Merge pull request #6960 from erik-krogh/useSetLiteral

use set literal instead of big disjunction of literals

Author: aschackmull

java/ql/lib/semmle/code/java/security/SensitiveActions.qll

@@ -14,11 +14,7 @@
 import java
 
 private string suspicious() {
-  result = "%password%" or
-  result = "%passwd%" or
-  result = "%account%" or
-  result = "%accnt%" or
-  result = "%trusted%"
+  result = ["%password%", "%passwd%", "%account%", "%accnt%", "%trusted%"]
 }
 
 private string nonSuspicious() {

java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql

@@ -111,16 +111,11 @@ predicate jdkPackage(Package p) {
     p.getName() = pkgName or
     p.getName().prefix(pkgName.length() + 1) = pkgName + "."
   |
-    pkgName = "com.sun" or
-    pkgName = "sun" or
-    pkgName = "java" or
-    pkgName = "javax" or
-    pkgName = "com.oracle.net" or
-    pkgName = "genstubs" or
-    pkgName = "jdk" or
-    pkgName = "build.tools" or
-    pkgName = "org.omg.CORBA" or
-    pkgName = "org.ietf.jgss"
+    pkgName =
+      [
+        "com.sun", "sun", "java", "javax", "com.oracle.net", "genstubs", "jdk", "build.tools",
+        "org.omg.CORBA", "org.ietf.jgss"
+      ]
   )
 }
 

java/ql/src/Security/CWE/CWE-798/SensitiveApi.qll

@@ -20,34 +20,15 @@ import MagicConstants
  * https://docs.oracle.com/javase/7/docs/api/java/lang/System.html#getProperties()
  */
 predicate isSystemProperty(string e) {
-  e = "java.version" or
-  e = "java.vendor" or
-  e = "java.vendor.url" or
-  e = "java.home" or
-  e = "java.vm.specification.version" or
-  e = "java.vm.specification.vendor" or
-  e = "java.vm.specification.name" or
-  e = "java.vm.version" or
-  e = "java.vm.vendor" or
-  e = "java.vm.name" or
-  e = "java.specification.version" or
-  e = "java.specification.vendor" or
-  e = "java.specification.name" or
-  e = "java.class.version" or
-  e = "java.class.path" or
-  e = "java.library.path" or
-  e = "java.io.tmpdir" or
-  e = "java.compiler" or
-  e = "java.ext.dirs" or
-  e = "os.name" or
-  e = "os.arch" or
-  e = "os.version" or
-  e = "file.separator" or
-  e = "path.separator" or
-  e = "line.separator" or
-  e = "user.name" or
-  e = "user.home" or
-  e = "user.dir"
+  e =
+    [
+      "java.version", "java.vendor", "java.specification.version", "java.specification.vendor",
+      "java.specification.name", "java.class.version", "java.class.path", "java.library.path",
+      "java.io.tmpdir", "java.compiler", "java.ext.dirs", "os.name", "java.vendor.url", "os.arch",
+      "os.version", "file.separator", "path.separator", "line.separator", "user.name", "user.home",
+      "user.dir", "java.home", "java.vm.specification.version", "java.vm.specification.vendor",
+      "java.vm.specification.name", "java.vm.version", "java.vm.vendor", "java.vm.name"
+    ]
 }
 
