Merge pull request github#6884 from geoffw0/setliterals

Replace or chains with set literals.

Author: geoffw0

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateData.qll

@@ -13,26 +13,25 @@ import cpp
 
 /** A string for `match` that identifies strings that look like they represent private data. */
 private string privateNames() {
-  // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
-  // Government identifiers, such as Social Security Numbers
-  result = "%social%security%number%" or
-  // Contact information, such as home addresses and telephone numbers
-  result = "%postcode%" or
-  result = "%zipcode%" or
-  // result = "%telephone%" or
-  // Geographic location - where the user is (or was)
-  result = "%latitude%" or
-  result = "%longitude%" or
-  // Financial data - such as credit card numbers, salary, bank accounts, and debts
-  result = "%creditcard%" or
-  result = "%salary%" or
-  result = "%bankaccount%" or
-  // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
-  // result = "%email%" or
-  // result = "%mobile%" or
-  result = "%employer%" or
-  // Health - medical conditions, insurance status, prescription records
-  result = "%medical%"
+  result =
+    [
+      // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
+      // Government identifiers, such as Social Security Numbers
+      "%social%security%number%",
+      // Contact information, such as home addresses and telephone numbers
+      "%postcode%", "%zipcode%",
+      // result = "%telephone%" or
+      // Geographic location - where the user is (or was)
+      "%latitude%", "%longitude%",
+      // Financial data - such as credit card numbers, salary, bank accounts, and debts
+      "%creditcard%", "%salary%", "%bankaccount%",
+      // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
+      // result = "%email%" or
+      // result = "%mobile%" or
+      "%employer%",
+      // Health - medical conditions, insurance status, prescription records
+      "%medical%"
+    ]
 }
 
 /** An expression that might contain private data. */

cpp/ql/lib/semmle/code/cpp/Specifier.qll

@@ -31,11 +31,7 @@ class Specifier extends Element, @specifier {
  * A C/C++ function specifier: `inline`, `virtual`, or `explicit`.
  */
 class FunctionSpecifier extends Specifier {
-  FunctionSpecifier() {
-    this.hasName("inline") or
-    this.hasName("virtual") or
-    this.hasName("explicit")
-  }
+  FunctionSpecifier() { this.hasName(["inline", "virtual", "explicit"]) }
 
   override string getAPrimaryQlClass() { result = "FunctionSpecifier" }
 }
@@ -45,13 +41,7 @@ class FunctionSpecifier extends Specifier {
  * or `mutable".
  */
 class StorageClassSpecifier extends Specifier {
-  StorageClassSpecifier() {
-    this.hasName("auto") or
-    this.hasName("register") or
-    this.hasName("static") or
-    this.hasName("extern") or
-    this.hasName("mutable")
-  }
+  StorageClassSpecifier() { this.hasName(["auto", "register", "static", "extern", "mutable"]) }
 
   override string getAPrimaryQlClass() { result = "StorageClassSpecifier" }
 }
@@ -60,11 +50,7 @@ class StorageClassSpecifier extends Specifier {
  * A C++ access specifier: `public`, `protected`, or `private`.
  */
 class AccessSpecifier extends Specifier {
-  AccessSpecifier() {
-    this.hasName("public") or
-    this.hasName("protected") or
-    this.hasName("private")
-  }
+  AccessSpecifier() { this.hasName(["public", "protected", "private"]) }
 
