C++: Reduce result duplication.

Author: geoffw0

cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql

@@ -289,14 +289,14 @@ class ExposedSystemDataConfiguration extends TaintTracking::Configuration {
   ExposedSystemDataConfiguration() { this = "ExposedSystemDataConfiguration" }
 
   override predicate isSource(DataFlow::Node source) {
-    source.asExpr() = any(SystemData sd).getAnExpr()
+    source.asConvertedExpr() = any(SystemData sd).getAnExpr()
   }
 
   override predicate isSink(DataFlow::Node sink) {
     exists(FunctionCall fc, FunctionInput input, int arg |
       fc.getTarget().(RemoteFlowSinkFunction).hasRemoteFlowSink(input, _) and
       input.isParameterDeref(arg) and
-      fc.getArgument(arg) = sink.asExpr()
+      fc.getArgument(arg).getFullyConverted() = sink.asConvertedExpr()
     )
   }
 }

cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected

@@ -1,16 +1,7 @@
 edges
 | tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:26 | (const char *)... |
-| tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:26 | (const char *)... |
-| tests2.cpp:63:13:63:26 | (const char *)... | tests2.cpp:63:13:63:26 | (const char *)... |
-| tests2.cpp:63:13:63:26 | (const char *)... | tests2.cpp:63:13:63:26 | (const char *)... |
-| tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:26 | (const char *)... |
 | tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:26 | (const char *)... |
-| tests2.cpp:64:13:64:26 | (const char *)... | tests2.cpp:64:13:64:26 | (const char *)... |
-| tests2.cpp:64:13:64:26 | (const char *)... | tests2.cpp:64:13:64:26 | (const char *)... |
-| tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:30 | (const char *)... |
 | tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:30 | (const char *)... |
-| tests2.cpp:65:13:65:30 | (const char *)... | tests2.cpp:65:13:65:30 | (const char *)... |
-| tests2.cpp:65:13:65:30 | (const char *)... | tests2.cpp:65:13:65:30 | (const char *)... |
 | tests2.cpp:76:18:76:38 | call to mysql_get_client_info | tests2.cpp:79:14:79:19 | (const char *)... |
 | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info |
 | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info |
@@ -21,16 +12,10 @@ edges
 | tests2.cpp:109:14:109:15 | c1 [read] [ptr] | tests2.cpp:109:14:109:19 | (const char *)... |
 nodes
 | tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
-| tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
-| tests2.cpp:63:13:63:26 | (const char *)... | semmle.label | (const char *)... |
 | tests2.cpp:63:13:63:26 | (const char *)... | semmle.label | (const char *)... |
 | tests2.cpp:64:13:64:18 | call to getenv | semmle.label | call to getenv |
-| tests2.cpp:64:13:64:18 | call to getenv | semmle.label | call to getenv |
-| tests2.cpp:64:13:64:26 | (const char *)... | semmle.label | (const char *)... |
 | tests2.cpp:64:13:64:26 | (const char *)... | semmle.label | (const char *)... |
 | tests2.cpp:65:13:65:18 | call to getenv | semmle.label | call to getenv |
-| tests2.cpp:65:13:65:18 | call to getenv | semmle.label | call to getenv |
-| tests2.cpp:65:13:65:30 | (const char *)... | semmle.label | (const char *)... |
 | tests2.cpp:65:13:65:30 | (const char *)... | semmle.label | (const char *)... |
 | tests2.cpp:76:18:76:38 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
 | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
@@ -45,18 +30,9 @@ nodes
 | tests2.cpp:109:14:109:19 | (const char *)... | semmle.label | (const char *)... |
 subpaths
 #select
-| tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:63:13:63:18 | call to getenv | call to getenv |
 | tests2.cpp:63:13:63:26 | (const char *)... | tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:26 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:63:13:63:18 | call to getenv | call to getenv |
-| tests2.cpp:63:13:63:26 | (const char *)... | tests2.cpp:63:13:63:26 | (const char *)... | tests2.cpp:63:13:63:26 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:63:13:63:26 | (const char *)... | (const char *)... |
-| tests2.cpp:63:13:63:26 | (const char *)... | tests2.cpp:63:13:63:26 | (const char *)... | tests2.cpp:63:13:63:26 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:63:13:63:26 | (const char *)... | (const char *)... |
-| tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:64:13:64:18 | call to getenv | call to getenv |
 | tests2.cpp:64:13:64:26 | (const char *)... | tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:26 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:64:13:64:18 | call to getenv | call to getenv |
-| tests2.cpp:64:13:64:26 | (const char *)... | tests2.cpp:64:13:64:26 | (const char *)... | tests2.cpp:64:13:64:26 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:64:13:64:26 | (const char *)... | (const char *)... |
-| tests2.cpp:64:13:64:26 | (const char *)... | tests2.cpp:64:13:64:26 | (const char *)... | tests2.cpp:64:13:64:26 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:64:13:64:26 | (const char *)... | (const char *)... |
-| tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:65:13:65:18 | call to getenv | call to getenv |
 | tests2.cpp:65:13:65:30 | (const char *)... | tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:30 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:65:13:65:18 | call to getenv | call to getenv |
-| tests2.cpp:65:13:65:30 | (const char *)... | tests2.cpp:65:13:65:30 | (const char *)... | tests2.cpp:65:13:65:30 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:65:13:65:30 | (const char *)... | (const char *)... |
-| tests2.cpp:65:13:65:30 | (const char *)... | tests2.cpp:65:13:65:30 | (const char *)... | tests2.cpp:65:13:65:30 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:65:13:65:30 | (const char *)... | (const char *)... |
 | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | This operation exposes system data from $@. | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | call to mysql_get_client_info |
 | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | This operation exposes system data from $@. | tests2.cpp:78:14:78:34 | call to mysql_get_client_info | call to mysql_get_client_info |
 | tests2.cpp:79:14:79:19 | (const char *)... | tests2.cpp:76:18:76:38 | call to mysql_get_client_info | tests2.cpp:79:14:79:19 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:76:18:76:38 | call to mysql_get_client_info | call to mysql_get_client_info |