Merge pull request github#12120 from MathiasVP/even-fewer-strings

MathiasVP · web-flow · commit 1980e25ac960 · 2023-02-07T13:57:12.000Z
C++: Avoid unnecessary calls to `toLowerCase()`
diff --git a/cpp/ql/lib/semmle/code/cpp/security/SensitiveExprs.qll b/cpp/ql/lib/semmle/code/cpp/security/SensitiveExprs.qll
@@ -14,16 +14,16 @@ import cpp
  */
 bindingset[s]
 private predicate suspicious(string s) {
-  s.regexpMatch(".*(password|passwd|accountid|account.?key|accnt.?key|license.?key|trusted).*") and
-  not s.matches(["%hash%", "%crypt%", "%file%", "%path%", "%invalid%"])
+  s.regexpMatch("(?i).*(password|passwd|accountid|account.?key|accnt.?key|license.?key|trusted).*") and
+  not s.regexpMatch("(?i).*(hash|crypt|file|path|invalid).*")
 }
 
 /**
  * A variable that might contain a password or other credential.
  */
 class SensitiveVariable extends Variable {
   SensitiveVariable() {
-    suspicious(this.getName().toLowerCase()) and
+    suspicious(this.getName()) and
     not this.getUnspecifiedType() instanceof IntegralType
   }
 }
@@ -33,7 +33,7 @@ class SensitiveVariable extends Variable {
  */
 class SensitiveFunction extends Function {
   SensitiveFunction() {
-    suspicious(this.getName().toLowerCase()) and
+    suspicious(this.getName()) and
     not this.getUnspecifiedType() instanceof IntegralType
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -14,16 +14,16 @@ import cpp`
`14`	`14`	`*/`
`15`	`15`	`bindingset[s]`
`16`	`16`	`private predicate suspicious(string s) {`
`17`		`- s.regexpMatch(".(password\|passwd\|accountid\|account.?key\|accnt.?key\|license.?key\|trusted).") and`
`18`		`- not s.matches(["%hash%", "%crypt%", "%file%", "%path%", "%invalid%"])`
	`17`	`+ s.regexpMatch("(?i).(password\|passwd\|accountid\|account.?key\|accnt.?key\|license.?key\|trusted).") and`
	`18`	`+ not s.regexpMatch("(?i).(hash\|crypt\|file\|path\|invalid).")`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`/**`
`22`	`22`	`* A variable that might contain a password or other credential.`
`23`	`23`	`*/`
`24`	`24`	`class SensitiveVariable extends Variable {`
`25`	`25`	`SensitiveVariable() {`
`26`		`- suspicious(this.getName().toLowerCase()) and`
	`26`	`+ suspicious(this.getName()) and`
`27`	`27`	`not this.getUnspecifiedType() instanceof IntegralType`
`28`	`28`	`}`
`29`	`29`	`}`
`@@ -33,7 +33,7 @@ class SensitiveVariable extends Variable {`
`33`	`33`	`*/`
`34`	`34`	`class SensitiveFunction extends Function {`
`35`	`35`	`SensitiveFunction() {`
`36`		`- suspicious(this.getName().toLowerCase()) and`
	`36`	`+ suspicious(this.getName()) and`
`37`	`37`	`not this.getUnspecifiedType() instanceof IntegralType`
`38`	`38`	`}`
`39`	`39`	`}`