Merge pull request #6926 from geoffw0/setliterals2

C++: Use set literals (more).
2025-12-18 01:33:15 +01:00 · 2021-10-20 14:58:06 +01:00
parent 19589bef27 da412178ce
commit 7feab27bf4
4 changed files with 43 additions and 109 deletions
--- a/Management/NtohlArrayNoBound.qll
+++ b/Management/NtohlArrayNoBound.qll
@@ -126,13 +126,7 @@ class MallocSizeExpr extends BufferAccess, FunctionCall {
 }

 class NetworkFunctionCall extends FunctionCall {
-  NetworkFunctionCall() {
-    getTarget().hasName("ntohd") or
-    getTarget().hasName("ntohf") or
-    getTarget().hasName("ntohl") or
-    getTarget().hasName("ntohll") or
-    getTarget().hasName("ntohs")
-  }
+  NetworkFunctionCall() { getTarget().hasName(["ntohd", "ntohf", "ntohl", "ntohll", "ntohs"]) }
 }

 class NetworkToBufferSizeConfiguration extends DataFlow::Configuration {
--- a/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
+++ b/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
@@ -103,12 +103,7 @@ private predicate posixSystemInfo(FunctionCall source, Element use) {
  //  - various filesystem parameters
  // int uname(struct utsname *buf)
  //  - OS name and version
-  (
-    source.getTarget().hasName("confstr") or
-    source.getTarget().hasName("statvfs") or
-    source.getTarget().hasName("fstatvfs") or
-    source.getTarget().hasName("uname")
-  ) and
+  source.getTarget().hasName(["confstr", "statvfs", "fstatvfs", "uname"]) and
  use = source.getArgument(1)
 }

@@ -128,14 +123,9 @@ private predicate posixPWInfo(FunctionCall source, Element use) {
  // struct group  *getgrnam(const char *name);
  // struct group  *getgrgid(gid_t);
  // struct group  *getgrent(void);
-  (
-    source.getTarget().hasName("getpwnam") or
-    source.getTarget().hasName("getpwuid") or
-    source.getTarget().hasName("getpwent") or
-    source.getTarget().hasName("getgrnam") or
-    source.getTarget().hasName("getgrgid") or
-    source.getTarget().hasName("getgrent")
-  ) and
+  source
+      .getTarget()
+      .hasName(["getpwnam", "getpwuid", "getpwent", "getgrnam", "getgrgid", "getgrent"]) and
  use = source
  or
  // int getpwnam_r(const char *name, struct passwd *pwd,
@@ -146,31 +136,15 @@ private predicate posixPWInfo(FunctionCall source, Element use) {
  //                char *buf, size_t buflen, struct group **result);
  // int getgrnam_r(const char *name, struct group *grp,
  //                char *buf, size_t buflen, struct group **result);
-  (
-    source.getTarget().hasName("getpwnam_r") or
-    source.getTarget().hasName("getpwuid_r") or
-    source.getTarget().hasName("getgrgid_r") or
-    source.getTarget().hasName("getgrnam_r")
-  ) and
-  (
-    use = source.getArgument(1) or
-    use = source.getArgument(2) or
-    use = source.getArgument(4)
-  )
+  source.getTarget().hasName(["getpwnam_r", "getpwuid_r", "getgrgid_r", "getgrnam_r"]) and
+  use = source.getArgument([1, 2, 4])
  or
  // int getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize,
  //                struct passwd **result);
  // int getgrent_r(struct group *gbuf, char *buf,
  //                size_t buflen, struct group **gbufp);
-  (
-    source.getTarget().hasName("getpwent_r") or
-    source.getTarget().hasName("getgrent_r")
-  ) and
-  (
-    use = source.getArgument(0) or
-    use = source.getArgument(1) or
-    use = source.getArgument(3)
-  )
+  source.getTarget().hasName(["getpwent_r", "getgrent_r"]) and
+  use = source.getArgument([0, 1, 3])
 }

