Apply getItem(_) and extend verifiesSignature readability

python/ql/src/experimental/semmle/python/libraries/Authlib.qll

@@ -42,7 +42,7 @@ private module Authlib {
 
     override DataFlow::Node getAlgorithm() {
       exists(KeyValuePair headerDict |
-        headerDict = this.getArg(0).asExpr().(Dict).getItems().getAnItem() and
+        headerDict = this.getArg(0).asExpr().(Dict).getItem(_) and
         headerDict.getKey().(Str_).getS().matches("alg") and
         result.asExpr() = headerDict.getValue()
       )

python/ql/src/experimental/semmle/python/libraries/PyJWT.qll

@@ -101,7 +101,7 @@ private module PyJWT {
     predicate hasVerifySignatureSetToFalse() {
       exists(KeyValuePair optionsDict, NameConstant falseName |
         falseName.getId() = "False" and
-        optionsDict = this.getOptions().asExpr().(Dict).getItems().getAnItem() and
+        optionsDict = this.getOptions().asExpr().(Dict).getItem(_) and
         optionsDict.getKey().(Str_).getS().matches("%verify%") and
         falseName = optionsDict.getValue()
       )

python/ql/src/experimental/semmle/python/libraries/PythonJose.qll

@@ -88,12 +88,18 @@ private module PythonJose {
 
     override predicate verifiesSignature() {
       // jwt.decode(token, "key", "HS256")
-      not exists(this.getOptions())
+      this.hasNoOptions()
       or
       // jwt.decode(token, key, options={"verify_signature": False})
-      not exists(KeyValuePair optionsDict, NameConstant falseName |
+      not this.hasVerifySignatureSetToFalse()
+    }
+
+    predicate hasNoOptions() { not exists(this.getOptions()) }
+
+    predicate hasVerifySignatureSetToFalse() {
+      exists(KeyValuePair optionsDict, NameConstant falseName |
         falseName.getId() = "False" and
-        optionsDict = this.getOptions().asExpr().(Dict).getItems().getAnItem() and
+        optionsDict = this.getOptions().asExpr().(Dict).getItem(_) and
         optionsDict.getKey().(Str_).getS().matches("%verify%") and
         falseName = optionsDict.getValue()
       )