Apply suggestions from code review

2026-05-01 03:35:13 +02:00 · 2021-06-25 12:16:54 +02:00
parent be57aeccf2
commit a79356e316
1 changed files with 15 additions and 13 deletions
--- a/java/ql/src/semmle/code/java/security/SecurityFlag.qll
+++ b/java/ql/src/semmle/code/java/security/SecurityFlag.qll
@@ -15,32 +15,34 @@ abstract class FlagKind extends string {
  FlagKind() { any() }

  /**
-   * Returns a flag name of this type.
+   * Gets a flag name of this type.
   */
  bindingset[result]
  abstract string getAFlagName();

  /** Gets a node representing a (likely) security flag. */
  DataFlow::Node getAFlag() {
-    exists(VarAccess v | v.getVariable().getName() = getAFlagName() |
-      result.asExpr() = v and v.getType() instanceof FlagType
+    exists(DataFlow::Node flag |
+      exists(VarAccess v | v.getVariable().getName() = getAFlagName() |
+        flag.asExpr() = v and v.getType() instanceof FlagType
+      )
+      or
+      exists(StringLiteral s | s.getRepresentedString() = getAFlagName() | flag.asExpr() = s)
+      or
+      exists(MethodAccess ma | ma.getMethod().getName() = getAFlagName() |
+        flag.asExpr() = ma and
+        ma.getType() instanceof FlagType
+      )
+    |
+      flagFlowStep*(flag, result)
    )
-    or
-    exists(StringLiteral s | s.getRepresentedString() = getAFlagName() | result.asExpr() = s)
-    or
-    exists(MethodAccess ma | ma.getMethod().getName() = getAFlagName() |
-      result.asExpr() = ma and
-      ma.getType() instanceof FlagType
-    )
-    or
-    flagFlowStep*(getAFlag(), result)
  }
 }

 /**
 * Flags suggesting an optional feature, perhaps deliberately insecure.
 */
-class SecurityFeatureFlag extends FlagKind {
+private class SecurityFeatureFlag extends FlagKind {
  SecurityFeatureFlag() { this = "SecurityFeatureFlag" }

  bindingset[result]