Merge pull request github#12127 from smowton/smowton/perf/golang-less-string-construction

smowton · web-flow · commit 99bed0b08990 · 2023-02-08T11:07:39.000Z
Go: Consolidate repeated calls to `matches` and `regexpMatch`
diff --git a/go/ql/lib/semmle/go/Comments.qll b/go/ql/lib/semmle/go/Comments.qll
@@ -208,12 +208,8 @@ class BuildConstraintComment extends LineComment {
       this = getInitialComment(f, i) and
       not getInitialComment(f, [0 .. i - 1]) instanceof BlockComment
     ) and
-    (
-      // comment text starts with `+build` or `go:build`
-      this.getText().regexpMatch("\\s*\\+build.*")
-      or
-      this.getText().regexpMatch("\\s*go:build.*")
-    )
+    // comment text starts with `+build` or `go:build`
+    this.getText().regexpMatch("\\s*(\\+|go:)build.*")
   }
 
   override string getAPrimaryQlClass() { result = "BuildConstraintComment" }
diff --git a/go/ql/lib/semmle/go/frameworks/Logrus.qll b/go/ql/lib/semmle/go/frameworks/Logrus.qll
@@ -11,10 +11,7 @@ module Logrus {
 
   bindingset[result]
   private string getALogResultName() {
-    result
-        .matches([
-            "Debug%", "Error%", "Fatal%", "Info%", "Log%", "Panic%", "Print%", "Trace%", "Warn%"
-          ])
+    result.regexpMatch("(Debug|Error|Fatal|Info|Log|Panic|Print|Trace|Warn).*")
   }
 
   bindingset[result]
diff --git a/go/ql/lib/semmle/go/frameworks/Revel.qll b/go/ql/lib/semmle/go/frameworks/Revel.qll
@@ -91,7 +91,7 @@ module Revel {
   }
 
   private string contentTypeFromFilename(DataFlow::Node filename) {
-    if filename.getStringValue().toLowerCase().matches(["%.htm", "%.html"])
+    if filename.getStringValue().regexpMatch("(?i).*\\.html?")
     then result = "text/html"
     else result = "application/octet-stream"
     // Actually Revel can figure out a variety of other content-types, but none of our analyses care to
diff --git a/go/ql/lib/semmle/go/security/SensitiveActions.qll b/go/ql/lib/semmle/go/security/SensitiveActions.qll
@@ -233,10 +233,9 @@ module PasswordHeuristics {
   predicate isDummyPassword(string password) {
     password.length() < 4
     or
-    exists(string normalized | normalized = password.toLowerCase() |
-      count(normalized.charAt(_)) = 1 or
-      normalized
-          .regexpMatch(".*(pass|test|sample|example|secret|root|admin|user|change|auth|redacted|0123456789).*")
-    )
+    count(password.charAt(_)) <= 2 // aaaaaaaa or bBbBbB or ghghghghghgh or the like
+    or
+    password
+        .regexpMatch("(?i).*(pass|test|sample|example|secret|root|admin|user|change|auth|redacted|0123456789).*")
   }
 }
diff --git a/go/ql/src/Security/CWE-209/StackTraceExposure.ql b/go/ql/src/Security/CWE-209/StackTraceExposure.ql
@@ -26,10 +26,7 @@ class DebugModeFlag extends FlagKind {
 
   bindingset[result]
   override string getAFlagName() {
-    result
-        .toLowerCase()
-        .matches("%" + ["trace", "debug", "devel", "enablestack", "disablestack", "printstack"] +
-            "%")
+    result.regexpMatch("(?i).*(trace|debug|devel|((en|dis)able|print)stack).*")
   }
 }
 
diff --git a/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql b/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql
@@ -45,7 +45,7 @@ class InsecureCertificateFlag extends FlagKind {
 
   bindingset[result]
   override string getAFlagName() {
-    result.toLowerCase().matches("%" + ["selfcert", "selfsign", "validat", "verif", "trust"] + "%")
+    result.regexpMatch("(?i).*(selfcert|selfsign|validat|verif|trust).*")
   }
 }
 
