Cleanup according to review comments.

ggolawski · ggolawski · commit aff0e0eb2505 · 2020-06-27T18:30:36.000+02:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.qhelp b/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.qhelp
@@ -27,7 +27,7 @@ and validate the expressions before evaluation.</p>
 </example>
 
 <references>
-<li>OGNL library: <a href="https://github.com/jkuhnert/ognl/">OGNL library</a>.</li>
+<li><a href="https://github.com/jkuhnert/ognl/">OGNL library</a>.</li>
 <li>Struts security: <a href="https://struts.apache.org/security/#proactively-protect-from-ognl-expression-injections-attacks-if-easily-applicable">Proactively protect from OGNL Expression Injections attacks</a>.</li>
 </references>
 </qhelp>
diff --git a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjectionLib.qll
@@ -49,7 +49,7 @@ class TypeOgnlUtil extends Class {
  */
 predicate ognlSinkMethod(Method m, int index) {
   (
-    m.getDeclaringType() instanceof TypeOgnl and index = 0
+    m.getDeclaringType() instanceof TypeOgnl
     or
     m.getDeclaringType().getAnAncestor*() instanceof TypeNode
   ) and

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ class TypeOgnlUtil extends Class {`
`49`	`49`	`*/`
`50`	`50`	`predicate ognlSinkMethod(Method m, int index) {`
`51`	`51`	`(`
`52`		`- m.getDeclaringType() instanceof TypeOgnl and index = 0`
	`52`	`+ m.getDeclaringType() instanceof TypeOgnl`
`53`	`53`	`or`
`54`	`54`	`m.getDeclaringType().getAnAncestor*() instanceof TypeNode`
`55`	`55`	`) and`