.getResult(i) }
+    OutNode() { this = call.getResult(_) }

    /** Gets the underlying call. */
    DataFlowCall getCall() { result = call.asExpr() }
@@ -753,13 +752,14 @@ module Public {
   * of the function.
   */
  class ResultNode extends InstructionNode {
-    FuncDef fd;
    int i;

    ResultNode() {
-      exists(IR::ReturnInstruction ret | ret.getRoot() = fd | insn = ret.getResult(i))
-      or
-      insn.(IR::ReadResultInstruction).reads(fd.getResultVar(i))
+      exists(FuncDef fd |
+        exists(IR::ReturnInstruction ret | ret.getRoot() = fd | insn = ret.getResult(i))
+        or
+        insn.(IR::ReadResultInstruction).reads(fd.getResultVar(i))
+      )
    }

    /** Gets the index of this result among all results of the function. */
@@ -1112,12 +1112,12 @@ module Public {
   */
  class RangeElementNode extends Node {
    DataFlow::Node base;
-    IR::ExtractTupleElementInstruction extract;

    RangeElementNode() {
-      this.asInstruction() = extract and
-      extract.extractsElement(_, 1) and
-      extract.getBase().(IR::GetNextEntryInstruction).getDomain() = base.asInstruction()
+      exists(IR::ExtractTupleElementInstruction extract | extract = this.asInstruction() |
+        extract.extractsElement(_, 1) and
+        extract.getBase().(IR::GetNextEntryInstruction).getDomain() = base.asInstruction()
+      )
    }

    /** Gets the data-flow node representing the base from which the element is read. */
--- a/go/ql/lib/semmle/go/frameworks/Beego.qll
+++ b/go/ql/lib/semmle/go/frameworks/Beego.qll
@@ -51,13 +51,9 @@ module Beego {
   */
  private class BeegoInputSource extends UntrustedFlowSource::Range {
    string methodName;
-    FunctionOutput output;

    BeegoInputSource() {
-      exists(DataFlow::MethodCallNode c | this = output.getExitNode(c) |
-        c.getTarget().hasQualifiedName(contextPackagePath(), "BeegoInput", methodName)
-      ) and
-      (
+      exists(FunctionOutput output |
        methodName = "Bind" and
        output.isParameter(0)
        or
@@ -66,6 +62,10 @@ module Beego {
            "URI", "URL", "UserAgent"
          ] and
        output.isResult(0)
+      |
+        exists(DataFlow::MethodCallNode c | this = output.getExitNode(c) |
+          c.getTarget().hasQualifiedName(contextPackagePath(), "BeegoInput", methodName)
+        )
      )
    }

@@ -81,16 +81,8 @@ module Beego {
   * `beego.Controller` sources of untrusted data.
   */
  private class BeegoControllerSource extends UntrustedFlowSource::Range {
-    string methodName;
-    FunctionOutput output;
-
    BeegoControllerSource() {
-      exists(DataFlow::MethodCallNode c |
-        c.getTarget().hasQualifiedName(packagePath(), "Controller", methodName)
-      |
-        this = output.getExitNode(c)
-      ) and
-      (
+      exists(string methodName, FunctionOutput output |
        methodName = "ParseForm" and
        output.isParameter(0)
        or
@@ -99,6 +91,12 @@ module Beego {
        or
        methodName = "GetFile" and
        output.isResult(1)
+      |
+        exists(DataFlow::MethodCallNode c |
+          c.getTarget().hasQualifiedName(packagePath(), "Controller", methodName)
+        |
+          this = output.getExitNode(c)
+        )
      )
    }
  }
@@ -225,10 +223,8 @@ module Beego {
  }

  private class ContextResponseBody extends Http::ResponseBody::Range {
-    string name;
-
    ContextResponseBody() {
-      exists(Method m | m.hasQualifiedName(contextPackagePath(), "Context", name) |
+      exists(Method m, string name | m.hasQualifiedName(contextPackagePath(), "Context", name) |
        name = "Abort" and this = m.getACall().getArgument(1)
        or
        name = "WriteString" and this = m.getACall().getArgument(0)
@@ -326,16 +322,17 @@ module Beego {
  }

  private class RedirectMethods extends Http::Redirect::Range, DataFlow::CallNode {
-    string package;
    string className;

    RedirectMethods() {
-      (
-        package = packagePath() and className = "Controller"
-        or
-        package = contextPackagePath() and className = "Context"
-      ) and
-      this = any(Method m | m.hasQualifiedName(package, className, "Redirect")).getACall()
+      exists(string package |
+        (
+          package = packagePath() and className = "Controller"
+          or
+          package = contextPackagePath() and className = "Context"
+        ) and
+        this = any(Method m | m.hasQualifiedName(package, className, "Redirect")).getACall()
+      )
    }

    override DataFlow::Node getUrl() {
--- a/go/ql/lib/semmle/go/frameworks/Echo.qll
+++ b/go/ql/lib/semmle/go/frameworks/Echo.qll
@@ -43,17 +43,15 @@ private module Echo {
   * Models of `Context.Get/Set`. `Context` behaves like a map, with corresponding taint propagation.
   */
  private class ContextMapModels extends TaintTracking::FunctionModel, Method {
-    string methodName;
    FunctionInput input;
    FunctionOutput output;

