JS: Replace '.prefix'/'.suffix' with '.matches'.

MathiasVP · MathiasVP · commit f3bb0a676e06 · 2021-10-13T13:23:07.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll
@@ -727,7 +727,7 @@ module NodeJSLib {
       result = getParameter(1).getARhs()
     }
 
-    override predicate isSync() { "Sync" = methodName.suffix(methodName.length() - 4) }
+    override predicate isSync() { methodName.matches("%Sync") }
 
     override DataFlow::Node getOptionsArg() {
       not result.getALocalSource() instanceof DataFlow::FunctionNode and // looks like callback
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/SystemCommandExecutors.qll b/javascript/ql/lib/semmle/javascript/frameworks/SystemCommandExecutors.qll
@@ -107,9 +107,7 @@ private class SystemCommandExecutors extends SystemCommandExecution, DataFlow::I
  */
 bindingset[name]
 private boolean getSync(string name) {
-  if name.suffix(name.length() - 4) = "Sync" or name.suffix(name.length() - 4) = "sync"
-  then result = true
-  else result = false
+  if name.matches("%Sync") or name.matches("%sync") then result = true else result = false
 }
 
 private class RemoteCommandExecutor extends SystemCommandExecution, DataFlow::InvokeNode {
diff --git a/javascript/ql/lib/semmle/javascript/security/UselessUseOfCat.qll b/javascript/ql/lib/semmle/javascript/security/UselessUseOfCat.qll
@@ -303,14 +303,11 @@ module PrettyPrintCatCall {
   bindingset[str]
   private string createSimplifiedStringConcat(string str) {
     // Remove an initial ""+ (e.g. in `""+file`)
-    if str.prefix(5) = "\"\" + "
+    if str.matches("\"\" + %")
     then result = str.suffix(5)
     else
       // prettify `${newpath}` to just newpath
-      if
-        str.prefix(3) = "`${" and
-        str.suffix(str.length() - 2) = "}`" and
-        not str.suffix(3).matches("%{%")
+      if str.matches("`${%") and str.matches("}`%") and not str.suffix(3).matches("%{%")
       then result = str.prefix(str.length() - 2).suffix(3)
       else result = str
   }
diff --git a/javascript/ql/src/Security/CWE-730/ServerCrash.ql b/javascript/ql/src/Security/CWE-730/ServerCrash.ql
@@ -104,7 +104,7 @@ class AsyncSentinelCall extends DataFlow::CallNode {
     exists(DataFlow::FunctionNode node | node.getAstNode() = asyncCallee |
       // manual models
       exists(string memberName |
-        not "Sync" = memberName.suffix(memberName.length() - 4) and
+        not memberName.matches("%Sync") and
         this = NodeJSLib::FS::moduleMember(memberName).getACall() and
         node = this.getCallback([1 .. 2])
       )

Original file line number	Diff line number	Diff line change
`@@ -727,7 +727,7 @@ module NodeJSLib {`
`727`	`727`	`result = getParameter(1).getARhs()`
`728`	`728`	`}`
`729`	`729`
`730`		`- override predicate isSync() { "Sync" = methodName.suffix(methodName.length() - 4) }`
	`730`	`+ override predicate isSync() { methodName.matches("%Sync") }`
`731`	`731`
`732`	`732`	`override DataFlow::Node getOptionsArg() {`
`733`	`733`	`not result.getALocalSource() instanceof DataFlow::FunctionNode and // looks like callback`
Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,7 @@ class AsyncSentinelCall extends DataFlow::CallNode {`
`104`	`104`	`exists(DataFlow::FunctionNode node \| node.getAstNode() = asyncCallee \|`
`105`	`105`	`// manual models`
`106`	`106`	`exists(string memberName \|`
`107`		`- not "Sync" = memberName.suffix(memberName.length() - 4) and`
	`107`	`+ not memberName.matches("%Sync") and`
`108`	`108`	`this = NodeJSLib::FS::moduleMember(memberName).getACall() and`
`109`	`109`	`node = this.getCallback([1 .. 2])`
`110`	`110`	`)`