Changed to for constant string

aegilops · aegilops · commit 1a108fb1c956 · 2023-06-19T11:46:08.000+01:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll
@@ -98,6 +98,6 @@ class UnSafeExecutable extends string {
   bindingset[this]
   UnSafeExecutable() {
     this.regexpMatch("^(|.*/)([a-z]*sh|javac?|python.*|perl|[Pp]ower[Ss]hell|php|node|deno|bun|ruby|osascript|cmd|Rscript|groovy)(\\.exe)?$") and
-    not this.matches("netsh.exe")
+    not this = "netsh.exe"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -98,6 +98,6 @@ class UnSafeExecutable extends string {`
`98`	`98`	`bindingset[this]`
`99`	`99`	`UnSafeExecutable() {`
`100`	`100`	`this.regexpMatch("^(\|./)([a-z]sh\|javac?\|python.*\|perl\|[Pp]ower[Ss]hell\|php\|node\|deno\|bun\|ruby\|osascript\|cmd\|Rscript\|groovy)(\\.exe)?$") and`
`101`		`- not this.matches("netsh.exe")`
	`101`	`+ not this = "netsh.exe"`
`102`	`102`	`}`
`103`	`103`	`}`