Refactoring and simplification

egregius313 · atorralba · egregius313 · commit 1d345c61017d · 2022-12-31T15:00:28.000-05:00
Co-authored-by: Tony Torralba &lt;atorralba@users.noreply.github.com&gt;
diff --git a/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsPermitsContentAccess.ql b/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsPermitsContentAccess.ql
@@ -25,7 +25,6 @@ private class TypeWebViewOrSubclass extends RefType {
  */
 private class PrivateGetterMethodAccess extends MethodAccess {
   PrivateGetterMethodAccess() {
-    this instanceof MethodAccess and
     this.getMethod() instanceof GetterMethod and
     this.getMethod().isPrivate()
   }
@@ -34,7 +33,7 @@ private class PrivateGetterMethodAccess extends MethodAccess {
 /** A source for `android.webkit.WebView` objects. */
 class WebViewSource extends DataFlow::Node {
   WebViewSource() {
-    this.getType().(RefType) instanceof TypeWebViewOrSubclass and
+    this.getType() instanceof TypeWebViewOrSubclass and
     // To reduce duplicate results, we only consider WebView objects from
     // constructor and method calls, or method accesses which are cast to WebView.
     (
@@ -56,16 +55,15 @@ class WebSettingsDisallowContentAccessSink extends DataFlow::Node {
     exists(MethodAccess ma |
       ma.getQualifier() = this.asExpr() and
       ma.getMethod() instanceof AllowContentAccessMethod and
-      ma.getArgument(0).(BooleanLiteral).getBooleanValue() = false
+      ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = false
     )
   }
 }
 
 class WebViewDisallowContentAccessConfiguration extends TaintTracking::Configuration {
   WebViewDisallowContentAccessConfiguration() { this = "WebViewDisallowContentAccessConfiguration" }
 
-  override predicate isSource(DataFlow::Node node, DataFlow::FlowState state) {
-    state instanceof DataFlow::FlowStateEmpty and
+  override predicate isSource(DataFlow::Node node) {
     node instanceof WebViewSource
   }
 

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,6 @@ private class TypeWebViewOrSubclass extends RefType {`
`25`	`25`	`*/`
`26`	`26`	`private class PrivateGetterMethodAccess extends MethodAccess {`
`27`	`27`	`PrivateGetterMethodAccess() {`
`28`		`- this instanceof MethodAccess and`
`29`	`28`	`this.getMethod() instanceof GetterMethod and`
`30`	`29`	`this.getMethod().isPrivate()`
`31`	`30`	`}`
`@@ -34,7 +33,7 @@ private class PrivateGetterMethodAccess extends MethodAccess {`
`34`	`33`	/** A source for `android.webkit.WebView` objects. */
`35`	`34`	`class WebViewSource extends DataFlow::Node {`
`36`	`35`	`WebViewSource() {`
`37`		`- this.getType().(RefType) instanceof TypeWebViewOrSubclass and`
	`36`	`+ this.getType() instanceof TypeWebViewOrSubclass and`
`38`	`37`	`// To reduce duplicate results, we only consider WebView objects from`
`39`	`38`	`// constructor and method calls, or method accesses which are cast to WebView.`
`40`	`39`	`(`
`@@ -56,16 +55,15 @@ class WebSettingsDisallowContentAccessSink extends DataFlow::Node {`
`56`	`55`	`exists(MethodAccess ma \|`
`57`	`56`	`ma.getQualifier() = this.asExpr() and`
`58`	`57`	`ma.getMethod() instanceof AllowContentAccessMethod and`
`59`		`- ma.getArgument(0).(BooleanLiteral).getBooleanValue() = false`
	`58`	`+ ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = false`
`60`	`59`	`)`
`61`	`60`	`}`
`62`	`61`	`}`
`63`	`62`
`64`	`63`	`class WebViewDisallowContentAccessConfiguration extends TaintTracking::Configuration {`
`65`	`64`	`WebViewDisallowContentAccessConfiguration() { this = "WebViewDisallowContentAccessConfiguration" }`
`66`	`65`
`67`		`- override predicate isSource(DataFlow::Node node, DataFlow::FlowState state) {`
`68`		`- state instanceof DataFlow::FlowStateEmpty and`
	`66`	`+ override predicate isSource(DataFlow::Node node) {`
`69`	`67`	`node instanceof WebViewSource`
`70`	`68`	`}`
`71`	`69`