Merge branch 'main' into setliterals

javascript/ql/lib/semmle/javascript/RangeAnalysis.qll

@@ -236,10 +236,9 @@ module RangeAnalysis {
   ) {
     if exists(r.getImmediatePredecessor())
     then linearDefinitionSum(r.getImmediatePredecessor(), xroot, xsign, yroot, ysign, bias)
-    else
-      if exists(r.asExpr().getIntValue())
-      then none() // do not model constants as sums
-      else (
+    else (
+      not exists(r.asExpr().getIntValue()) and // do not model constants as sums
+      (
         exists(AddExpr add, int bias1, int bias2 | r.asExpr() = add |
           // r = r1 + r2
           linearDefinition(add.getLeftOperand().flow(), xroot, xsign, bias1) and
@@ -257,6 +256,7 @@ module RangeAnalysis {
         linearDefinitionSum(r.asExpr().(NegExpr).getOperand().flow(), xroot, -xsign, yroot, -ysign,
           -bias)
       )
+    )
   }
 
   /**

javascript/ql/lib/semmle/javascript/XML.qll

@@ -108,7 +108,7 @@ class XMLParent extends @xmlparent {
   }
 
   /** Gets the text value contained in this XML parent. */
-  string getTextValue() { result = allCharactersString() }
+  string getTextValue() { result = this.allCharactersString() }
 
   /** Gets a printable representation of this XML parent. */
   string toString() { result = this.getName() }
@@ -119,7 +119,7 @@ class XMLFile extends XMLParent, File {
   XMLFile() { xmlEncoding(this, _) }
 
   /** Gets a printable representation of this XML file. */
-  override string toString() { result = getName() }
+  override string toString() { result = this.getName() }
 
   /** Gets the name of this XML file. */
   override string getName() { result = File.super.getAbsolutePath() }
@@ -129,14 +129,14 @@ class XMLFile extends XMLParent, File {
    *
    * Gets the path of this XML file.
    */
-  deprecated string getPath() { result = getAbsolutePath() }
+  deprecated string getPath() { result = this.getAbsolutePath() }
 
   /**
    * DEPRECATED: Use `getParentContainer().getAbsolutePath()` instead.
    *
    * Gets the path of the folder that contains this XML file.
    */
-  deprecated string getFolder() { result = getParentContainer().getAbsolutePath() }
+  deprecated string getFolder() { result = this.getParentContainer().getAbsolutePath() }
 
   /** Gets the encoding of this XML file. */
   string getEncoding() { xmlEncoding(this, result) }
@@ -200,7 +200,7 @@ class XMLDTD extends XMLLocatable, @xmldtd {
  */
 class XMLElement extends @xmlelement, XMLParent, XMLLocatable {
   /** Holds if this XML element has the given `name`. */
-  predicate hasName(string name) { name = getName() }
+  predicate hasName(string name) { name = this.getName() }
 
   /** Gets the name of this XML element. */
   override string getName() { xmlElements(this, result, _, _, _) }
@@ -239,7 +239,7 @@ class XMLElement extends @xmlelement, XMLParent, XMLLocatable {
   string getAttributeValue(string name) { result = this.getAttribute(name).getValue() }
 
   /** Gets a printable representation of this XML element. */
-  override string toString() { result = getName() }
+  override string toString() { result = this.getName() }
 }
 
 /**

javascript/ql/lib/semmle/javascript/frameworks/Angular2.qll

@@ -152,7 +152,7 @@ module Angular2 {
   /** A value that is about to be promoted to a trusted script value. */
   private class AngularCodeInjectionSink extends CodeInjection::Sink {
     AngularCodeInjectionSink() {
-      this = domSanitizer().getAMethodCall(["bypassSecurityTrustScript"]).getArgument(0)
+      this = domSanitizer().getAMethodCall("bypassSecurityTrustScript").getArgument(0)
     }
   }
 

javascript/ql/lib/semmle/javascript/frameworks/ComposedFunctions.qll

@@ -82,7 +82,7 @@ module FunctionCompositionCall {
   /** A call whose arguments are functions `f,g,h` which are composed into `f(g(h(...))` */
   private class RightToLeft extends WithArrayOverloading {
     RightToLeft() {
-      this = DataFlow::moduleImport(["compose-function"]).getACall()
+      this = DataFlow::moduleImport("compose-function").getACall()
       or
       this =
         DataFlow::moduleMember(["redux", "ramda", "@reduxjs/toolkit", "recompose"], "compose")