 /**
@@ -190,13 +164,11 @@ private predicate windowsSystemInfo(FunctionCall source, Element use) {
  // BOOL WINAPI GetVersionEx(_Inout_ LPOSVERSIONINFO lpVersionInfo);
  // void WINAPI GetSystemInfo(_Out_ LPSYSTEM_INFO lpSystemInfo);
  // void WINAPI GetNativeSystemInfo(_Out_ LPSYSTEM_INFO lpSystemInfo);
-  (
-    source.getTarget().hasGlobalName("GetVersionEx") or
-    source.getTarget().hasGlobalName("GetVersionExA") or
-    source.getTarget().hasGlobalName("GetVersionExW") or
-    source.getTarget().hasGlobalName("GetSystemInfo") or
-    source.getTarget().hasGlobalName("GetNativeSystemInfo")
-  ) and
+  source
+      .getTarget()
+      .hasGlobalName([
+          "GetVersionEx", "GetVersionExA", "GetVersionExW", "GetSystemInfo", "GetNativeSystemInfo"
+        ]) and
  use = source.getArgument(0)
 }

@@ -216,11 +188,11 @@ private predicate windowsFolderPath(FunctionCall source, Element use) {
  //   _In_  int    csidl,
  //   _In_  BOOL   fCreate
  // );
-  (
-    source.getTarget().hasGlobalName("SHGetSpecialFolderPath") or
-    source.getTarget().hasGlobalName("SHGetSpecialFolderPathA") or
-    source.getTarget().hasGlobalName("SHGetSpecialFolderPathW")
-  ) and
+  source
+      .getTarget()
+      .hasGlobalName([
+          "SHGetSpecialFolderPath", "SHGetSpecialFolderPathA", "SHGetSpecialFolderPathW"
+        ]) and
  use = source.getArgument(1)
  or
  // HRESULT SHGetKnownFolderPath(
@@ -239,11 +211,7 @@ private predicate windowsFolderPath(FunctionCall source, Element use) {
  //   _In_  DWORD  dwFlags,
  //   _Out_ LPTSTR pszPath
  // );
-  (
-    source.getTarget().hasGlobalName("SHGetFolderPath") or
-    source.getTarget().hasGlobalName("SHGetFolderPathA") or
-    source.getTarget().hasGlobalName("SHGetFolderPathW")
-  ) and
+  source.getTarget().hasGlobalName(["SHGetFolderPath", "SHGetFolderPathA", "SHGetFolderPathW"]) and
  use = source.getArgument(4)
  or
  // HRESULT SHGetFolderPathAndSubDir(
@@ -254,11 +222,11 @@ private predicate windowsFolderPath(FunctionCall source, Element use) {
  //   _In_  LPCTSTR pszSubDir,
  //   _Out_ LPTSTR  pszPath
  // );
-  (
-    source.getTarget().hasGlobalName("SHGetFolderPathAndSubDir") or
-    source.getTarget().hasGlobalName("SHGetFolderPathAndSubDirA") or
-    source.getTarget().hasGlobalName("SHGetFolderPathAndSubDirW")
-  ) and
+  source
+      .getTarget()
+      .hasGlobalName([
+          "SHGetFolderPathAndSubDir", "SHGetFolderPathAndSubDirA", "SHGetFolderPathAndSubDirW"
+        ]) and
  use = source.getArgument(5)
 }

@@ -273,11 +241,7 @@ class WindowsFolderPath extends SystemData {
 }

 private predicate logonUser(FunctionCall source, VariableAccess use) {
-  (
-    source.getTarget().hasGlobalName("LogonUser") or
-    source.getTarget().hasGlobalName("LogonUserW") or
-    source.getTarget().hasGlobalName("LogonUserA")
-  ) and
+  source.getTarget().hasGlobalName(["LogonUser", "LogonUserW", "LogonUserA"]) and
  use = source.getAnArgument()
 }

