Improved heuristics to increase precision

Author: atorralba

java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll

@@ -15,7 +15,10 @@ predicate conditionControlsMethod(MethodAccess ma, Expr e) {
   exists(ConditionBlock cb, SensitiveExecutionMethod m, boolean cond |
     ma.getMethod() = m and
     cb.controls(ma.getBasicBlock(), cond) and
-    not cb.controls(m.getAReference().getBasicBlock(), cond.booleanNot()) and
+    not cb.controls(any(SensitiveExecutionMethod sem).getAReference().getBasicBlock(),
+      cond.booleanNot()) and
+    not cb.controls(any(ThrowStmt t).getBasicBlock(), _) and
+    not cb.controls(any(ReturnStmt r).getBasicBlock(), _) and
     e = cb.getCondition()
   )
 }

java/ql/lib/semmle/code/java/security/SensitiveActions.qll

@@ -80,17 +80,12 @@ abstract class SensitiveExecutionMethod extends Method { }
 class AuthMethod extends SensitiveExecutionMethod {
   AuthMethod() {
     exists(string s | s = this.getName().toLowerCase() |
-      (
-        s.matches("%login%") or
-        s.matches("%auth%")
-      ) and
-      not (
-        s.matches("get%") or
-        s.matches("set%") or
-        s.matches("parse%") or
-        s.matches("%loginfo%")
-      )
-    )
+      s.matches(["%login%", "%auth%"]) and
+      not s.matches([
+          "get%", "set%", "parse%", "%loginfo%", "remove%", "clean%", "%unauth%", "%author%"
+        ])
+    ) and
+    not this.getDeclaringType().getASupertype*() instanceof TypeException
   }
 }