Use set literal expression

edvraa · edvraa · commit 86444bfa09e2 · 2021-04-22T09:48:46.000+03:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql
@@ -27,35 +27,23 @@ class RegexSink extends DataFlow::ExprNode {
         m.getDeclaringType() instanceof TypeString and
         (
           ma.getArgument(0) = this.asExpr() and
-          (
-            m.hasName("matches") or
-            m.hasName("split") or
-            m.hasName("replaceFirst") or
-            m.hasName("replaceAll")
-          )
+          m.hasName(["matches", "split", "replaceFirst", "replaceAll"])
         )
         or
         m.getDeclaringType().hasQualifiedName("java.util.regex", "Pattern") and
         (
           ma.getArgument(0) = this.asExpr() and
-          (
-            m.hasName("compile") or
-            m.hasName("matches")
-          )
+          m.hasName(["compile", "matches"])
         )
         or
         m.getDeclaringType().hasQualifiedName("org.apache.commons.lang3", "RegExUtils") and
         (
           ma.getArgument(1) = this.asExpr() and
           m.getParameterType(1).(Class) instanceof TypeString and
-          (
-            m.hasName("removeAll") or
-            m.hasName("removeFirst") or
-            m.hasName("removePattern") or
-            m.hasName("replaceAll") or
-            m.hasName("replaceFirst") or
-            m.hasName("replacePattern")
-          )
+          m.hasName([
+              "removeAll", "removeFirst", "removePattern", "replaceAll", "replaceFirst",
+              "replacePattern"
+            ])
         )
       )
     )

Original file line number	Diff line number	Diff line change
`@@ -27,35 +27,23 @@ class RegexSink extends DataFlow::ExprNode {`
`27`	`27`	`m.getDeclaringType() instanceof TypeString and`
`28`	`28`	`(`
`29`	`29`	`ma.getArgument(0) = this.asExpr() and`
`30`		`- (`
`31`		`- m.hasName("matches") or`
`32`		`- m.hasName("split") or`
`33`		`- m.hasName("replaceFirst") or`
`34`		`- m.hasName("replaceAll")`
`35`		`- )`
	`30`	`+ m.hasName(["matches", "split", "replaceFirst", "replaceAll"])`
`36`	`31`	`)`
`37`	`32`	`or`
`38`	`33`	`m.getDeclaringType().hasQualifiedName("java.util.regex", "Pattern") and`
`39`	`34`	`(`
`40`	`35`	`ma.getArgument(0) = this.asExpr() and`
`41`		`- (`
`42`		`- m.hasName("compile") or`
`43`		`- m.hasName("matches")`
`44`		`- )`
	`36`	`+ m.hasName(["compile", "matches"])`
`45`	`37`	`)`
`46`	`38`	`or`
`47`	`39`	`m.getDeclaringType().hasQualifiedName("org.apache.commons.lang3", "RegExUtils") and`
`48`	`40`	`(`
`49`	`41`	`ma.getArgument(1) = this.asExpr() and`
`50`	`42`	`m.getParameterType(1).(Class) instanceof TypeString and`
`51`		`- (`
`52`		`- m.hasName("removeAll") or`
`53`		`- m.hasName("removeFirst") or`
`54`		`- m.hasName("removePattern") or`
`55`		`- m.hasName("replaceAll") or`
`56`		`- m.hasName("replaceFirst") or`
`57`		`- m.hasName("replacePattern")`
`58`		`- )`
	`43`	`+ m.hasName([`
	`44`	`+ "removeAll", "removeFirst", "removePattern", "replaceAll", "replaceFirst",`
	`45`	`+ "replacePattern"`
	`46`	`+ ])`
`59`	`47`	`)`
`60`	`48`	`)`
`61`	`49`	`)`