javascript/ql/lib/semmle/javascript/frameworks/MooTools.qll

@@ -35,7 +35,7 @@ module MooTools {
   predicate interpretsNodeAsHtml(DataFlow::Node node) {
     exists(Element e |
       node = e.getAnElementPropertyValue("html") or
-      node = e.getAMethodCall(["appendHtml"]).getArgument(0)
+      node = e.getAMethodCall("appendHtml").getArgument(0)
     )
   }
 }

javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll

@@ -727,7 +727,7 @@ module NodeJSLib {
       result = getParameter(1).getARhs()
     }
 
-    override predicate isSync() { "Sync" = methodName.suffix(methodName.length() - 4) }
+    override predicate isSync() { methodName.matches("%Sync") }
 
     override DataFlow::Node getOptionsArg() {
       not result.getALocalSource() instanceof DataFlow::FunctionNode and // looks like callback

javascript/ql/lib/semmle/javascript/frameworks/SystemCommandExecutors.qll

@@ -107,9 +107,7 @@ private class SystemCommandExecutors extends SystemCommandExecution, DataFlow::I
  */
 bindingset[name]
 private boolean getSync(string name) {
-  if name.suffix(name.length() - 4) = "Sync" or name.suffix(name.length() - 4) = "sync"
-  then result = true
-  else result = false
+  if name.matches("%Sync") or name.matches("%sync") then result = true else result = false
 }
 
 private class RemoteCommandExecutor extends SystemCommandExecution, DataFlow::InvokeNode {

javascript/ql/lib/semmle/javascript/security/UselessUseOfCat.qll

@@ -303,14 +303,11 @@ module PrettyPrintCatCall {
   bindingset[str]
   private string createSimplifiedStringConcat(string str) {
     // Remove an initial ""+ (e.g. in `""+file`)
-    if str.prefix(5) = "\"\" + "
+    if str.matches("\"\" + %")
     then result = str.suffix(5)
     else
       // prettify `${newpath}` to just newpath
-      if
-        str.prefix(3) = "`${" and
-        str.suffix(str.length() - 2) = "}`" and
-        not str.suffix(3).matches("%{%")
+      if str.matches("`${%") and str.matches("%}`") and not str.suffix(3).matches("%{%")
       then result = str.prefix(str.length() - 2).suffix(3)
       else result = str
   }

javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll

@@ -477,7 +477,7 @@ private module CharacterClasses {
       result = ["0", "9"]
       or
       cc.getValue() = "s" and
-      result = [" "]
+      result = " "
       or
       cc.getValue() = "w" and
       result = ["a", "Z", "_", "0", "9"]
@@ -490,7 +490,7 @@ private module CharacterClasses {
       result = "9"
       or
       cc.getValue() = "s" and
-      result = [" "]
+      result = " "
       or
       cc.getValue() = "w" and
       result = "a"

javascript/ql/src/Security/CWE-730/ServerCrash.ql

@@ -104,7 +104,7 @@ class AsyncSentinelCall extends DataFlow::CallNode {
     exists(DataFlow::FunctionNode node | node.getAstNode() = asyncCallee |
       // manual models
       exists(string memberName |
-        not "Sync" = memberName.suffix(memberName.length() - 4) and
+        not memberName.matches("%Sync") and
         this = NodeJSLib::FS::moduleMember(memberName).getACall() and
         node = this.getCallback([1 .. 2])
       )

javascript/ql/test/testUtilities/ConsistencyChecking.qll

@@ -62,7 +62,7 @@ private class AssertionComment extends LineComment {
   /**
    * Holds if a consistency issue is expected at this location.
    */
-  predicate expectConsistencyError() { getText().matches(["%[INCONSISTENCY]%"]) }
+  predicate expectConsistencyError() { getText().matches("%[INCONSISTENCY]%") }
 }
 
 private DataFlow::Node getASink() { exists(DataFlow::Configuration cfg | cfg.hasFlow(_, result)) }