From cc43e1116b44064bd83e2eeaf01eb207a6c7ee58 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Tue, 3 Dec 2019 10:52:31 +0000
Subject: [PATCH] CPP: Do the logic at the target, rather than the access, as
 there are likely fewer.

---
 .../code/cpp/security/SensitiveExprs.qll      | 24 ++++++++++++-------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/cpp/ql/src/semmle/code/cpp/security/SensitiveExprs.qll b/cpp/ql/src/semmle/code/cpp/security/SensitiveExprs.qll
index 1d06477a853..2604798ed1e 100644
--- a/cpp/ql/src/semmle/code/cpp/security/SensitiveExprs.qll
+++ b/cpp/ql/src/semmle/code/cpp/security/SensitiveExprs.qll
@@ -15,16 +15,24 @@ private predicate suspicious(string s) {
   )
 }
 
-abstract class SensitiveExpr extends Expr { }
-
-class SensitiveVarAccess extends SensitiveExpr {
-  SensitiveVarAccess() {
-    suspicious(this.(VariableAccess).getTarget().getName().toLowerCase())
+class SensitiveVariable extends Variable {
+  SensitiveVariable()
+  {
+    suspicious(getName().toLowerCase())
   }
 }
 
-class SensitiveCall extends SensitiveExpr {
-  SensitiveCall() {
-    suspicious(this.(FunctionCall).getTarget().getName().toLowerCase())
+class SensitiveFunction extends Function {
+  SensitiveFunction()
+  {
+    suspicious(getName().toLowerCase())
+  }
+}
+
+class SensitiveExpr extends Expr {
+  SensitiveExpr()
+  {
+  	this.(VariableAccess).getTarget() instanceof SensitiveVariable or
+  	this.(FunctionCall).getTarget() instanceof SensitiveFunction
   }
 }