Simplify StaticInitializationVectorSource

artem-smotrakov · smowton · artem-smotrakov · commit 1dd4bf00acf9 · 2021-08-26T09:42:23.000+02:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll b/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll
@@ -11,7 +11,7 @@ private predicate initializedWithConstants(ArrayCreationExpr array) {
   or
   // creating a multidimensional array with an initializer like `{ new byte[8], new byte[16] }`
   // This works around https://github.com/github/codeql/issues/6552 -- change me once there is
-  // a better way to distinguish nested initializers that create zero-filled arrays 
+  // a better way to distinguish nested initializers that create zero-filled arrays
   // (e.g. `new byte[1]`) from those with an initializer list (`new byte[] { 1 }` or just `{ 1 }`)
   array.getInit().getAnInit().getAChildExpr() instanceof IntegerLiteral
   or
@@ -85,9 +85,7 @@ private class ArrayUpdateConfig extends TaintTracking2::Configuration {
 private class StaticInitializationVectorSource extends DataFlow::Node {
   StaticInitializationVectorSource() {
     exists(StaticByteArrayCreation array | array = this.asExpr() |
-      not exists(ArrayUpdate update, ArrayUpdateConfig config |
-        config.hasFlow(DataFlow2::exprNode(array), DataFlow2::exprNode(update.getArray()))
-      )
+      not exists(ArrayUpdateConfig config | config.hasFlow(DataFlow2::exprNode(array), _))
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ private predicate initializedWithConstants(ArrayCreationExpr array) {`
`11`	`11`	`or`
`12`	`12`	// creating a multidimensional array with an initializer like `{ new byte[8], new byte[16] }`
`13`	`13`	`// This works around https://github.com/github/codeql/issues/6552 -- change me once there is`
`14`		`- // a better way to distinguish nested initializers that create zero-filled arrays`
	`14`	`+ // a better way to distinguish nested initializers that create zero-filled arrays`
`15`	`15`	// (e.g. `new byte[1]`) from those with an initializer list (`new byte[] { 1 }` or just `{ 1 }`)
`16`	`16`	`array.getInit().getAnInit().getAChildExpr() instanceof IntegerLiteral`
`17`	`17`	`or`
`@@ -85,9 +85,7 @@ private class ArrayUpdateConfig extends TaintTracking2::Configuration {`
`85`	`85`	`private class StaticInitializationVectorSource extends DataFlow::Node {`
`86`	`86`	`StaticInitializationVectorSource() {`
`87`	`87`	`exists(StaticByteArrayCreation array \| array = this.asExpr() \|`
`88`		`- not exists(ArrayUpdate update, ArrayUpdateConfig config \|`
`89`		`- config.hasFlow(DataFlow2::exprNode(array), DataFlow2::exprNode(update.getArray()))`
`90`		`- )`
	`88`	`+ not exists(ArrayUpdateConfig config \| config.hasFlow(DataFlow2::exprNode(array), _))`
`91`	`89`	`)`
`92`	`90`	`}`
`93`	`91`	`}`