C#: Set literals.

Author: geoffw0

csharp/ql/lib/semmle/code/csharp/Modifier.qll

@@ -19,10 +19,5 @@ class Modifier extends Element, @modifier {
  * An access modifier: `public`, `private`, `internal` or `protected`.
  */
 class AccessModifier extends Modifier {
-  AccessModifier() {
-    hasName("public") or
-    hasName("private") or
-    hasName("internal") or
-    hasName("protected")
-  }
+  AccessModifier() { hasName(["public", "private", "internal", "protected"]) }
 }

csharp/ql/lib/semmle/code/csharp/commons/Collections.qll

@@ -3,23 +3,12 @@
 import csharp
 
 private string modifyMethodName() {
-  result = "Add" or
-  result = "AddFirst" or
-  result = "AddLast" or
-  result = "Clear" or
-  result = "Enqueue" or
-  result = "ExceptWith" or
-  result = "Insert" or
-  result = "IntersectWith" or
-  result = "Push" or
-  result = "Remove" or
-  result = "RemoveAt" or
-  result = "RemoveFirst" or
-  result = "RemoveLast" or
-  result = "Set" or
-  result = "SetAll" or
-  result = "SymmetricExceptWith" or
-  result = "UnionWith"
+  result =
+    [
+      "Add", "AddFirst", "AddLast", "Clear", "Enqueue", "ExceptWith", "Insert", "IntersectWith",
+      "Push", "Remove", "RemoveAt", "RemoveFirst", "RemoveLast", "Set", "SetAll",
+      "SymmetricExceptWith", "UnionWith"
+    ]
 }
 
 /** A method call that modifies a collection. */
@@ -39,45 +28,27 @@ class CollectionModificationAccess extends Access {
 }
 
 private string collectionTypeName() {
-  result = "ArrayList" or
-  result = "BitArray" or
-  result = "Hashtable" or
-  result = "ICollection" or
-  result = "IDictionary" or
-  result = "IList" or
-  result = "Queue" or
-  result = "ReadOnlyCollectionBase" or
-  result = "SortedList" or
-  result = "Stack"
+  result =
+    [
+      "ArrayList", "BitArray", "Hashtable", "ICollection", "IDictionary", "IList", "Queue",
+      "ReadOnlyCollectionBase", "SortedList", "Stack"
+    ]
 }
 
-private string collectionNamespaceName() {
-  result = "Mono.Collections" or
-  result = "System.Collections"
-}
+private string collectionNamespaceName() { result = ["Mono.Collections", "System.Collections"] }
 
 private string genericCollectionNamespaceName() {
-  result = "Mono.Collections.Generic" or
-  result = "System.Collections.Generic"
+  result = ["Mono.Collections.Generic", "System.Collections.Generic"]
 }
 
 private string genericCollectionTypeName() {
-  result = "Dictionary<,>" or
-  result = "HashSet<>" or
-  result = "ICollection<>" or
-  result = "IDictionary<,>" or
-  result = "IList<>" or
-  result = "ISet<>" or
-  result = "LinkedList<>" or
-  result = "List<>" or
-  result = "Queue<>" or
-  result = "SortedDictionary<,>" or
-  result = "SortedList<,>" or
-  result = "SortedSet<>" or
-  result = "Stack<>" or
-  result = "SynchronizedCollection<>" or
-  result = "SynchronizedKeyedCollection<>" or
-  result = "SynchronizedReadOnlyCollection<>"
+  result =
+    [
+      "Dictionary<,>", "HashSet<>", "ICollection<>", "IDictionary<,>", "IList<>", "ISet<>",
+      "LinkedList<>", "List<>", "Queue<>", "SortedDictionary<,>", "SortedList<,>", "SortedSet<>",
+      "Stack<>", "SynchronizedCollection<>", "SynchronizedKeyedCollection<>",
+      "SynchronizedReadOnlyCollection<>"
+    ]
 }
 
 /** A collection type. */
@@ -105,36 +76,18 @@ class EmptyCollectionCreation extends ObjectCreation {
 }
 
 private string readonlyMethodName() {
-  result = "BinarySearch" or
-  result = "Clone" or
-  result = "Contains" or
-  result = "ContainsKey" or
-  result = "ContainsValue" or
-  result = "CopyTo" or
-  result = "Equals" or
-  result = "FixedArray" or
-  result = "FixedSize" or
-  result = "Get" or
-  result = "GetEnumerator" or
-  result = "GetHashCode" or
-  result = "GetRange" or
-  result = "IndexOf" or
-  result = "IsProperSubsetOf" or
-  result = "IsProperSupersetOf" or
-  result = "IsSubsetOf" or
-  result = "IsSupersetOf" or
-  result = "LastIndexOf" or
-  result = "MemberwiseClone" or
-  result = "Peek" or
-  result = "ToArray" or
-  result = "ToString" or
-  result = "TryGetValue"
+  result =
+    [
+      "BinarySearch", "Clone", "Contains", "ContainsKey", "ContainsValue", "CopyTo", "Equals",
+      "FixedArray", "FixedSize", "Get", "GetEnumerator", "GetHashCode", "GetRange", "IndexOf",
+      "IsProperSubsetOf", "IsProperSupersetOf", "IsSubsetOf", "IsSupersetOf", "LastIndexOf",
+      "MemberwiseClone", "Peek", "ToArray", "ToString", "TryGetValue"
+    ]
 }
 
 private string noAddMethodName() {
   result = readonlyMethodName() or
-  result = "Dequeue" or
-  result = "Pop"
+  result = ["Dequeue", "Pop"]
 }
 