    ContextMapModels() {
-      (
+      exists(string methodName | this.hasQualifiedName(packagePath(), "Context", methodName) |
        methodName = "Get" and input.isReceiver() and output.isResult()
        or
        methodName = "Set" and input.isParameter(1) and output.isReceiver()
-      ) and
-      this.hasQualifiedName(packagePath(), "Context", methodName)
+      )
    }

    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
--- a/go/ql/lib/semmle/go/frameworks/K8sIoApiCoreV1.qll
+++ b/go/ql/lib/semmle/go/frameworks/K8sIoApiCoreV1.qll
@@ -10,16 +10,16 @@ module K8sIoApiCoreV1 {
  string packagePath() { result = package("k8s.io/api", "core/v1") }

  private class SecretDeepCopy extends TaintTracking::FunctionModel, Method {
-    string methodName;
    FunctionOutput output;

    SecretDeepCopy() {
-      (
+      exists(string methodName |
        methodName in ["DeepCopy", "DeepCopyObject"] and output.isResult()
        or
        methodName = "DeepCopyInto" and output.isParameter(0)
-      ) and
-      this.hasQualifiedName(packagePath(), ["Secret", "SecretList"], methodName)
+      |
+        this.hasQualifiedName(packagePath(), ["Secret", "SecretList"], methodName)
+      )
    }

    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
--- a/go/ql/lib/semmle/go/frameworks/Revel.qll
+++ b/go/ql/lib/semmle/go/frameworks/Revel.qll
@@ -201,11 +201,9 @@ module Revel {
  private class RevelHeaderMethods extends TaintTracking::FunctionModel {
    FunctionInput input;
    FunctionOutput output;
-    string name;

    RevelHeaderMethods() {
-      this.(Method).hasQualifiedName(packagePath(), "RevelHeader", name) and
-      (
+      exists(string name | this.(Method).hasQualifiedName(packagePath(), "RevelHeader", name) |
        name = ["Add", "Set"] and input.isParameter([0, 1]) and output.isReceiver()
        or
        name = ["Get", "GetAll"] and input.isReceiver() and output.isResult()
--- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -57,13 +57,12 @@ module NetHttp {
  }

  private class MapWrite extends Http::HeaderWrite::Range, DataFlow::Node {
-    Write write;
    DataFlow::Node index;
    DataFlow::Node rhs;

    MapWrite() {
      this.getType().hasQualifiedName("net/http", "Header") and
-      write.writesElement(this, index, rhs)
+      any(Write write).writesElement(this, index, rhs)
    }

    override DataFlow::Node getName() { result = index }
--- a/go/ql/src/experimental/frameworks/CleverGo.qll
+++ b/go/ql/src/experimental/frameworks/CleverGo.qll
@@ -175,18 +175,14 @@ private module CleverGo {
   * Models HTTP redirects.
   */
  private class HttpRedirect extends Http::Redirect::Range, DataFlow::CallNode {
-    string package;
    DataFlow::Node urlNode;

    HttpRedirect() {
      // HTTP redirect models for package: clevergo.tech/clevergo@v0.5.2
-      package = packagePath() and
      // Receiver type: Context
-      (
-        // signature: func (*Context) Redirect(code int, url string) error
-        this = any(Method m | m.hasQualifiedName(package, "Context", "Redirect")).getACall() and
-        urlNode = this.getArgument(1)
-      )
+      // signature: func (*Context) Redirect(code int, url string) error
+      this = any(Method m | m.hasQualifiedName(packagePath(), "Context", "Redirect")).getACall() and
+      urlNode = this.getArgument(1)
    }

    override DataFlow::Node getUrl() { result = urlNode }
--- a/go/ql/src/experimental/frameworks/Fiber.qll
+++ b/go/ql/src/experimental/frameworks/Fiber.qll
@@ -130,18 +130,14 @@ private module Fiber {
   * Models HTTP redirects.
   */
  private class Redirect extends Http::Redirect::Range, DataFlow::CallNode {
-    string package;
    DataFlow::Node urlNode;

    Redirect() {
      // HTTP redirect models for package: github.com/gofiber/fiber@v1.14.6
-      package = fiberPackagePath() and
      // Receiver type: Ctx
-      (
-        // signature: func (*Ctx) Redirect(location string, status ...int)
-        this = any(Method m | m.hasQualifiedName(package, "Ctx", "Redirect")).getACall() and
-        urlNode = this.getArgument(0)
-      )
+      // signature: func (*Ctx) Redirect(location string, status ...int)
+      this = any(Method m | m.hasQualifiedName(fiberPackagePath(), "Ctx", "Redirect")).getACall() and
+      urlNode = this.getArgument(0)
    }

    override DataFlow::Node getUrl() { result = urlNode }