   /**
    * Gets the visibility of a field with access specifier `this` if it is

cpp/ql/lib/semmle/code/cpp/security/CommandExecution.qll

@@ -28,35 +28,19 @@ class SystemFunction extends FunctionWithWrappers instanceof CommandExecutionFun
  */
 class VarargsExecFunctionCall extends FunctionCall {
   VarargsExecFunctionCall() {
-    getTarget().hasGlobalName("execl") or
-    getTarget().hasGlobalName("execle") or
-    getTarget().hasGlobalName("execlp") or
-    // Windows
-    getTarget().hasGlobalName("_execl") or
-    getTarget().hasGlobalName("_execle") or
-    getTarget().hasGlobalName("_execlp") or
-    getTarget().hasGlobalName("_execlpe") or
-    getTarget().hasGlobalName("_spawnl") or
-    getTarget().hasGlobalName("_spawnle") or
-    getTarget().hasGlobalName("_spawnlp") or
-    getTarget().hasGlobalName("_spawnlpe") or
-    getTarget().hasGlobalName("_wexecl") or
-    getTarget().hasGlobalName("_wexecle") or
-    getTarget().hasGlobalName("_wexeclp") or
-    getTarget().hasGlobalName("_wexeclpe") or
-    getTarget().hasGlobalName("_wspawnl") or
-    getTarget().hasGlobalName("_wspawnle") or
-    getTarget().hasGlobalName("_wspawnlp") or
-    getTarget().hasGlobalName("_wspawnlpe")
+    getTarget()
+        .hasGlobalName([
+            "execl", "execle", "execlp",
+            // Windows
+            "_execl", "_execle", "_execlp", "_execlpe", "_spawnl", "_spawnle", "_spawnlp",
+            "_spawnlpe", "_wexecl", "_wexecle", "_wexeclp", "_wexeclpe", "_wspawnl", "_wspawnle",
+            "_wspawnlp", "_wspawnlpe"
+          ])
   }
 
   /** Whether the last argument to the function is an environment pointer */
   predicate hasEnvironmentArgument() {
-    getTarget().hasGlobalName("execle") or
-    getTarget().hasGlobalName("_execle") or
-    getTarget().hasGlobalName("_execlpe") or
-    getTarget().hasGlobalName("_wexecle") or
-    getTarget().hasGlobalName("_wexeclpe")
+    getTarget().hasGlobalName(["execle", "_execle", "_execlpe", "_wexecle", "_wexeclpe"])
   }
 
   /**
@@ -83,11 +67,7 @@ class VarargsExecFunctionCall extends FunctionCall {
    * all the other ones start with the command.
    */
   private int getCommandIdx() {
-    if
-      getTarget().getName().matches("\\_spawn%") or
-      getTarget().getName().matches("\\_wspawn%")
-    then result = 1
-    else result = 0
+    if getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) then result = 1 else result = 0
   }
 }
 
@@ -98,28 +78,14 @@ class VarargsExecFunctionCall extends FunctionCall {
  */
 class ArrayExecFunctionCall extends FunctionCall {
   ArrayExecFunctionCall() {
-    getTarget().hasGlobalName("execv") or
-    getTarget().hasGlobalName("execvp") or
-    getTarget().hasGlobalName("execvpe") or
-    getTarget().hasGlobalName("execve") or
-    getTarget().hasGlobalName("fexecve") or
-    // Windows variants
-    getTarget().hasGlobalName("_execv") or
-    getTarget().hasGlobalName("_execve") or
-    getTarget().hasGlobalName("_execvp") or
-    getTarget().hasGlobalName("_execvpe") or
-    getTarget().hasGlobalName("_spawnv") or
-    getTarget().hasGlobalName("_spawnve") or
-    getTarget().hasGlobalName("_spawnvp") or
-    getTarget().hasGlobalName("_spawnvpe") or
-    getTarget().hasGlobalName("_wexecv") or
-    getTarget().hasGlobalName("_wexecve") or
-    getTarget().hasGlobalName("_wexecvp") or
-    getTarget().hasGlobalName("_wexecvpe") or
-    getTarget().hasGlobalName("_wspawnv") or
-    getTarget().hasGlobalName("_wspawnve") or
-    getTarget().hasGlobalName("_wspawnvp") or
-    getTarget().hasGlobalName("_wspawnvpe")
+    getTarget()
+        .hasGlobalName([
+            "execv", "execvp", "execvpe", "execve", "fexecve",
+            // Windows variants
+            "_execv", "_execve", "_execvp", "_execvpe", "_spawnv", "_spawnve", "_spawnvp",
+            "_spawnvpe", "_wexecv", "_wexecve", "_wexecvp", "_wexecvpe", "_wspawnv", "_wspawnve",
+            "_wspawnvp", "_wspawnvpe"
+          ])
   }
 
