C#: Improve performance of MissingXMLValidation query

Author: hvitved

csharp/ql/lib/semmle/code/csharp/frameworks/system/Xml.qll

@@ -136,7 +136,9 @@ private Expr getBitwiseOrOperand(Expr e) { result = e.(BitwiseOrExpr).getAnOpera
 
 /** A creation of an instance of `System.Xml.XmlReaderSettings`. */
 class XmlReaderSettingsCreation extends ObjectCreation {
-  XmlReaderSettingsCreation() { this.getType() instanceof SystemXmlXmlReaderSettingsClass }
+  private SystemXmlXmlReaderSettingsClass settings;
+
+  XmlReaderSettingsCreation() { settings = this.getType() }
 
   /** Gets a value set on the `ValidationType` property, if any. */
   SystemXmlValidationType getValidationType() {
@@ -152,7 +154,7 @@ class XmlReaderSettingsCreation extends ObjectCreation {
 
   /** Gets a value set for the given property in this local context. */
   private Expr getPropertyValue(Property p) {
-    p = this.getType().(RefType).getAProperty() and
+    p = settings.getAProperty() and
     exists(PropertyCall set, Expr arg |
       set.getTarget() = p.getSetter() and
       DataFlow::localExprFlow(this, set.getQualifier()) and

csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll

@@ -52,7 +52,7 @@ deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration
 private module MissingXmlValidationConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 
-  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+  predicate isSink(DataFlow::Node sink) { exists(sink.(Sink).getReason()) }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 }

csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected

@@ -2,15 +2,13 @@ edges
 | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | provenance |  |
 | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | provenance |  |
 | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | provenance |  |
-| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:35:43:35:57 | access to local variable userProvidedXml : String | provenance |  |
 | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | provenance |  |
 | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | provenance |  |
 | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | provenance | MaD:11390 |
 | MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | provenance |  |
 | MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | provenance | MaD:1162 |
 | MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | provenance | MaD:1162 |
 | MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | provenance | MaD:1162 |
-| MissingXMLValidation.cs:35:43:35:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:35:26:35:58 | object creation of type StringReader | provenance | MaD:1162 |
 | MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | provenance | MaD:1162 |
 nodes
 | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
@@ -22,8 +20,6 @@ nodes
 | MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
 | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
 | MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
-| MissingXMLValidation.cs:35:26:35:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
-| MissingXMLValidation.cs:35:43:35:57 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
 | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
 | MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
 subpaths