Java: Remove redundant condition + docs.

intrigus · intrigus · commit b1a36334954a · 2021-04-23T22:06:04.000+02:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql b/java/ql/src/experimental/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
@@ -124,7 +124,7 @@ private predicate isSigningKeySetter(Expr expr, MethodAccess signingMa) {
 }
 
 /**
- * An expr that is a `JwtParser` for which a signing key has been set and which is used as
+ * An expr that is a (sub-type of) `JwtParser` for which a signing key has been set and which is used as
  * the qualifier to a `JwtParserInsecureParseMethodAccess`.
  */
 private class JwtParserWithSigningKeyExpr extends Expr {
@@ -140,8 +140,7 @@ private class JwtParserWithSigningKeyExpr extends Expr {
 }
 
 /**
- * Models flow from `SigningKeyMethodAccess`es to expressions that are a
- * (sub-type of) `JwtParser` and which are also the qualifier to a `JwtParserInsecureParseMethodAccess`.
+ * Models flow from `SigningKeyMethodAccess`es to qualifiers of `JwtParserInsecureParseMethodAccess`es.
  * This is used to determine whether a `JwtParser` has a signing key set.
  */
 private class SigningToInsecureMethodAccessDataFlow extends DataFlow::Configuration {
@@ -152,7 +151,6 @@ private class SigningToInsecureMethodAccessDataFlow extends DataFlow::Configurat
   }
 
   override predicate isSink(DataFlow::Node sink) {
-    sink.asExpr().getType() instanceof TypeDerivedJwtParser and
     any(JwtParserInsecureParseMethodAccess ma).getQualifier() = sink.asExpr()
   }
 

Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ private predicate isSigningKeySetter(Expr expr, MethodAccess signingMa) {`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`/**`
`127`		- * An expr that is a `JwtParser` for which a signing key has been set and which is used as
	`127`	+ * An expr that is a (sub-type of) `JwtParser` for which a signing key has been set and which is used as
`128`	`128`	* the qualifier to a `JwtParserInsecureParseMethodAccess`.
`129`	`129`	`*/`
`130`	`130`	`private class JwtParserWithSigningKeyExpr extends Expr {`
`@@ -140,8 +140,7 @@ private class JwtParserWithSigningKeyExpr extends Expr {`
`140`	`140`	`}`
`141`	`141`
`142`	`142`	`/**`
`143`		- * Models flow from `SigningKeyMethodAccess`es to expressions that are a
`144`		- * (sub-type of) `JwtParser` and which are also the qualifier to a `JwtParserInsecureParseMethodAccess`.
	`143`	+ * Models flow from `SigningKeyMethodAccess`es to qualifiers of `JwtParserInsecureParseMethodAccess`es.
`145`	`144`	* This is used to determine whether a `JwtParser` has a signing key set.
`146`	`145`	`*/`
`147`	`146`	`private class SigningToInsecureMethodAccessDataFlow extends DataFlow::Configuration {`
`@@ -152,7 +151,6 @@ private class SigningToInsecureMethodAccessDataFlow extends DataFlow::Configurat`
`152`	`151`	`}`
`153`	`152`
`154`	`153`	`override predicate isSink(DataFlow::Node sink) {`
`155`		`- sink.asExpr().getType() instanceof TypeDerivedJwtParser and`
`156`	`154`	`any(JwtParserInsecureParseMethodAccess ma).getQualifier() = sink.asExpr()`
`157`	`155`	`}`
`158`	`156`