Java/C#/GO: Use instanceof in more places

go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll

@@ -106,24 +106,20 @@ module ControlFlow {
    * A control-flow node that initializes or updates the value of a constant, a variable,
    * a field, or an (array, slice, or map) element.
    */
-  class WriteNode extends Node {
-    IR::WriteInstruction self;
-
-    WriteNode() { this = self }
-
+  class WriteNode extends Node instanceof IR::WriteInstruction {
     /** Gets the left-hand side of this write. */
-    IR::WriteTarget getLhs() { result = self.getLhs() }
+    IR::WriteTarget getLhs() { result = super.getLhs() }
 
     /** Gets the right-hand side of this write. */
-    DataFlow::Node getRhs() { self.getRhs() = result.asInstruction() }
+    DataFlow::Node getRhs() { super.getRhs() = result.asInstruction() }
 
     /** Holds if this node sets variable or constant `v` to `rhs`. */
-    predicate writes(ValueEntity v, DataFlow::Node rhs) { self.writes(v, rhs.asInstruction()) }
+    predicate writes(ValueEntity v, DataFlow::Node rhs) { super.writes(v, rhs.asInstruction()) }
 
     /** Holds if this node defines SSA variable `v` to be `rhs`. */
     predicate definesSsaVariable(SsaVariable v, DataFlow::Node rhs) {
-      self.getLhs().asSsaVariable() = v and
-      self.getRhs() = rhs.asInstruction()
+      super.getLhs().asSsaVariable() = v and
+      super.getRhs() = rhs.asInstruction()
     }
 
     /**
@@ -136,13 +132,13 @@ module ControlFlow {
      * node corresponding to `newWidth`.
      */
     predicate writesField(DataFlow::Node base, Field f, DataFlow::Node rhs) {
-      exists(IR::FieldTarget trg | trg = self.getLhs() |
+      exists(IR::FieldTarget trg | trg = super.getLhs() |
         (
           trg.getBase() = base.asInstruction() or
           trg.getBase() = MkImplicitDeref(base.asExpr())
         ) and
         trg.getField() = f and
-        self.getRhs() = rhs.asInstruction()
+        super.getRhs() = rhs.asInstruction()
       )
     }
 
@@ -156,13 +152,13 @@ module ControlFlow {
      * is the data-flow node corresponding to `base`.
      */
     predicate writesElement(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) {
-      exists(IR::ElementTarget trg | trg = self.getLhs() |
+      exists(IR::ElementTarget trg | trg = super.getLhs() |
         (
           trg.getBase() = base.asInstruction() or
           trg.getBase() = MkImplicitDeref(base.asExpr())
         ) and
         trg.getIndex() = index.asInstruction() and
-        self.getRhs() = rhs.asInstruction()
+        super.getRhs() = rhs.asInstruction()
       )
     }
 

go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll

@@ -37,9 +37,7 @@ module CommandInjection {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A source of untrusted data, considered as a taint source for command injection. */
-  class UntrustedFlowAsSource extends Source {
-    UntrustedFlowAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
 
   /** A command name, considered as a taint sink for command injection. */
   class CommandNameAsSink extends Sink {

go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll

@@ -33,9 +33,7 @@ module LogInjection {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A source of untrusted data, considered as a taint source for log injection. */
-  class UntrustedFlowAsSource extends Source {
-    UntrustedFlowAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
 
   /** An argument to a logging mechanism. */
   class LoggerSink extends Sink {

go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll

@@ -117,9 +117,7 @@ module OpenUrlRedirect {
 }
 
 /** A sink for an open redirect, considered as a sink for safe URL flow. */
-private class SafeUrlSink extends SafeUrlFlow::Sink {
-  SafeUrlSink() { this instanceof OpenUrlRedirect::Sink }
-}
+private class SafeUrlSink extends SafeUrlFlow::Sink instanceof OpenUrlRedirect::Sink { }
 
 /**
  * A read of a field considered unsafe to redirect to, considered as a sanitizer for a safe

go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll

@@ -27,9 +27,7 @@ module ReflectedXss {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A shared XSS sanitizer as a sanitizer for reflected XSS. */
-  private class SharedXssSanitizer extends Sanitizer {
-    SharedXssSanitizer() { this instanceof SharedXss::Sanitizer }
-  }
+  private class SharedXssSanitizer extends Sanitizer instanceof SharedXss::Sanitizer { }
 
   /** A shared XSS sanitizer guard as a sanitizer guard for reflected XSS. */
   deprecated private class SharedXssSanitizerGuard extends SanitizerGuard {
@@ -46,7 +44,5 @@ module ReflectedXss {
   class UntrustedFlowAsSource extends Source, UntrustedFlowSource { }
 
   /** An arbitrary XSS sink, considered as a flow sink for stored XSS. */
-  private class AnySink extends Sink {
-    AnySink() { this instanceof SharedXss::Sink }
-  }
+  private class AnySink extends Sink instanceof SharedXss::Sink { }
 }

go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll

@@ -102,9 +102,7 @@ module RequestForgery {
 }
 
 /** A sink for request forgery, considered as a sink for safe URL flow. */
-private class SafeUrlSink extends SafeUrlFlow::Sink {
-  SafeUrlSink() { this instanceof RequestForgery::Sink }
-}
+private class SafeUrlSink extends SafeUrlFlow::Sink instanceof RequestForgery::Sink { }
 