diff --git a/go/ql/src/Security/CWE-327/InsecureTLS.ql b/go/ql/src/Security/CWE-327/InsecureTLS.ql
@@ -240,9 +240,7 @@ class LegacyTlsVersionFlag extends FlagKind {
   LegacyTlsVersionFlag() { this = "legacyTlsVersion" }
 
   bindingset[result]
-  override string getAFlagName() {
-    result.toLowerCase().matches("%" + ["old", "intermediate", "legacy"] + "%")
-  }
+  override string getAFlagName() { result.regexpMatch("(?i).*(old|intermediate|legacy).*") }
 }
 
 /**
diff --git a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
@@ -23,9 +23,7 @@ class AllowedFlag extends FlagKind {
 
   bindingset[result]
   override string getAFlagName() {
-    result
-        .toLowerCase()
-        .matches("%" + ["allow", "match", "check", "debug", "devel", "insecure"] + "%")
+    result.regexpMatch("(?i).*(allow|match|check|debug|devel|insecure).*")
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ module Revel {`
`91`	`91`	`}`
`92`	`92`
`93`	`93`	`private string contentTypeFromFilename(DataFlow::Node filename) {`
`94`		`- if filename.getStringValue().toLowerCase().matches(["%.htm", "%.html"])`
	`94`	`+ if filename.getStringValue().regexpMatch("(?i).*\\.html?")`
`95`	`95`	`then result = "text/html"`
`96`	`96`	`else result = "application/octet-stream"`
`97`	`97`	`// Actually Revel can figure out a variety of other content-types, but none of our analyses care to`
Original file line number	Diff line number	Diff line change
`@@ -26,10 +26,7 @@ class DebugModeFlag extends FlagKind {`
`26`	`26`
`27`	`27`	`bindingset[result]`
`28`	`28`	`override string getAFlagName() {`
`29`		`- result`
`30`		`- .toLowerCase()`
`31`		`- .matches("%" + ["trace", "debug", "devel", "enablestack", "disablestack", "printstack"] +`
`32`		`- "%")`
	`29`	`+ result.regexpMatch("(?i).(trace\|debug\|devel\|((en\|dis)able\|print)stack).")`
`33`	`30`	`}`
`34`	`31`	`}`
`35`	`32`
Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ class InsecureCertificateFlag extends FlagKind {`
`45`	`45`
`46`	`46`	`bindingset[result]`
`47`	`47`	`override string getAFlagName() {`
`48`		`- result.toLowerCase().matches("%" + ["selfcert", "selfsign", "validat", "verif", "trust"] + "%")`
	`48`	`+ result.regexpMatch("(?i).(selfcert\|selfsign\|validat\|verif\|trust).")`
`49`	`49`	`}`
`50`	`50`	`}`
`51`	`51`
Original file line number	Diff line number	Diff line change
`@@ -240,9 +240,7 @@ class LegacyTlsVersionFlag extends FlagKind {`
`240`	`240`	`LegacyTlsVersionFlag() { this = "legacyTlsVersion" }`
`241`	`241`
`242`	`242`	`bindingset[result]`
`243`		`- override string getAFlagName() {`
`244`		`- result.toLowerCase().matches("%" + ["old", "intermediate", "legacy"] + "%")`
`245`		`- }`
	`243`	`+ override string getAFlagName() { result.regexpMatch("(?i).(old\|intermediate\|legacy).") }`
`246`	`244`	`}`
`247`	`245`
`248`	`246`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -23,9 +23,7 @@ class AllowedFlag extends FlagKind {`
`23`	`23`
`24`	`24`	`bindingset[result]`
`25`	`25`	`override string getAFlagName() {`
`26`		`- result`
`27`		`- .toLowerCase()`
`28`		`- .matches("%" + ["allow", "match", "check", "debug", "devel", "insecure"] + "%")`
	`26`	`+ result.regexpMatch("(?i).(allow\|match\|check\|debug\|devel\|insecure).")`
`29`	`27`	`}`
`30`	`28`	`}`
`31`	`29`