   /** The argument with the array of command arguments */
@@ -133,11 +99,7 @@ class ArrayExecFunctionCall extends FunctionCall {
    * all the other ones start with the command.
    */
   private int getCommandIdx() {
-    if
-      getTarget().getName().matches("\\_spawn%") or
-      getTarget().getName().matches("\\_wspawn%")
-    then result = 1
-    else result = 0
+    if getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) then result = 1 else result = 0
   }
 }
 

cpp/ql/lib/semmle/code/cpp/security/OutputWrite.qll

@@ -21,14 +21,12 @@ class OutputWrite extends Expr {
  * A standard output or standard error variable.
  */
 private predicate outputVariable(Variable v) {
-  // standard output
-  v.hasName("cout") or
-  v.hasName("wcout") or
-  // standard error
-  v.hasName("cerr") or
-  v.hasName("clog") or
-  v.hasName("wcerr") or
-  v.hasName("wclog")
+  v.hasName([
+      // standard output
+      "cout", "wcout",
+      // standard error
+      "cerr", "clog", "wcerr", "wclog"
+    ])
 }
 
 /**
@@ -64,10 +62,7 @@ private predicate outputWrite(Expr write, Expr source) {
     arg >= f.(FormattingFunction).getFormatParameterIndex()
     or
     // puts, putchar
-    (
-      f.hasGlobalOrStdName("puts") or
-      f.hasGlobalOrStdName("putchar")
-    ) and
+    f.hasGlobalOrStdName(["puts", "putchar"]) and
     arg = 0
     or
     exists(Call wrappedCall, Expr wrappedSource |

cpp/ql/lib/semmle/code/cpp/security/SensitiveExprs.qll

@@ -11,17 +11,8 @@ import cpp
  */
 bindingset[s]
 private predicate suspicious(string s) {
-  (
-    s.matches("%password%") or
-    s.matches("%passwd%") or
-    s.matches("%trusted%")
-  ) and
-  not (
-    s.matches("%hash%") or
-    s.matches("%crypt%") or
-    s.matches("%file%") or
-    s.matches("%path%")
-  )
+  s.matches(["%password%", "%passwd%", "%trusted%"]) and
+  not s.matches(["%hash%", "%crypt%", "%file%", "%path%"])
 }
 
 /**

cpp/ql/src/Best Practices/Magic Constants/MagicConstants.qll

@@ -58,15 +58,7 @@ predicate intTrivial(Literal lit) { exists(string v | trivialIntValue(v) and v =
 predicate longTrivial(Literal lit) { exists(string v | trivialLongValue(v) and v = lit.getValue()) }
 
 predicate powerOfTen(float f) {
-  f = 10 or
-  f = 100 or
-  f = 1000 or
-  f = 10000 or
-  f = 100000 or
-  f = 1000000 or
-  f = 10000000 or
-  f = 100000000 or
-  f = 1000000000
+  f = [10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000, 1000000000]
 }
 
 predicate floatTrivial(Literal lit) {

cpp/ql/src/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql

@@ -13,14 +13,15 @@
 import cpp
 
 predicate commonErrorCode(string value) {
-  value = "0" or
-  value = "1" or
-  value = "-1" or
-  value = "18446744073709551615" or // 2^64-1, i.e. -1 as an unsigned int64
-  value = "4294967295" or // 2^32-1, i.e. -1 as an unsigned int32
-  value = "3735928559" or // 0xdeadbeef
-  value = "3735929054" or // 0xdeadc0de
-  value = "3405691582" // 0xcafebabe
+  value =
+    [
+      "0", "1", "-1", // common error codes
+      "18446744073709551615", // 2^64-1, i.e. -1 as an unsigned int64
+      "4294967295", // 2^32-1, i.e. -1 as an unsigned int32
+      "3735928559", // 0xdeadbeef
+      "3735929054", // 0xdeadc0de
+      "3405691582" // 0xcafebabe
+    ]
 }
 
