From 9d63efe495353ed31283260c3c8e666a6bdb24ec Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Wed, 13 Oct 2021 17:47:01 +0100
Subject: [PATCH] Python: Set literals.

---
 .../python/concepts/CryptoAlgorithms.qll      | 71 +++++--------------
 .../ql/lib/semmle/python/objects/TObject.qll  | 29 +++-----
 .../lib/semmle/python/security/ClearText.qll  |  6 +-
 .../python/security/injection/Command.qll     | 12 +---
 4 files changed, 29 insertions(+), 89 deletions(-)

diff --git a/python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll b/python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll
index a5bfd6696be..4b3c5f2a49f 100644
--- a/python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll
+++ b/python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll
@@ -15,72 +15,35 @@
  */
 private module AlgorithmNames {
   predicate isStrongHashingAlgorithm(string name) {
-    name = "DSA" or
-    name = "ED25519" or
-    name = "ES256" or
-    name = "ECDSA256" or
-    name = "ES384" or
-    name = "ECDSA384" or
-    name = "ES512" or
-    name = "ECDSA512" or
-    name = "SHA2" or
-    name = "SHA224" or
-    name = "SHA256" or
-    name = "SHA384" or
-    name = "SHA512" or
-    name = "SHA3" or
-    name = "SHA3224" or
-    name = "SHA3256" or
-    name = "SHA3384" or
-    name = "SHA3512"
+    name =
+      [
+        "DSA", "ED25519", "ES256", "ECDSA256", "ES384", "ECDSA384", "ES512", "ECDSA512", "SHA2",
+        "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "SHA3224", "SHA3256", "SHA3384", "SHA3512"
+      ]
   }
 
   predicate isWeakHashingAlgorithm(string name) {
-    name = "HAVEL128" or
-    name = "MD2" or
-    name = "MD4" or
-    name = "MD5" or
-    name = "PANAMA" or
-    name = "RIPEMD" or
-    name = "RIPEMD128" or
-    name = "RIPEMD256" or
-    name = "RIPEMD160" or
-    name = "RIPEMD320" or
-    name = "SHA0" or
-    name = "SHA1"
+    name =
+      [
+        "HAVEL128", "MD2", "MD4", "MD5", "PANAMA", "RIPEMD", "RIPEMD128", "RIPEMD256", "RIPEMD160",
+        "RIPEMD320", "SHA0", "SHA1"
+      ]
   }
 
   predicate isStrongEncryptionAlgorithm(string name) {
-    name = "AES" or
-    name = "AES128" or
-    name = "AES192" or
-    name = "AES256" or
-    name = "AES512" or
-    name = "RSA" or
-    name = "RABBIT" or
-    name = "BLOWFISH"
+    name = ["AES", "AES128", "AES192", "AES256", "AES512", "RSA", "RABBIT", "BLOWFISH"]
   }
 
   predicate isWeakEncryptionAlgorithm(string name) {
-    name = "DES" or
-    name = "3DES" or
-    name = "TRIPLEDES" or
-    name = "TDEA" or
-    name = "TRIPLEDEA" or
-    name = "ARC2" or
-    name = "RC2" or
-    name = "ARC4" or
-    name = "RC4" or
-    name = "ARCFOUR" or
-    name = "ARC5" or
-    name = "RC5"
+    name =
+      [
+        "DES", "3DES", "TRIPLEDES", "TDEA", "TRIPLEDEA", "ARC2", "RC2", "ARC4", "RC4", "ARCFOUR",
+        "ARC5", "RC5"
+      ]
   }
 
   predicate isStrongPasswordHashingAlgorithm(string name) {
-    name = "ARGON2" or
-    name = "PBKDF2" or
-    name = "BCRYPT" or
-    name = "SCRYPT"
+    name = ["ARGON2", "PBKDF2", "BCRYPT", "SCRYPT"]
   }
 
