Merge pull request #6934 from erik-krogh/more-instanceof

Approved by MathiasVP, esbena, yoff

Author: codeql-ci

cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql

@@ -324,10 +324,8 @@ abstract class DataOutput extends Element {
 /**
  * Data that is output via standard output or standard error.
  */
-class StandardOutput extends DataOutput {
-  StandardOutput() { this instanceof OutputWrite }
-
-  override Expr getASource() { result = this.(OutputWrite).getASource() }
+class StandardOutput extends DataOutput instanceof OutputWrite {
+  override Expr getASource() { result = OutputWrite.super.getASource() }
 }
 
 private predicate socketCallOrIndirect(FunctionCall call) {

javascript/ql/lib/semmle/javascript/DOM.qll

@@ -63,29 +63,25 @@ module DOM {
   /**
    * An HTML element, viewed as an `ElementDefinition`.
    */
-  private class HtmlElementDefinition extends ElementDefinition, @xmlelement {
-    HtmlElementDefinition() { this instanceof HTML::Element }
-
-    override string getName() { result = this.(HTML::Element).getName() }
+  private class HtmlElementDefinition extends ElementDefinition, @xmlelement instanceof HTML::Element {
+    override string getName() { result = HTML::Element.super.getName() }
 
     override AttributeDefinition getAttribute(int i) {
-      result = this.(HTML::Element).getAttribute(i)
+      result = HTML::Element.super.getAttribute(i)
     }
 
-    override ElementDefinition getParent() { result = this.(HTML::Element).getParent() }
+    override ElementDefinition getParent() { result = HTML::Element.super.getParent() }
   }
 
   /**
    * A JSX element, viewed as an `ElementDefinition`.
    */
-  private class JsxElementDefinition extends ElementDefinition, @jsx_element {
-    JsxElementDefinition() { this instanceof JSXElement }
-
-    override string getName() { result = this.(JSXElement).getName() }
+  private class JsxElementDefinition extends ElementDefinition, @jsx_element instanceof JSXElement {
+    override string getName() { result = JSXElement.super.getName() }
 
-    override AttributeDefinition getAttribute(int i) { result = this.(JSXElement).getAttribute(i) }
+    override AttributeDefinition getAttribute(int i) { result = JSXElement.super.getAttribute(i) }
 
-    override ElementDefinition getParent() { result = this.(JSXElement).getJsxParent() }
+    override ElementDefinition getParent() { result = super.getJsxParent() }
   }
 
   /**
@@ -131,14 +127,12 @@ module DOM {
   /**
    * An HTML attribute, viewed as an `AttributeDefinition`.
    */
-  private class HtmlAttributeDefinition extends AttributeDefinition, @xmlattribute {
-    HtmlAttributeDefinition() { this instanceof HTML::Attribute }
-
-    override string getName() { result = this.(HTML::Attribute).getName() }
+  private class HtmlAttributeDefinition extends AttributeDefinition, @xmlattribute instanceof HTML::Attribute {
+    override string getName() { result = HTML::Attribute.super.getName() }
 
-    override string getStringValue() { result = this.(HTML::Attribute).getValue() }
+    override string getStringValue() { result = super.getValue() }
 
-    override ElementDefinition getElement() { result = this.(HTML::Attribute).getElement() }
+    override ElementDefinition getElement() { result = HTML::Attribute.super.getElement() }
   }
 
