Refactor DeclaredRepository to library

JLLeitschuh · JLLeitschuh · commit 3b92f97967a5 · 2021-02-10T11:41:50.000-05:00
diff --git a/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql b/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
@@ -12,22 +12,11 @@
 import java
 import semmle.code.xml.MavenPom
 
-private class DeclaredRepository extends PomElement {
-  DeclaredRepository() {
-    this.getName() = "repository" or
-    this.getName() = "snapshotRepository" or
-    this.getName() = "pluginRepository"
-  }
-
-  string getUrl() { result = getAChild("url").(PomElement).getValue() }
-
-  predicate isBintrayRepositoryUsage() {
-    getUrl().matches("%.bintray.com%")
-  }
+predicate isBintrayRepositoryUsage(DeclaredRepository repository) {
+  repository.getUrl().matches("%.bintray.com%")
 }
 
 from DeclaredRepository repository
-where repository.isBintrayRepositoryUsage()
+where isBintrayRepositoryUsage(repository)
 select repository,
-  "Downloading or uploading artifacts to deprecated repository " +
-    repository.getUrl()
+  "Downloading or uploading artifacts to deprecated repository " + repository.getUrl()
diff --git a/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql b/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
@@ -15,22 +15,12 @@
 import java
 import semmle.code.xml.MavenPom
 
-private class DeclaredRepository extends PomElement {
-  DeclaredRepository() {
-    this.getName() = "repository" or
-    this.getName() = "snapshotRepository" or
-    this.getName() = "pluginRepository"
-  }
-
-  string getUrl() { result = getAChild("url").(PomElement).getValue() }
-
-  predicate isInsecureRepositoryUsage() {
-    getUrl().regexpMatch("(?i)^(http|ftp)://(?!localhost[:/]).*")
-  }
+predicate isInsecureRepositoryUsage(DeclaredRepository repository) {
+  repository.getUrl().regexpMatch("(?i)^(http|ftp)://(?!localhost[:/]).*")
 }
 
 from DeclaredRepository repository
-where repository.isInsecureRepositoryUsage()
+where isInsecureRepositoryUsage(repository)
 select repository,
   "Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository " +
     repository.getUrl()
diff --git a/java/ql/src/semmle/code/xml/MavenPom.qll b/java/ql/src/semmle/code/xml/MavenPom.qll
@@ -365,6 +365,17 @@ class PomProperty extends PomElement {
   PomProperty() { getParent() instanceof PomProperties }
 }
 
+/**
+ * A repository block inside of a maven pom.
+ */
+class DeclaredRepository extends PomElement {
+  DeclaredRepository() {
+    this.getName() = ["repository", "snapshotRepository", "pluginRepository"]
+  }
+
+  string getUrl() { result = getAChild("url").(PomElement).getValue() }
+}
+
 /**
  * A folder that represents a maven local repository using the standard layout. Any folder called
  * "repository" with a parent name ".m2" is considered to be a maven repository.
