Merge pull request #7668 from erik-krogh/simplify-casts

simplify expressions that could be type-casts

java/ql/src/Architecture/Dependencies/UnusedMavenDependencyBinary.ql

@@ -23,7 +23,7 @@ where
   source.getADependency() = d and
   // There is not a Pom file for the target of this dependency, so we assume that it was resolved by
   // a binary file in the local maven repository.
-  not exists(Pom target | target = d.getPom()) and
+  not exists(d.getPom()) and
   // In order to accurately identify whether this binary dependency is required, we must have identified
   // a Maven repository. If we have not found a repository, it's likely that it has a custom path of
   // which we are unaware, so do not report any problems.

java/ql/src/DeadCode/DeadField.ql

@@ -16,12 +16,9 @@ import semmle.code.java.deadcode.DeadCode
 from DeadField f, Element origin, string reason
 where
   not f.isInDeadScope() and
-  if exists(FieldRead read | read = f.getAnAccess())
+  if f.getAnAccess() instanceof FieldRead
   then (
-    if
-      exists(DeadRoot root |
-        root = getADeadRoot(f.getAnAccess().(FieldRead).getEnclosingCallable())
-      )
+    if exists(getADeadRoot(f.getAnAccess().(FieldRead).getEnclosingCallable()))
     then (
       origin = getADeadRoot(f.getAnAccess().(FieldRead).getEnclosingCallable()) and
       reason = " is only read from dead code originating at $@."

java/ql/src/Frameworks/Spring/Violations of Best Practice/UseSetterInjection.ql

@@ -14,5 +14,5 @@ import java
 import semmle.code.java.frameworks.spring.Spring
 
 from SpringBean b
-where exists(SpringConstructorArg carg | b.getASpringChild() = carg)
+where b.getASpringChild() instanceof SpringConstructorArg
 select b, "Use setter injection instead of constructor injection."

java/ql/src/Frameworks/Spring/Violations of Best Practice/UseShortcutForms.ql

@@ -15,12 +15,12 @@ import semmle.code.java.frameworks.spring.Spring
 class SpringConstructorArgUseShortcut extends SpringConstructorArg {
   SpringConstructorArgUseShortcut() {
     not this.hasArgValueString() and
-    exists(SpringValue val | val = this.getASpringChild())
+    this.getASpringChild() instanceof SpringValue
   }
 
   string getMessage() {
     not this.hasArgValueString() and
-    exists(SpringValue val | val = this.getASpringChild()) and
+    this.getASpringChild() instanceof SpringValue and
     result = "Use the shortcut \"value\" attribute instead of a nested <value> element."
   }
 }
@@ -28,12 +28,12 @@ class SpringConstructorArgUseShortcut extends SpringConstructorArg {
 class SpringEntryUseShortcut extends SpringEntry {
   SpringEntryUseShortcut() {
     not this.hasValueStringRaw() and
-    exists(SpringValue val | val = this.getASpringChild())
+    this.getASpringChild() instanceof SpringValue
   }
 
   string getMessage() {
     not this.hasValueStringRaw() and
-    exists(SpringValue val | val = this.getASpringChild()) and
+    this.getASpringChild() instanceof SpringValue and
     result = "Use the shortcut \"value\" attribute instead of a nested <value> element."
   }
 }
@@ -41,12 +41,12 @@ class SpringEntryUseShortcut extends SpringEntry {
 class SpringPropertyUseShortcut extends SpringProperty {
   SpringPropertyUseShortcut() {
     not this.hasPropertyValueString() and
-    exists(SpringValue val | val = this.getASpringChild())
+    this.getASpringChild() instanceof SpringValue
   }
 
   string getMessage() {
     not this.hasPropertyValueString() and
-    exists(SpringValue val | val = this.getASpringChild()) and
+    this.getASpringChild() instanceof SpringValue and
     result = "Use the shortcut \"value\" attribute instead of a nested <value> element."
   }
 }

java/ql/src/Likely Bugs/Cloning/MissingMethodClone.ql

@@ -16,7 +16,7 @@ from Class t, TypeCloneable cloneable
 where
   t.hasSupertype+(cloneable) and
   not t.isAbstract() and
-  not exists(CloneMethod m | t.getAMethod() = m) and
+  not t.getAMethod() instanceof CloneMethod and
   exists(Field f | f.getDeclaringType() = t and not f.isStatic()) and
   t.fromSource()
 select t, "No clone method, yet implements Cloneable."