   /**

javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll

@@ -61,17 +61,15 @@ class ParameterNode extends DataFlow::SourceNode {
  * new Array(16)
  * ```
  */
-class InvokeNode extends DataFlow::SourceNode {
-  InvokeNode() { this instanceof DataFlow::Impl::InvokeNodeDef }
-
+class InvokeNode extends DataFlow::SourceNode instanceof DataFlow::Impl::InvokeNodeDef {
   /** Gets the syntactic invoke expression underlying this function invocation. */
-  InvokeExpr getInvokeExpr() { result = this.(DataFlow::Impl::InvokeNodeDef).getInvokeExpr() }
+  InvokeExpr getInvokeExpr() { result = super.getInvokeExpr() }
 
   /** Gets the name of the function or method being invoked, if it can be determined. */
-  string getCalleeName() { result = this.(DataFlow::Impl::InvokeNodeDef).getCalleeName() }
+  string getCalleeName() { result = super.getCalleeName() }
 
   /** Gets the data flow node specifying the function to be called. */
-  DataFlow::Node getCalleeNode() { result = this.(DataFlow::Impl::InvokeNodeDef).getCalleeNode() }
+  DataFlow::Node getCalleeNode() { result = super.getCalleeNode() }
 
   /**
    * Gets the data flow node corresponding to the `i`th argument of this invocation.
@@ -92,10 +90,10 @@ class InvokeNode extends DataFlow::SourceNode {
    * but the position of `z` cannot be determined, hence there are no first and second
    * argument nodes.
    */
-  DataFlow::Node getArgument(int i) { result = this.(DataFlow::Impl::InvokeNodeDef).getArgument(i) }
+  DataFlow::Node getArgument(int i) { result = super.getArgument(i) }
 
   /** Gets the data flow node corresponding to an argument of this invocation. */
-  DataFlow::Node getAnArgument() { result = this.(DataFlow::Impl::InvokeNodeDef).getAnArgument() }
+  DataFlow::Node getAnArgument() { result = super.getAnArgument() }
 
   /** Gets the data flow node corresponding to the last argument of this invocation. */
   DataFlow::Node getLastArgument() { result = getArgument(getNumArgument() - 1) }
@@ -112,12 +110,10 @@ class InvokeNode extends DataFlow::SourceNode {
    * ```
    *  .
    */
-  DataFlow::Node getASpreadArgument() {
-    result = this.(DataFlow::Impl::InvokeNodeDef).getASpreadArgument()
-  }
+  DataFlow::Node getASpreadArgument() { result = super.getASpreadArgument() }
 
   /** Gets the number of arguments of this invocation, if it can be determined. */
-  int getNumArgument() { result = this.(DataFlow::Impl::InvokeNodeDef).getNumArgument() }
+  int getNumArgument() { result = super.getNumArgument() }
 
   Function getEnclosingFunction() { result = getBasicBlock().getContainer() }
 
@@ -258,15 +254,13 @@ class InvokeNode extends DataFlow::SourceNode {
  * Math.abs(x)
  * ```
  */
-class CallNode extends InvokeNode {
-  CallNode() { this instanceof DataFlow::Impl::CallNodeDef }
-
+class CallNode extends InvokeNode instanceof DataFlow::Impl::CallNodeDef {
   /**
    * Gets the data flow node corresponding to the receiver expression of this method call.
    *
    * For example, the receiver of `x.m()` is `x`.
    */
-  DataFlow::Node getReceiver() { result = this.(DataFlow::Impl::CallNodeDef).getReceiver() }
+  DataFlow::Node getReceiver() { result = super.getReceiver() }
 }
 