 from Expr e

cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql

@@ -43,23 +43,25 @@ predicate isSizePlus(Expr e, BufferSizeExpr baseSize, int plus) {
 
 predicate strncpyFunction(Function f, int argDest, int argSrc, int argLimit) {
   exists(string name | name = f.getName() |
-    (
-      name = "strcpy_s" or // strcpy_s(dst, max_amount, src)
-      name = "wcscpy_s" or // wcscpy_s(dst, max_amount, src)
-      name = "_mbscpy_s" // _mbscpy_s(dst, max_amount, src)
-    ) and
+    name =
+      [
+        "strcpy_s", // strcpy_s(dst, max_amount, src)
+        "wcscpy_s", // wcscpy_s(dst, max_amount, src)
+        "_mbscpy_s" // _mbscpy_s(dst, max_amount, src)
+      ] and
     argDest = 0 and
     argSrc = 2 and
     argLimit = 1
     or
-    (
-      name = "strncpy" or // strncpy(dst, src, max_amount)
-      name = "strncpy_l" or // strncpy_l(dst, src, max_amount, locale)
-      name = "wcsncpy" or // wcsncpy(dst, src, max_amount)
-      name = "_wcsncpy_l" or // _wcsncpy_l(dst, src, max_amount, locale)
-      name = "_mbsncpy" or // _mbsncpy(dst, src, max_amount)
-      name = "_mbsncpy_l" // _mbsncpy_l(dst, src, max_amount, locale)
-    ) and
+    name =
+      [
+        "strncpy", // strncpy(dst, src, max_amount)
+        "strncpy_l", // strncpy_l(dst, src, max_amount, locale)
+        "wcsncpy", // wcsncpy(dst, src, max_amount)
+        "_wcsncpy_l", // _wcsncpy_l(dst, src, max_amount, locale)
+        "_mbsncpy", // _mbsncpy(dst, src, max_amount)
+        "_mbsncpy_l" // _mbsncpy_l(dst, src, max_amount, locale)
+      ] and
     argDest = 0 and
     argSrc = 1 and
     argLimit = 2

cpp/ql/src/Power of 10/Rule 1/UseOfJmp.ql

@@ -15,10 +15,7 @@ import cpp
 class ForbiddenFunction extends Function {
   ForbiddenFunction() {
     exists(string name | name = this.getName() |
-      name = "setjmp" or
-      name = "longjmp" or
-      name = "sigsetjmp" or
-      name = "siglongjmp"
+      name = ["setjmp", "longjmp", "sigsetjmp", "siglongjmp"]
     )
   }
 }

cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql

@@ -26,12 +26,8 @@ import TaintedWithPath
 class FileFunction extends FunctionWithWrappers {
   FileFunction() {
     exists(string nme | this.hasGlobalName(nme) |
-      nme = "fopen" or
-      nme = "_fopen" or
-      nme = "_wfopen" or
-      nme = "open" or
-      nme = "_open" or
-      nme = "_wopen" or
+      nme = ["fopen", "_fopen", "_wfopen", "open", "_open", "_wopen"]
+      or
       // create file function on windows
       nme.matches("CreateFile%")
     )
@@ -40,10 +36,7 @@ class FileFunction extends FunctionWithWrappers {
     or
     // on any of the fstream classes, or filebuf
     exists(string nme | this.getDeclaringType().hasQualifiedName("std", nme) |
-      nme = "basic_fstream" or
-      nme = "basic_ifstream" or
-      nme = "basic_ofstream" or
-      nme = "basic_filebuf"
+      nme = ["basic_fstream", "basic_ifstream", "basic_ofstream", "basic_filebuf"]
     ) and
     // we look for either the open method or the constructor
     (this.getName() = "open" or this instanceof Constructor)