java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql

@@ -23,5 +23,5 @@ class WaitMethod extends Method {
 from MethodAccess ma
 where
   ma.getMethod() instanceof WaitMethod and
-  not exists(LoopStmt s | ma.getEnclosingStmt().getEnclosingStmt*() = s)
+  not ma.getEnclosingStmt().getEnclosingStmt*() instanceof LoopStmt
 select ma, "To avoid spurious wake-ups, 'wait' should only be called inside a loop."

java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql

@@ -21,5 +21,5 @@ where
     not f.isStatic() or
     not f.getType().hasName("long")
   ) and
-  exists(TypeSerializable serializable | f.getDeclaringType().getASupertype+() = serializable)
+  f.getDeclaringType().getASupertype+() instanceof TypeSerializable
 select f, "serialVersionUID should be final, static, and of type long."

java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql

@@ -14,7 +14,7 @@
 import java
 import semmle.code.java.JDKAnnotations
 
-predicate isSerializable(RefType t) { exists(TypeSerializable ts | ts = t.getASupertype*()) }
+predicate isSerializable(RefType t) { t.getASupertype*() instanceof TypeSerializable }
 
 predicate withinStaticContext(NestedClass c) {
   c.isStatic() or

java/ql/src/Violations of Best Practice/Implementation Hiding/StaticArray.ql

@@ -16,7 +16,7 @@ predicate nonEmptyArrayLiteralOrNull(Expr e) {
   exists(ArrayCreationExpr arr | arr = e |
     // Array initializer expressions such as `{1, 2, 3}`.
     // Array is empty if the initializer expression is empty.
-    exists(Expr arrayValue | arrayValue = arr.getInit().getAnInit())
+    exists(arr.getInit().getAnInit())
     or
     // Array creation with dimensions (but without initializers).
     // Empty if the first dimension is 0.

java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql

@@ -58,7 +58,7 @@ where
   not m.getParameterType(_) instanceof HttpServletResponse and
   // A spring request mapping method which does not have response body annotation applied to it
   m.getAnAnnotation().getType() instanceof SpringRequestMappingAnnotationType and
-  not exists(SpringResponseBodyAnnotationType t | t = m.getAnAnnotation().getType()) and
+  not m.getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType and
   // `@RestController` inherits `@ResponseBody` internally so it should be ignored.
   not m.getDeclaringType() instanceof SpringRestController
 select m, "This method may be vulnerable to spring view manipulation vulnerabilities"

java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSource.qll

@@ -32,9 +32,7 @@ class GetContentIntent extends ClassInstanceExpr {
 class GetContentIntentConfig extends TaintTracking2::Configuration {
   GetContentIntentConfig() { this = "GetContentIntentConfig" }
 
-  override predicate isSource(DataFlow2::Node src) {
-    exists(GetContentIntent gi | src.asExpr() = gi)
-  }
+  override predicate isSource(DataFlow2::Node src) { src.asExpr() instanceof GetContentIntent }
 
   override predicate isSink(DataFlow2::Node sink) {
     exists(MethodAccess ma |

java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql

@@ -52,7 +52,7 @@ class KeyGeneratorInitConfiguration extends TaintTracking::Configuration {
   KeyGeneratorInitConfiguration() { this = "KeyGeneratorInitConfiguration" }
 
   override predicate isSource(DataFlow::Node source) {
-    exists(JavaxCryptoKeyGenerator jcg | jcg = source.asExpr())
+    source.asExpr() instanceof JavaxCryptoKeyGenerator
   }
 
   override predicate isSink(DataFlow::Node sink) {
@@ -68,7 +68,7 @@ class KeyPairGeneratorInitConfiguration extends TaintTracking::Configuration {
   KeyPairGeneratorInitConfiguration() { this = "KeyPairGeneratorInitConfiguration" }
 
   override predicate isSource(DataFlow::Node source) {
-    exists(JavaSecurityKeyPairGenerator jkg | jkg = source.asExpr())
+    source.asExpr() instanceof JavaSecurityKeyPairGenerator
   }
 
   override predicate isSink(DataFlow::Node sink) {