@@ -297,11 +261,7 @@ private predicate regQuery(FunctionCall source, VariableAccess use) {
  //   _Out_opt_   LPTSTR  lpValue,
  //   _Inout_opt_ PLONG   lpcbValue
  // );
-  (
-    source.getTarget().hasGlobalName("RegQueryValue") or
-    source.getTarget().hasGlobalName("RegQueryValueA") or
-    source.getTarget().hasGlobalName("RegQueryValueW")
-  ) and
+  source.getTarget().hasGlobalName(["RegQueryValue", "RegQueryValueA", "RegQueryValueW"]) and
  use = source.getArgument(2)
  or
  // LONG WINAPI RegQueryMultipleValues(
@@ -311,11 +271,11 @@ private predicate regQuery(FunctionCall source, VariableAccess use) {
  //   _Out_opt_   LPTSTR  lpValueBuf,
  //   _Inout_opt_ LPDWORD ldwTotsize
  // );
-  (
-    source.getTarget().hasGlobalName("RegQueryMultipleValues") or
-    source.getTarget().hasGlobalName("RegQueryMultipleValuesA") or
-    source.getTarget().hasGlobalName("RegQueryMultipleValuesW")
-  ) and
+  source
+      .getTarget()
+      .hasGlobalName([
+          "RegQueryMultipleValues", "RegQueryMultipleValuesA", "RegQueryMultipleValuesW"
+        ]) and
  use = source.getArgument(3)
  or
  // LONG WINAPI RegQueryValueEx(
@@ -326,11 +286,7 @@ private predicate regQuery(FunctionCall source, VariableAccess use) {
  //   _Out_opt_   LPBYTE  lpData,
  //   _Inout_opt_ LPDWORD lpcbData
  // );
-  (
-    source.getTarget().hasGlobalName("RegQueryValueEx") or
-    source.getTarget().hasGlobalName("RegQueryValueExA") or
-    source.getTarget().hasGlobalName("RegQueryValueExW")
-  ) and
+  source.getTarget().hasGlobalName(["RegQueryValueEx", "RegQueryValueExA", "RegQueryValueExW"]) and
  use = source.getArgument(4)
  or
  // LONG WINAPI RegGetValue(
@@ -342,11 +298,7 @@ private predicate regQuery(FunctionCall source, VariableAccess use) {
  //   _Out_opt_   PVOID   pvData,
  //   _Inout_opt_ LPDWORD pcbData
  // );
-  (
-    source.getTarget().hasGlobalName("RegGetValue") or
-    source.getTarget().hasGlobalName("RegGetValueA") or
-    source.getTarget().hasGlobalName("RegGetValueW")
-  ) and
+  source.getTarget().hasGlobalName(["RegGetValue", "RegGetValueA", "RegGetValueW"]) and
  use = source.getArgument(5)
 }

@@ -408,12 +360,7 @@ private predicate socketOutput(FunctionCall call, Expr data) {
    //                const struct sockaddr *dest_addr, socklen_t addrlen);
    // ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags);
    // int write(int handle, void *buffer, int nbyte);
-    (
-      call.getTarget().hasGlobalName("send") or
-      call.getTarget().hasGlobalName("sendto") or
-      call.getTarget().hasGlobalName("sendmsg") or
-      call.getTarget().hasGlobalName("write")
-    ) and
+    call.getTarget().hasGlobalName(["send", "sendto", "sendmsg", "write"]) and
    data = call.getArgument(1) and
    socketFileDescriptor(call.getArgument(0))
  )
--- a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
@@ -44,14 +44,13 @@ class SetuidLikeWrapperCall extends FunctionCall {

 class CallBeforeSetuidFunctionCall extends FunctionCall {
  CallBeforeSetuidFunctionCall() {
-    (
-      getTarget().hasGlobalName("setgid") or
-      getTarget().hasGlobalName("setresgid") or
-      // Compatibility may require skipping initgroups and setgroups return checks.
-      // A stricter best practice is to check the result and errnor for EPERM.
-      getTarget().hasGlobalName("initgroups") or
-      getTarget().hasGlobalName("setgroups")
-    ) and
+    getTarget()
+        .hasGlobalName([
+            "setgid", "setresgid",
+            // Compatibility may require skipping initgroups and setgroups return checks.
+            // A stricter best practice is to check the result and errnor for EPERM.
+            "initgroups", "setgroups"
+          ]) and
    // setgid/setresgid/etc with the root group are false positives.
    not argumentMayBeRoot(getArgument(0))
  }
--- a/cpp/ql/src/jsf/4.28
+++ b/cpp/ql/src/jsf/4.28
@@ -15,13 +15,7 @@ import cpp

 from Element u, ArithmeticType at
 where
-  (
-    at.hasName("int") or
-    at.hasName("short") or
-    at.hasName("long") or
-    at.hasName("float") or
-    at.hasName("double")
-  ) and
+  at.hasName(["int", "short", "long", "float", "double"]) and
  u = at.getATypeNameUse() and
  not at instanceof WideCharType
 select u, "AV Rule 209: The basic types of int, short, long, float and double shall not be used."