Py/JS/RB: Use instanceof in more places

2026-04-29 10:45:15 +02:00 · 2022-12-12 16:06:57 +01:00
parent 4ff823c36b
commit b3a9c1ca06
88 changed files with 256 additions and 574 deletions
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
@@ -1289,9 +1289,7 @@ private module PostUpdateNodes {
 private import PostUpdateNodes

 /** A node that performs a type cast. */
-class CastNode extends Node {
-  CastNode() { this instanceof ReturningNode }
-}
+class CastNode extends Node instanceof ReturningNode { }

 class DataFlowExpr = CfgNodes::ExprCfgNode;

--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
@@ -62,11 +62,8 @@ class OpenUriRequest extends Http::Client::Request::Range, DataFlow::CallNode {
 * Kernel.open("http://example.com").read
 * ```
 */
-class OpenUriKernelOpenRequest extends Http::Client::Request::Range, DataFlow::CallNode {
-  OpenUriKernelOpenRequest() {
-    this instanceof KernelMethodCall and
-    this.getMethodName() = "open"
-  }
+class OpenUriKernelOpenRequest extends Http::Client::Request::Range, DataFlow::CallNode instanceof KernelMethodCall {
+  OpenUriKernelOpenRequest() { this.getMethodName() = "open" }

  override DataFlow::Node getAUrlPart() { result = this.getArgument(0) }

--- a/ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll
@@ -30,9 +30,7 @@ module CommandInjection {
  abstract class Sanitizer extends DataFlow::Node { }

  /** A source of remote user input, considered as a flow source for command injection. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
    override string getSourceType() { result = "user-provided value" }
  }

--- a/ruby/ql/lib/codeql/ruby/security/ConditionalBypassCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/ConditionalBypassCustomizations.qll
@@ -37,9 +37,7 @@ module ConditionalBypass {
   * A source of remote user input, considered as a flow source for bypass of
   * sensitive action guards.
   */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }

  /**
   * A conditional that guards a sensitive action, e.g. `ok` in `if (ok) login()`.
--- a/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/HardcodedDataInterpretedAsCodeCustomizations.qll
@@ -87,9 +87,7 @@ module HardcodedDataInterpretedAsCode {
  /**
   * A code injection sink; hard-coded data should not flow here.
   */
-  private class DefaultCodeInjectionSink extends Sink {
-    DefaultCodeInjectionSink() { this instanceof CodeInjection::Sink }
-
+  private class DefaultCodeInjectionSink extends Sink instanceof CodeInjection::Sink {
    override string getKind() { result = "code" }
  }

--- a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
@@ -39,9 +39,7 @@ module ServerSideRequestForgery {
  abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }

  /** A source of remote user input, considered as a flow source for server side request forgery. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }

  /** The URL of an HTTP request, considered as a sink. */
  class HttpRequestAsSink extends Sink {
--- a/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/UnsafeDeserializationCustomizations.qll
@@ -35,9 +35,7 @@ module UnsafeDeserialization {
  }

  /** A source of remote user input, considered as a flow source for unsafe deserialization. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
+  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }

  /**
   * An argument in a call to `Marshal.load` or `Marshal.restore`, considered a
--- a/ruby/ql/src/AlertSuppression.ql
+++ b/ruby/ql/src/AlertSuppression.ql
@@ -52,9 +52,7 @@ private string commentText(Ruby::Comment comment) { result = comment.getValue().
 /**
 * The scope of an alert suppression comment.
 */
-class SuppressionScope extends @ruby_token_comment {
-  SuppressionScope() { this instanceof SuppressionComment }
-
+class SuppressionScope extends @ruby_token_comment instanceof SuppressionComment {
  /** Gets a suppression comment with this scope. */
  SuppressionComment getSuppressionComment() { result = this }

@@ -68,7 +66,7 @@ class SuppressionScope extends @ruby_token_comment {
  predicate hasLocationInfo(
    string filepath, int startline, int startcolumn, int endline, int endcolumn
  ) {
-    this.(SuppressionComment).covers(filepath, startline, startcolumn, endline, endcolumn)
+    super.covers(filepath, startline, startcolumn, endline, endcolumn)
  }

  /** Gets a textual representation of this element. */