 /**
@@ -279,11 +273,9 @@ class CallNode extends InvokeNode {
  * Math.abs(x)
  * ```
  */
-class MethodCallNode extends CallNode {
-  MethodCallNode() { this instanceof DataFlow::Impl::MethodCallNodeDef }
-
+class MethodCallNode extends CallNode instanceof DataFlow::Impl::MethodCallNodeDef {
   /** Gets the name of the invoked method, if it can be determined. */
-  string getMethodName() { result = this.(DataFlow::Impl::MethodCallNodeDef).getMethodName() }
+  string getMethodName() { result = super.getMethodName() }
 
   /**
    * Holds if this data flow node calls method `methodName` on receiver node `receiver`.

javascript/ql/lib/semmle/javascript/dataflow/Refinements.qll

@@ -53,21 +53,18 @@ abstract class RefinementCandidate extends Expr {
  * A refinement candidate that references at most one variable, and hence
  * can be used to refine the abstract values inferred for that variable.
  */
-class Refinement extends Expr {
-  Refinement() {
-    this instanceof RefinementCandidate and
-    count(this.(RefinementCandidate).getARefinedVar()) <= 1
-  }
+class Refinement extends Expr instanceof RefinementCandidate {
+  Refinement() { count(this.(RefinementCandidate).getARefinedVar()) <= 1 }
 
   /**
    * Gets the variable refined by this expression, if any.
    */
-  SsaSourceVariable getRefinedVar() { result = this.(RefinementCandidate).getARefinedVar() }
+  SsaSourceVariable getRefinedVar() { result = super.getARefinedVar() }
 
   /**
    * Gets a refinement value inferred for this expression in context `ctxt`.
    */
-  RefinementValue eval(RefinementContext ctxt) { result = this.(RefinementCandidate).eval(ctxt) }
+  RefinementValue eval(RefinementContext ctxt) { result = super.eval(ctxt) }
 }
 
 /** A literal, viewed as a refinement expression. */

javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll

@@ -47,10 +47,8 @@ module PolynomialReDoS {
    * A remote input to a server, seen as a source for polynomial
    * regular expression denial-of-service vulnerabilities.
    */
-  class RequestInputAccessAsSource extends Source {
-    RequestInputAccessAsSource() { this instanceof HTTP::RequestInputAccess }
-
-    override string getKind() { result = this.(HTTP::RequestInputAccess).getKind() }
+  class RequestInputAccessAsSource extends Source instanceof HTTP::RequestInputAccess {
+    override string getKind() { result = HTTP::RequestInputAccess.super.getKind() }
   }
 
   /**

javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll

@@ -39,21 +39,17 @@ module LdapInjection {
   /**
    * An LDAP filter for an API call that executes an operation against the LDAP server.
    */
-  class LdapjsSearchFilterAsSink extends Sink {
-    LdapjsSearchFilterAsSink() { this instanceof LdapjsSearchFilter }
-
+  class LdapjsSearchFilterAsSink extends Sink instanceof LdapjsSearchFilter {
     override DataFlow::InvokeNode getQueryCall() {
-      result = this.(LdapjsSearchFilter).getQueryCall()
+      result = LdapjsSearchFilter.super.getQueryCall()
     }
   }
 
   /**
    * An LDAP DN argument for an API call that executes an operation against the LDAP server.
    */
-  class LdapjsDNArgumentAsSink extends Sink {
-    LdapjsDNArgumentAsSink() { this instanceof LdapjsDNArgument }
-
-    override DataFlow::InvokeNode getQueryCall() { result = this.(LdapjsDNArgument).getQueryCall() }
+  class LdapjsDNArgumentAsSink extends Sink instanceof LdapjsDNArgument {
+    override DataFlow::InvokeNode getQueryCall() { result = LdapjsDNArgument.super.getQueryCall() }
   }
 
   /**

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll

@@ -1365,10 +1365,8 @@ module IterableUnpacking {
   }
 
   /** A (possibly recursive) target of an unpacking assignment which is also a sequence. */
-  class UnpackingAssignmentSequenceTarget extends UnpackingAssignmentTarget {
-    UnpackingAssignmentSequenceTarget() { this instanceof SequenceNode }
-
-    ControlFlowNode getElement(int i) { result = this.(SequenceNode).getElement(i) }
+  class UnpackingAssignmentSequenceTarget extends UnpackingAssignmentTarget instanceof SequenceNode {
+    ControlFlowNode getElement(int i) { result = super.getElement(i) }
 
     ControlFlowNode getAnElement() { result = this.getElement(_) }
   }

python/ql/lib/semmle/python/dataflow/old/TaintTracking.qll

@@ -639,16 +639,14 @@ module DataFlow {
     }
   }
 
-  deprecated private class ConfigurationAdapter extends TaintTracking::Configuration {
-    ConfigurationAdapter() { this instanceof Configuration }
-
+  deprecated private class ConfigurationAdapter extends TaintTracking::Configuration instanceof Configuration {
     override predicate isSource(DataFlow::Node node, TaintKind kind) {
-      this.(Configuration).isSource(node.asCfgNode()) and
+      Configuration.super.isSource(node.asCfgNode()) and
       kind instanceof DataFlowType
     }
 
     override predicate isSink(DataFlow::Node node, TaintKind kind) {
-      this.(Configuration).isSink(node.asCfgNode()) and
