Apply suggestions from code review

smowton · web-flow · commit 3bf41491b3f1 · 2021-08-03T14:15:39.000+01:00
diff --git a/java/ql/src/semmle/code/java/frameworks/JaxWS.qll b/java/ql/src/semmle/code/java/frameworks/JaxWS.qll
@@ -308,11 +308,9 @@ class JaxRSProducesAnnotation extends JaxRSAnnotation {
    * Gets a declared content type that can be produced by this resource.
    */
   Expr getADeclaredContentTypeExpr() {
-    (
-      result = this.getAValue() and not result instanceof ArrayInit
-      or
-      result = this.getAValue().(ArrayInit).getAnInit()
-    )
+    result = this.getAValue() and not result instanceof ArrayInit
+    or
+    result = this.getAValue().(ArrayInit).getAnInit()
   }
 }
 
@@ -823,7 +821,7 @@ private predicate isXssSafeContentTypeExpr(Expr e) { isXssSafeContentType(getCon
  * This could be an instance of `Response.ResponseBuilder`, `Variant`, `Variant.VariantListBuilder` or
  * a `List<Variant>`.
  *
- * This routine is used to search forwards for response entities set after the content-type is configured.
+ * This predicate is used to search forwards for response entities set after the content-type is configured.
  * It does not need to consider cases where the entity is set in the same call, or the entity has already
  * been set: these are handled by simple sanitization below.
  */
@@ -882,7 +880,7 @@ private DataFlow::Node getABuilderWithExplicitContentType(Expr contentType) {
     )
   or
   // Recursive case: ordinary local dataflow
-  DataFlow::localFlow(getABuilderWithExplicitContentType(contentType), result)
+  DataFlow::localFlowStep(getABuilderWithExplicitContentType(contentType), result)
 }
 
 private DataFlow::Node getASanitizedBuilder() {

Original file line number	Diff line number	Diff line change
`@@ -308,11 +308,9 @@ class JaxRSProducesAnnotation extends JaxRSAnnotation {`
`308`	`308`	`* Gets a declared content type that can be produced by this resource.`
`309`	`309`	`*/`
`310`	`310`	`Expr getADeclaredContentTypeExpr() {`
`311`		`- (`
`312`		`- result = this.getAValue() and not result instanceof ArrayInit`
`313`		`- or`
`314`		`- result = this.getAValue().(ArrayInit).getAnInit()`
`315`		`- )`
	`311`	`+ result = this.getAValue() and not result instanceof ArrayInit`
	`312`	`+ or`
	`313`	`+ result = this.getAValue().(ArrayInit).getAnInit()`
`316`	`314`	`}`
`317`	`315`	`}`
`318`	`316`
`@@ -823,7 +821,7 @@ private predicate isXssSafeContentTypeExpr(Expr e) { isXssSafeContentType(getCon`
`823`	`821`	* This could be an instance of `Response.ResponseBuilder`, `Variant`, `Variant.VariantListBuilder` or
`824`	`822`	* a `List<Variant>`.
`825`	`823`	`*`
`826`		`- * This routine is used to search forwards for response entities set after the content-type is configured.`
	`824`	`+ * This predicate is used to search forwards for response entities set after the content-type is configured.`
`827`	`825`	`* It does not need to consider cases where the entity is set in the same call, or the entity has already`
`828`	`826`	`* been set: these are handled by simple sanitization below.`
`829`	`827`	`*/`
`@@ -882,7 +880,7 @@ private DataFlow::Node getABuilderWithExplicitContentType(Expr contentType) {`
`882`	`880`	`)`
`883`	`881`	`or`
`884`	`882`	`// Recursive case: ordinary local dataflow`
`885`		`- DataFlow::localFlow(getABuilderWithExplicitContentType(contentType), result)`
	`883`	`+ DataFlow::localFlowStep(getABuilderWithExplicitContentType(contentType), result)`
`886`	`884`	`}`
`887`	`885`
`888`	`886`	`private DataFlow::Node getASanitizedBuilder() {`