 /** Holds if `a` is an access that does not modify a collection. */

csharp/ql/lib/semmle/code/csharp/frameworks/JsonNET.qll

@@ -120,21 +120,13 @@ module JsonNET {
     SerializedMember() {
       // This member has a Json attribute
       exists(Class attribute | attribute = this.getAnAttribute().getType() |
-        attribute.hasName("JsonPropertyAttribute")
-        or
-        attribute.hasName("JsonDictionaryAttribute")
-        or
-        attribute.hasName("JsonRequiredAttribute")
-        or
-        attribute.hasName("JsonArrayAttribute")
-        or
-        attribute.hasName("JsonConverterAttribute")
-        or
-        attribute.hasName("JsonExtensionDataAttribute")
-        or
-        attribute.hasName("SerializableAttribute") // System.SerializableAttribute
-        or
-        attribute.hasName("DataMemberAttribute") // System.DataMemberAttribute
+        attribute
+            .hasName([
+                "JsonPropertyAttribute", "JsonDictionaryAttribute", "JsonRequiredAttribute",
+                "JsonArrayAttribute", "JsonConverterAttribute", "JsonExtensionDataAttribute",
+                "SerializableAttribute", // System.SerializableAttribute
+                "DataMemberAttribute" // System.DataMemberAttribute
+              ])
       )
       or
       // This field is a member of an explicitly serialized type
@@ -175,7 +167,7 @@ module JsonNET {
   /** Any attribute class that marks a member to not be serialized. */
   private class NotSerializedAttributeClass extends JsonClass {
     NotSerializedAttributeClass() {
-      this.hasName("JsonIgnoreAttribute") or this.hasName("NonSerializedAttribute")
+      this.hasName(["JsonIgnoreAttribute", "NonSerializedAttribute"])
     }
   }
 

csharp/ql/lib/semmle/code/csharp/frameworks/NHibernate.qll

@@ -28,15 +28,7 @@ module NHibernate {
 
     /** Gets a type parameter that specifies a mapped class. */
     TypeParameter getAMappedObjectTp() {
-      exists(string methodName |
-        methodName = "Load<>"
-        or
-        methodName = "Merge<>"
-        or
-        methodName = "Get<>"
-        or
-        methodName = "Query<>"
-      |
+      exists(string methodName | methodName = ["Load<>", "Merge<>", "Get<>", "Query<>"] |
         result = this.getAMethod(methodName).(UnboundGenericMethod).getTypeParameter(0)
       )
     }

csharp/ql/lib/semmle/code/csharp/security/PrivateData.qll

@@ -14,26 +14,22 @@ import semmle.code.csharp.frameworks.system.windows.Forms
 
 /** A string for `match` that identifies strings that look like they represent private data. */
 private string privateNames() {
-  // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
-  // Government identifiers, such as Social Security Numbers
-  result = "%social%security%number%" or
-  // Contact information, such as home addresses and telephone numbers
-  result = "%postcode%" or
-  result = "%zipcode%" or
-  result = "%telephone%" or
-  // Geographic location - where the user is (or was)
-  result = "%latitude%" or
-  result = "%longitude%" or
-  // Financial data - such as credit card numbers, salary, bank accounts, and debts
-  result = "%creditcard%" or
-  result = "%salary%" or
-  result = "%bankaccount%" or
-  // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
-  result = "%email%" or
-  result = "%mobile%" or
-  result = "%employer%" or
-  // Health - medical conditions, insurance status, prescription records
-  result = "%medical%"
+  result =
+    [
+      // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
+      // Government identifiers, such as Social Security Numbers
+      "%social%security%number%",
+      // Contact information, such as home addresses and telephone numbers
+      "%postcode%", "%zipcode%", "%telephone%",
+      // Geographic location - where the user is (or was)
+      "%latitude%", "%longitude%",
+      // Financial data - such as credit card numbers, salary, bank accounts, and debts
+      "%creditcard%", "%salary%", "%bankaccount%",
+      // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
+      "%email%", "%mobile%", "%employer%",
+      // Health - medical conditions, insurance status, prescription records
+      "%medical%"
+    ]
 }
 
 /** An expression that might contain private data. */

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll

@@ -38,12 +38,7 @@ class TraceMessageSink extends ExternalLocationSink {
       trace.hasQualifiedName("System.Diagnostics", "TraceSource")
     |
       this.getExpr() = trace.getAMethod().getACall().getArgumentForName(parameterName) and
-      (
-        parameterName = "format" or
-        parameterName = "args" or
-        parameterName = "message" or
-        parameterName = "category"
-      )
+      parameterName = ["format", "args", "message", "category"]
     )
   }
 }

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll

@@ -43,15 +43,7 @@ class AspNetQueryStringMember extends Member {
  * request.
  */
 private string getHttpRequestFlowPropertyNames() {
-  result = "QueryString" or
-  result = "Headers" or
-  result = "RawUrl" or
-  result = "Url" or
-  result = "Cookies" or
-  result = "Form" or
-  result = "Params" or
-  result = "Path" or
-  result = "PathInfo"
+  result = ["QueryString", "Headers", "RawUrl", "Url", "Cookies", "Form", "Params", "Path", "PathInfo"]
 }
 
 /** A data flow source of remote user input (ASP.NET query string). */