Apply suggestions from code review

atorralba · smowton · atorralba · commit 51dfebf4c9de · 2022-05-04T10:53:29.000+02:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll b/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll
@@ -83,14 +83,12 @@ class ShouldOverrideUrlLoading extends Method {
  */
 predicate isJSEnabled(Expr webview) {
   webview.getType().(RefType).getASupertype*() instanceof TypeWebView and
-  exists(MethodAccess allowJs |
+  exists(MethodAccess allowJs, MethodAccess settings |
     allowJs.getMethod() instanceof AllowJavaScriptMethod and
     allowJs.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true and
-    exists(MethodAccess settings |
-      settings.getMethod() instanceof WebViewGetSettingsMethod and
-      DataFlow::localExprFlow(settings, allowJs.getQualifier()) and
-      DataFlow::localExprFlow(webview, settings.getQualifier())
-    )
+    settings.getMethod() instanceof WebViewGetSettingsMethod and
+    DataFlow::localExprFlow(settings, allowJs.getQualifier()) and
+    DataFlow::localExprFlow(webview, settings.getQualifier())
   )
 }
 
@@ -99,14 +97,12 @@ predicate isJSEnabled(Expr webview) {
  * `setAllowFileAccessFromFileURLs` have been set to `true`.
  */
 predicate isAllowFileAccessEnabled(Expr webview) {
-  exists(MethodAccess allowFileAccess |
+  exists(MethodAccess allowFileAccess, MethodAccess settings |
     allowFileAccess.getMethod() instanceof CrossOriginAccessMethod and
     allowFileAccess.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true and
-    exists(MethodAccess settings |
-      settings.getMethod() instanceof WebViewGetSettingsMethod and
-      DataFlow::localExprFlow(settings, allowFileAccess.getQualifier()) and
-      DataFlow::localExprFlow(webview, settings.getQualifier())
-    )
+    settings.getMethod() instanceof WebViewGetSettingsMethod and
+    DataFlow::localExprFlow(settings, allowFileAccess.getQualifier()) and
+    DataFlow::localExprFlow(webview, settings.getQualifier())
   )
 }
 
diff --git a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll
@@ -77,7 +77,7 @@ private Expr getUnderlyingExpr(Expr e) {
 }
 
 /**
- * Holds if `WebViewLoadUrlMethod` is called on `webview`
+ * Holds if a `WebViewLoadUrlMethod` is called on `webview`
  * with `urlArg` as its first argument.
  */
 private predicate webViewLoadUrl(Argument urlArg, Expr webview) {

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ private Expr getUnderlyingExpr(Expr e) {`
`77`	`77`	`}`
`78`	`78`
`79`	`79`	`/**`
`80`		- * Holds if `WebViewLoadUrlMethod` is called on `webview`
	`80`	+ * Holds if a `WebViewLoadUrlMethod` is called on `webview`
`81`	`81`	* with `urlArg` as its first argument.
`82`	`82`	`*/`
`83`	`83`	`private predicate webViewLoadUrl(Argument urlArg, Expr webview) {`