 /**
  * A read of a field considered unsafe for request forgery, considered as a sanitizer for a safe

go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll

@@ -33,17 +33,11 @@ module SqlInjection {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A source of untrusted data, considered as a taint source for SQL injection. */
-  class UntrustedFlowAsSource extends Source {
-    UntrustedFlowAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
 
   /** An SQL string, considered as a taint sink for SQL injection. */
-  class SqlQueryAsSink extends Sink {
-    SqlQueryAsSink() { this instanceof SQL::QueryString }
-  }
+  class SqlQueryAsSink extends Sink instanceof SQL::QueryString { }
 
   /** A NoSql query, considered as a taint sink for SQL injection. */
-  class NoSqlQueryAsSink extends Sink {
-    NoSqlQueryAsSink() { this instanceof NoSql::Query }
-  }
+  class NoSqlQueryAsSink extends Sink instanceof NoSql::Query { }
 }

go/ql/lib/semmle/go/security/StoredXssCustomizations.qll

@@ -24,9 +24,7 @@ module StoredXss {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A shared XSS sanitizer as a sanitizer for stored XSS. */
-  private class SharedXssSanitizer extends Sanitizer {
-    SharedXssSanitizer() { this instanceof SharedXss::Sanitizer }
-  }
+  private class SharedXssSanitizer extends Sanitizer instanceof SharedXss::Sanitizer { }
 
   /** A shared XSS sanitizer guard as a sanitizer guard for stored XSS. */
   deprecated private class SharedXssSanitizerGuard extends SanitizerGuard {
@@ -59,7 +57,5 @@ module StoredXss {
   }
 
   /** An arbitrary XSS sink, considered as a flow sink for stored XSS. */
-  private class AnySink extends Sink {
-    AnySink() { this instanceof SharedXss::Sink }
-  }
+  private class AnySink extends Sink instanceof SharedXss::Sink { }
 }

go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll

@@ -61,9 +61,7 @@ module TaintedPath {
   }
 
   /** A source of untrusted data, considered as a taint source for path traversal. */
-  class UntrustedFlowAsSource extends Source {
-    UntrustedFlowAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
 
   /** A path expression, considered as a taint sink for path traversal. */
   class PathAsSink extends Sink {

go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll

@@ -32,12 +32,8 @@ module XPathInjection {
   abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
 
   /** A source of untrusted data, used in an XPath expression. */
-  class UntrustedFlowAsSource extends Source {
-    UntrustedFlowAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
 
   /** An XPath expression string, considered as a taint sink for XPath injection. */
-  class XPathExpressionStringAsSink extends Sink {
-    XPathExpressionStringAsSink() { this instanceof XPath::XPathExpressionString }
-  }
+  class XPathExpressionStringAsSink extends Sink instanceof XPath::XPathExpressionString { }
 }

go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll

@@ -73,9 +73,8 @@ module ZipSlip {
   }
 
   /** A path-traversal sink, considered as a taint sink for zip slip. */
-  class TaintedPathSinkAsSink extends Sink {
+  class TaintedPathSinkAsSink extends Sink instanceof TaintedPath::Sink {
     TaintedPathSinkAsSink() {
-      this instanceof TaintedPath::Sink and
       // Exclude `os.Symlink`, which is treated specifically in query `go/unsafe-unzip-symlink`.
       not exists(DataFlow::CallNode c | c.getTarget().hasQualifiedName("os", "Symlink") |
         this = c.getAnArgument()
@@ -84,9 +83,7 @@ module ZipSlip {
   }
 
   /** A path-traversal sanitizer, considered as a sanitizer for zip slip. */
-  class TaintedPathSanitizerAsSanitizer extends Sanitizer {
-    TaintedPathSanitizerAsSanitizer() { this instanceof TaintedPath::Sanitizer }
-  }
+  class TaintedPathSanitizerAsSanitizer extends Sanitizer instanceof TaintedPath::Sanitizer { }
 
   pragma[noinline]
   private predicate taintedPathGuardChecks(

go/ql/src/AlertSuppression.ql

@@ -49,9 +49,7 @@ class SuppressionComment extends Locatable {
 /**
  * The scope of an alert suppression comment.
  */
-class SuppressionScope extends @locatable {
-  SuppressionScope() { this instanceof SuppressionComment }
-
+class SuppressionScope extends @locatable instanceof SuppressionComment {
   /** Gets a suppression comment with this scope. */
   SuppressionComment getSuppressionComment() { result = this }
 
@@ -65,7 +63,7 @@ class SuppressionScope extends @locatable {
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.(SuppressionComment).covers(filepath, startline, startcolumn, endline, endcolumn)
+    super.covers(filepath, startline, startcolumn, endline, endcolumn)
   }
 
   /** Gets a textual representation of this element. */

go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll

@@ -17,14 +17,10 @@ module EmailInjection {
   abstract class Sink extends DataFlow::Node { }
 
   /** A source of untrusted data, considered as a taint source for email injection. */
-  class UntrustedFlowSourceAsSource extends Source {
-    UntrustedFlowSourceAsSource() { this instanceof UntrustedFlowSource }
-  }
+  class UntrustedFlowSourceAsSource extends Source instanceof UntrustedFlowSource { }
 
   /**
    * A data-flow node that becomes part of an email considered as a taint sink for email injection.
    */
-  class MailDataAsSink extends Sink {
-    MailDataAsSink() { this instanceof EmailData }
-  }
+  class MailDataAsSink extends Sink instanceof EmailData { }
 }