+      Configuration.super.isSink(node.asCfgNode()) and
       kind instanceof DataFlowType
     }
   }

python/ql/lib/semmle/python/dependencies/TechInventory.qll

@@ -14,16 +14,14 @@ string munge(File sourceFile, ExternalPackage package) {
   result = "/" + sourceFile.getRelativePath() + "<|>" + package.getName() + "<|>unknown"
 }
 
-abstract class ExternalPackage extends Object {
-  ExternalPackage() { this instanceof ModuleObject }
-
+abstract class ExternalPackage extends Object instanceof ModuleObject {
   abstract string getName();
 
   abstract string getVersion();
 
-  Object getAttribute(string name) { result = this.(ModuleObject).attr(name) }
+  Object getAttribute(string name) { result = super.attr(name) }
 
-  PackageObject getPackage() { result = this.(ModuleObject).getPackage() }
+  PackageObject getPackage() { result = super.getPackage() }
 }
 
 bindingset[text]

python/ql/lib/semmle/python/objects/ObjectAPI.qll

@@ -147,9 +147,7 @@ class Value extends TObject {
  * Class representing modules in the Python program
  * Each `ModuleValue` represents a module object in the Python program.
  */
-class ModuleValue extends Value {
-  ModuleValue() { this instanceof ModuleObjectInternal }
-
+class ModuleValue extends Value instanceof ModuleObjectInternal {
   /**
    * Holds if this module "exports" name.
    * That is, does it define `name` in `__all__` or is
@@ -159,7 +157,7 @@ class ModuleValue extends Value {
   predicate exports(string name) { PointsTo::moduleExports(this, name) }
 
   /** Gets the scope for this module, provided that it is a Python module. */
-  ModuleScope getScope() { result = this.(ModuleObjectInternal).getSourceModule() }
+  ModuleScope getScope() { result = super.getSourceModule() }
 
   /**
    * Gets the container path for this module. Will be the file for a Python module,
@@ -181,7 +179,7 @@ class ModuleValue extends Value {
   predicate isPackage() { this instanceof PackageObjectInternal }
 
   /** Whether the complete set of names "exported" by this module can be accurately determined */
-  predicate hasCompleteExportInfo() { this.(ModuleObjectInternal).hasCompleteExportInfo() }
+  predicate hasCompleteExportInfo() { super.hasCompleteExportInfo() }
 
   /** Get a module that this module imports */
   ModuleValue getAnImportedModule() { result.importedAs(this.getScope().getAnImportedModuleName()) }
@@ -452,23 +450,21 @@ class CallableValue extends Value {
  * Class representing bound-methods, such as `o.func`, where `o` is an instance
  * of a class that has a callable attribute `func`.
  */
-class BoundMethodValue extends CallableValue {
-  BoundMethodValue() { this instanceof BoundMethodObjectInternal }
-
+class BoundMethodValue extends CallableValue instanceof BoundMethodObjectInternal {
   /**
    * Gets the callable that will be used when `this` is called.
    * The actual callable for `func` in `o.func`.
    */
-  CallableValue getFunction() { result = this.(BoundMethodObjectInternal).getFunction() }
+  CallableValue getFunction() { result = super.getFunction() }
 
   /**
    * Gets the value that will be used for the `self` parameter when `this` is called.
    * The value for `o` in `o.func`.
    */
-  Value getSelf() { result = this.(BoundMethodObjectInternal).getSelf() }
+  Value getSelf() { result = super.getSelf() }
 
   /** Gets the parameter node that will be used for `self`. */
-  NameNode getSelfParameter() { result = this.(BoundMethodObjectInternal).getSelfParameter() }
+  NameNode getSelfParameter() { result = super.getSelfParameter() }
 }
 
 /**
@@ -831,12 +827,10 @@ class BuiltinMethodValue extends FunctionValue {
 /**
  * A class representing sequence objects with a length and tracked items.
  */
-class SequenceValue extends Value {
-  SequenceValue() { this instanceof SequenceObjectInternal }
+class SequenceValue extends Value instanceof SequenceObjectInternal {
+  Value getItem(int n) { result = super.getItem(n) }
 
-  Value getItem(int n) { result = this.(SequenceObjectInternal).getItem(n) }
-
-  int length() { result = this.(SequenceObjectInternal).length() }
+  int length() { result = super.length() }
 }
 
 /** A class representing tuple objects */
@@ -887,14 +881,12 @@ class NumericValue extends Value {
  * https://docs.python.org/3/howto/descriptor.html#properties
  * https://docs.python.org/3/library/functions.html#property
  */
-class PropertyValue extends Value {
-  PropertyValue() { this instanceof PropertyInternal }
-
-  CallableValue getGetter() { result = this.(PropertyInternal).getGetter() }
+class PropertyValue extends Value instanceof PropertyInternal {
+  CallableValue getGetter() { result = super.getGetter() }
 
-  CallableValue getSetter() { result = this.(PropertyInternal).getSetter() }
+  CallableValue getSetter() { result = super.getSetter() }
 
-  CallableValue getDeleter() { result = this.(PropertyInternal).getDeleter() }
+  CallableValue getDeleter() { result = super.getDeleter() }
 }
 
 /** A method-resolution-order sequence of classes */