better query quality thanks to owen

am0o0 · am0o0 · commit 4499048d8e6c · 2023-10-10T23:41:45.000+02:00
diff --git a/go/ql/src/experimental/CWE-321-V2/HardCodedKeys.ql b/go/ql/src/experimental/CWE-321-V2/HardCodedKeys.ql
@@ -20,22 +20,16 @@ module JwtParseWithConstantKeyConfig implements DataFlow::ConfigSig {
     // Find a node that has flow to a key Function argument
     // then find the first result node of this Function which is the secret key
     exists(FuncDef fd, DataFlow::Node n, DataFlow::ResultNode rn |
+      fd = n.asExpr()
+      or
+      n = fd.(FuncDecl).getFunction().getARead()
+    |
       GolangJwtKeyFunc::flow(n, _) and
       sink = rn and
-      fd = n.asExpr() and
       rn.getRoot() = fd and
       rn.getIndex() = 0
     )
     or
-    exists(Function f, DataFlow::ResultNode rn |
-      GolangJwtKeyFunc::flow(f.getARead(), _) and
-      // sink is result of a method
-      sink = rn and
-      // the method is belong to a function in which is used as a JWT function key
-      rn.getRoot() = f.getFuncDecl() and
-      rn.getIndex() = 0
-    )
-    or
     // second part is the JWT Parsing Functions that get a string or byte as an argument
     sink = any(JwtParse jp).getKeyArg()
   }