   predicate isWeakPasswordHashingAlgorithm(string name) { none() }
diff --git a/python/ql/lib/semmle/python/objects/TObject.qll b/python/ql/lib/semmle/python/objects/TObject.qll
index d83d47af1ee..99eb05aa795 100644
--- a/python/ql/lib/semmle/python/objects/TObject.qll
+++ b/python/ql/lib/semmle/python/objects/TObject.qll
@@ -387,7 +387,7 @@ private predicate concrete_class(PythonClassObjectInternal cls) {
       not exists(Raise r, Name ex |
         r.getScope() = f and
         (r.getException() = ex or r.getException().(Call).getFunc() = ex) and
-        (ex.getId() = "NotImplementedError" or ex.getId() = "NotImplemented")
+        ex.getId() = ["NotImplementedError", "NotImplemented"]
       )
     )
   )
@@ -437,11 +437,7 @@ predicate missing_imported_module(ControlFlowNode imp, Context ctx, string name)
  * Helper for missing modules to determine if name `x.y` is a module `x.y` or
  * an attribute `y` of module `x`. This list should be added to as required.
  */
-predicate common_module_name(string name) {
-  name = "zope.interface"
-  or
-  name = "six.moves"
-}
+predicate common_module_name(string name) { name = ["zope.interface", "six.moves"] }
 
 /**
  * A declaration of a class, either a built-in class or a source definition
@@ -482,16 +478,11 @@ library class ClassDecl extends @py_object {
    */
   predicate isSpecial() {
     exists(string name | this = Builtin::special(name) |
-      name = "type" or
-      name = "super" or
-      name = "bool" or
-      name = "NoneType" or
-      name = "tuple" or
-      name = "property" or
-      name = "ClassMethod" or
-      name = "StaticMethod" or
-      name = "MethodType" or
-      name = "ModuleType"
+      name =
+        [
+          "type", "super", "bool", "NoneType", "tuple", "property", "ClassMethod", "StaticMethod",
+          "MethodType", "ModuleType"
+        ]
     )
   }
 
@@ -514,11 +505,7 @@ library class ClassDecl extends @py_object {
 
   /** Holds if this class is the abstract base class */
   predicate isAbstractBaseClass(string name) {
-    exists(Module m |
-      m.getName() = "_abcoll"
-      or
-      m.getName() = "_collections_abc"
-    |
+    exists(Module m | m.getName() = ["_abcoll", "_collections_abc"] |
       this.getClass().getScope() = m and
       this.getName() = name
     )
diff --git a/python/ql/lib/semmle/python/security/ClearText.qll b/python/ql/lib/semmle/python/security/ClearText.qll
index 8e964d19386..9905040da18 100644
--- a/python/ql/lib/semmle/python/security/ClearText.qll
+++ b/python/ql/lib/semmle/python/security/ClearText.qll
@@ -47,11 +47,7 @@ module ClearTextLogging {
         meth.getObject(name).(NameNode).getId().matches("logg%") and
         call.getAnArg() = this
       |
-        name = "error" or
-        name = "warn" or
-        name = "warning" or
-        name = "debug" or
-        name = "info"
+        name = ["error", "warn", "warning", "debug", "info"]
       )
     }
   }
diff --git a/python/ql/lib/semmle/python/security/injection/Command.qll b/python/ql/lib/semmle/python/security/injection/Command.qll
index 3ed453268ee..6e4bb490fa4 100644
--- a/python/ql/lib/semmle/python/security/injection/Command.qll
+++ b/python/ql/lib/semmle/python/security/injection/Command.qll
@@ -14,17 +14,12 @@ import semmle.python.security.strings.Untrusted
 abstract class CommandSink extends TaintSink { }
 
 private ModuleObject osOrPopenModule() {
-  result.getName() = "os" or
-  result.getName() = "popen2"
+  result.getName() = ["os", "popen2"]
 }
 
 private Object makeOsCall() {
   exists(string name | result = ModuleObject::named("subprocess").attr(name) |
-    name = "Popen" or
-    name = "call" or
-    name = "check_call" or
-    name = "check_output" or
-    name = "run"
+    name = ["Popen", "call", "check_call", "check_output", "run"]
   )
 }
 
@@ -65,8 +60,7 @@ class ShellCommand extends CommandSink {
       call.getAnArg() = this and
       call.getFunction().refersTo(osOrPopenModule().attr(name))
     |
-      name = "system" or
-      name = "popen" or
+      name = ["system", "popen"] or
       name.matches("popen_")
     )
     or