Better HostnameVerificationCall.isIgnored()

artem-smotrakov · artem-smotrakov · commit 48604cd7b3cd · 2022-02-12T15:52:16.000Z
diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql b/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql
@@ -22,9 +22,9 @@ private class HostnameVerificationCall extends MethodAccess {
 
   /** Holds if the result of the call is not used. */
   predicate isIgnored() {
-    not exists(Expr expr, IfStmt ifStmt, MethodAccess ma |
-      this = [expr.getAChildExpr(), ifStmt.getCondition(), ma.getAnArgument()]
-    )
+    not exists(Expr expr | this = expr.getAChildExpr()) and
+    not exists(IfStmt ifStmt | this = ifStmt.getCondition()) and
+    this = any(ExprStmt es).getExpr()
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -22,9 +22,9 @@ private class HostnameVerificationCall extends MethodAccess {`
`22`	`22`
`23`	`23`	`/** Holds if the result of the call is not used. */`
`24`	`24`	`predicate isIgnored() {`
`25`		`- not exists(Expr expr, IfStmt ifStmt, MethodAccess ma \|`
`26`		`- this = [expr.getAChildExpr(), ifStmt.getCondition(), ma.getAnArgument()]`
`27`		`- )`
	`25`	`+ not exists(Expr expr \| this = expr.getAChildExpr()) and`
	`26`	`+ not exists(IfStmt ifStmt \| this = ifStmt.getCondition()) and`
	`27`	`+ this = any(ExprStmt es).getExpr()`
`28`	`28`	`}`
`29`	`29`	`}`
`30`	`30`