 predicate trivialContext(Literal e) {

java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsString.ql

@@ -179,15 +179,7 @@ module DOM {
       eltName = attr.getElement().getName() and
       attrName = attr.getName()
     |
-      (
-        eltName = "script" or
-        eltName = "iframe" or
-        eltName = "embed" or
-        eltName = "video" or
-        eltName = "audio" or
-        eltName = "source" or
-        eltName = "track"
-      ) and
+      eltName = ["script", "iframe", "embed", "video", "audio", "source", "track"] and
       attrName = "src"
       or
       (
@@ -258,11 +250,11 @@ module DOM {
   /** Gets a call that queries the DOM for a collection of DOM nodes. */
   private DataFlow::SourceNode domElementCollection() {
     exists(string collectionName |
-      collectionName = "getElementsByClassName" or
-      collectionName = "getElementsByName" or
-      collectionName = "getElementsByTagName" or
-      collectionName = "getElementsByTagNameNS" or
-      collectionName = "querySelectorAll"
+      collectionName =
+        [
+          "getElementsByClassName", "getElementsByName", "getElementsByTagName",
+          "getElementsByTagNameNS", "querySelectorAll"
+        ]
     |
       (
         result = documentRef().getAMethodCall(collectionName) or
@@ -274,11 +266,8 @@ module DOM {
   /** Gets a call that creates a DOM node or queries the DOM for a DOM node. */
   private DataFlow::SourceNode domElementCreationOrQuery() {
     exists(string methodName |
-      methodName = "createElement" or
-      methodName = "createElementNS" or
-      methodName = "createRange" or
-      methodName = "getElementById" or
-      methodName = "querySelector"
+      methodName =
+        ["createElement", "createElementNS", "createRange", "getElementById", "querySelector"]
     |
       result = documentRef().getAMethodCall(methodName) or
       result = DataFlow::globalVarRef(methodName).getACall()
@@ -465,11 +454,7 @@ module DOM {
     private class DefaultRange extends Range {
       DefaultRange() {
         exists(string propName | this = documentRef().getAPropertyRead(propName) |
-          propName = "documentURI" or
-          propName = "documentURIObject" or
-          propName = "location" or
-          propName = "referrer" or
-          propName = "URL"
+          propName = ["documentURI", "documentURIObject", "location", "referrer", "URL"]
         )
         or
         this = DOM::domValueRef().getAPropertyRead("baseUri")

javascript/ql/lib/semmle/javascript/DOM.qll

@@ -246,13 +246,7 @@ class File extends Container, @file {
  * A file type.
  */
 class FileType extends string {
-  FileType() {
-    this = "javascript" or
-    this = "html" or
-    this = "typescript" or
-    this = "json" or
-    this = "yaml"
-  }
+  FileType() { this = ["javascript", "html", "typescript", "json", "yaml"] }
 
   /**
    * Holds if this is the JavaScript file type.

javascript/ql/lib/semmle/javascript/Files.qll

@@ -291,13 +291,7 @@ class JSDocNamedTypeExpr extends @jsdoc_named_type_expr, JSDocTypeExpr {
 
   override predicate isNumbery() {
     exists(string name | name = getName() |
-      name = "number" or
-      name = "Number" or
-      name = "double" or
-      name = "Double" or
-      name = "int" or
-      name = "integer" or
-      name = "Integer"
+      name = ["number", "Number", "double", "Double", "int", "integer", "Integer"]
     )
   }
 

javascript/ql/lib/semmle/javascript/JSDoc.qll

@@ -1405,14 +1405,7 @@ module DataFlow {
    */
   class Incompleteness extends string {
     Incompleteness() {
-      this = "await" or
-      this = "call" or
-      this = "eval" or
-      this = "global" or
-      this = "heap" or
-      this = "import" or
-      this = "namespace" or
-      this = "yield"
+      this = ["await", "call", "eval", "global", "heap", "import", "namespace", "yield"]
     }
   }
 

javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll

@@ -29,13 +29,7 @@ newtype TypeTag =
  */
 class TypeofTag extends string {
   TypeofTag() {
-    this = "undefined" or
-    this = "boolean" or
-    this = "number" or
-    this = "string" or
-    this = "function" or
-    this = "object" or
-    this = "symbol"
+    this = ["undefined", "boolean", "number", "string", "function", "object", "symbol"]
   }
 }
 

javascript/ql/lib/semmle/javascript/dataflow/InferredTypes.qll

@@ -924,13 +924,11 @@ module TaintTracking {
         pred = invoke.getArgument(0) and
         succ = invoke
       |
-        name = "Error" or
-        name = "EvalError" or
-        name = "RangeError" or
-        name = "ReferenceError" or
-        name = "SyntaxError" or
-        name = "TypeError" or
-        name = "URIError"
+        name =
+          [
+            "Error", "EvalError", "RangeError", "ReferenceError", "SyntaxError", "TypeError",
+            "URIError"
+          ]
       )
     }
   }