Address reviews - use SimpleTypeSanitizer and alter qldoc style

joefarebrother · joefarebrother · commit 9130603334df · 2024-01-31T11:31:25.000Z
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Layout.qll b/java/ql/lib/semmle/code/java/frameworks/android/Layout.qll
@@ -50,7 +50,7 @@ private class FindViewMethod extends Method {
   }
 }
 
-/** Gets a use of the view that has the given id. (i.e. from a call to a method like `findViewById`) */
+/** Gets a use of the view that has the given id. (that is, from a call to a method like `findViewById`) */
 MethodCall getAUseOfViewWithId(string id) {
   exists(string name, NestedClass r_id, Field id_field |
     id = ["@+id/", "@id/"] + name and
diff --git a/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll
@@ -5,6 +5,7 @@ private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.TaintTracking
 private import semmle.code.java.security.SensitiveActions
 private import semmle.code.java.frameworks.android.Layout
+private import semmle.code.java.security.Sanitizers
 
 /** A configuration for tracking sensitive information to system notifications. */
 private module NotificationTrackingConfig implements DataFlow::ConfigSig {
@@ -63,9 +64,7 @@ private module TextFieldTrackingConfig implements DataFlow::ConfigSig {
     )
   }
 
-  predicate isBarrier(DataFlow::Node node) {
-    node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
-  }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }
 
   predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 }

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ private class FindViewMethod extends Method {`
`50`	`50`	`}`
`51`	`51`	`}`
`52`	`52`
`53`		-/** Gets a use of the view that has the given id. (i.e. from a call to a method like `findViewById`) */
	`53`	+/** Gets a use of the view that has the given id. (that is, from a call to a method like `findViewById`) */
`54`	`54`	`MethodCall getAUseOfViewWithId(string id) {`
`55`	`55`	`exists(string name, NestedClass r_id, Field id_field \|`
`56`	`56`	`id = ["@+id/", "@id/"] + name and`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ private import semmle.code.java.dataflow.ExternalFlow`
`5`	`5`	`private import semmle.code.java.dataflow.TaintTracking`
`6`	`6`	`private import semmle.code.java.security.SensitiveActions`
`7`	`7`	`private import semmle.code.java.frameworks.android.Layout`
	`8`	`+private import semmle.code.java.security.Sanitizers`
`8`	`9`
`9`	`10`	`/** A configuration for tracking sensitive information to system notifications. */`
`10`	`11`	`private module NotificationTrackingConfig implements DataFlow::ConfigSig {`
`@@ -63,9 +64,7 @@ private module TextFieldTrackingConfig implements DataFlow::ConfigSig {`
`63`	`64`	`)`
`64`	`65`	`}`
`65`	`66`
`66`		`- predicate isBarrier(DataFlow::Node node) {`
`67`		`- node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType`
`68`		`- }`
	`67`	`+ predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }`
`69`	`68`
`70`	`69`	`predicate isBarrierIn(DataFlow::Node node) { isSource(node) }`
`71`	`70`	`}`