Write out whole function names

owen-mc · owen-mc · commit 68a661f3c7e5 · 2024-06-19T21:58:31.000+01:00
diff --git a/go/ql/lib/semmle/go/frameworks/BeegoOrm.qll b/go/ql/lib/semmle/go/frameworks/BeegoOrm.qll
@@ -18,11 +18,13 @@ module BeegoOrm {
     DbSink() {
       exists(Method m, string methodName, int argNum |
         m.hasQualifiedName(packagePath(), "DB", methodName) and
-        methodName in [
-            "Exec", "ExecContext", "Prepare", "PrepareContext", "Query", "QueryContext", "QueryRow",
-            "QueryRowContext"
-          ] and
-        if methodName.matches("%Context") then argNum = 1 else argNum = 0
+        (
+          methodName = ["Exec", "Prepare", "Query", "QueryRow"] and
+          argNum = 0
+          or
+          methodName = ["ExecContext", "PrepareContext", "QueryContext", "QueryRowContext"] and
+          argNum = 1
+        )
       |
         this = m.getACall().getArgument(argNum)
       )
diff --git a/go/ql/lib/semmle/go/frameworks/Logrus.qll b/go/ql/lib/semmle/go/frameworks/Logrus.qll
@@ -15,7 +15,9 @@ module Logrus {
   }
 
   bindingset[result]
-  private string getAnEntryUpdatingMethodName() { result.regexpMatch("With(Error|Fields?|Time)") }
+  private string getAnEntryUpdatingMethodName() {
+    result = ["WithError", "WithField", "WithFields", "WithTime"]
+  }
 
   private class LogFunction extends Function {
     LogFunction() {
diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll b/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll
@@ -13,7 +13,10 @@ module Fmt {
    * The `Sprint` or `Append` functions or one of their variants.
    */
   deprecated class AppenderOrSprinter extends TaintTracking::FunctionModel {
-    AppenderOrSprinter() { this.hasQualifiedName("fmt", ["Append", "Sprint"] + ["", "f", "ln"]) }
+    AppenderOrSprinter() {
+      this.hasQualifiedName("fmt",
+        ["Append", "Appendf", "Appendln", "Sprint", "Sprintf", "Sprintln"])
+    }
 
     override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
       inp.isParameter(_) and outp.isResult()
@@ -23,13 +26,14 @@ module Fmt {
   /** The `Sprint` or `Append` functions or one of their variants. */
   class AppenderOrSprinterFunc extends Function {
     AppenderOrSprinterFunc() {
-      this.hasQualifiedName("fmt", ["Append", "Sprint"] + ["", "f", "ln"])
+      this.hasQualifiedName("fmt",
+        ["Append", "Appendf", "Appendln", "Sprint", "Sprintf", "Sprintln"])
     }
   }
 
   /** The `Sprint` function or one of its variants. */
   class Sprinter extends AppenderOrSprinterFunc {
-    Sprinter() { this.getName().matches("Sprint%") }
+    Sprinter() { this.getName() = ["Sprint", "Sprintf", "Sprintln"] }
   }
 
   /** The `Print` function or one of its variants. */
diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/HtmlTemplate.qll b/go/ql/lib/semmle/go/frameworks/stdlib/HtmlTemplate.qll
@@ -11,11 +11,11 @@ module HtmlTemplate {
 
     TemplateEscape() {
       exists(string fn |
-        fn.matches("HTMLEscape%") and kind = "html"
+        fn = ["HTMLEscape", "HTMLEscapeString", "HTMLEscaper"] and kind = "html"
         or
-        fn.matches("JSEscape%") and kind = "js"
+        fn = ["JSEscape", "JSEscapeString", "JSEscaper"] and kind = "js"
         or
-        fn.matches("URLQueryEscape%") and kind = "url"
+        fn = "URLQueryEscaper" and kind = "url"
       |
         this.hasQualifiedName("html/template", fn)
       )
diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll b/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll
@@ -11,7 +11,9 @@ module Log {
 
     LogFunction() {
       exists(string fn |
-        fn.matches(["Fatal%", "Panic%", "Print%"]) and firstPrintedArg = 0
+        fn =
+          ["Fatal", "Fatalf", "Fatalln", "Panic", "Panicf", "Panicln", "Print", "Printf", "Println"] and
+        firstPrintedArg = 0
         or
         fn = "Output" and firstPrintedArg = 1
       |
@@ -25,7 +27,7 @@ module Log {
   }
 
   private class LogFormatter extends StringOps::Formatting::Range instanceof LogFunction {
-    LogFormatter() { this.getName().matches("%f") }
+    LogFormatter() { this.getName() = ["Fatalf", "Panicf", "Printf"] }
 
     override int getFormatStringIndex() { result = 0 }
   }
@@ -42,9 +44,7 @@ module Log {
 
   /** A fatal log function, which calls `os.Exit`. */
   private class FatalLogFunction extends Function {
-    FatalLogFunction() {
-      exists(string fn | fn.matches("Fatal%") | this.hasQualifiedName("log", fn))
-    }
+    FatalLogFunction() { this.hasQualifiedName("log", ["Fatal", "Fatalf", "Fatalln"]) }
 
     override predicate mayReturnNormally() { none() }
   }

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,9 @@ module Logrus {`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`bindingset[result]`
`18`		`- private string getAnEntryUpdatingMethodName() { result.regexpMatch("With(Error\|Fields?\|Time)") }`
	`18`	`+ private string getAnEntryUpdatingMethodName() {`
	`19`	`+ result = ["WithError", "WithField", "WithFields", "WithTime"]`
	`20`	`+ }`
`19`	`21`
`20`	`22`	`private class LogFunction extends Function {`
`21`	`23`	`LogFunction() {`
Original file line number	Diff line number	Diff line change
`@@ -11,11 +11,11 @@ module HtmlTemplate {`
`11`	`11`
`12`	`12`	`TemplateEscape() {`
`13`	`13`	`exists(string fn \|`
`14`		`- fn.matches("HTMLEscape%") and kind = "html"`
	`14`	`+ fn = ["HTMLEscape", "HTMLEscapeString", "HTMLEscaper"] and kind = "html"`
`15`	`15`	`or`
`16`		`- fn.matches("JSEscape%") and kind = "js"`
	`16`	`+ fn = ["JSEscape", "JSEscapeString", "JSEscaper"] and kind = "js"`
`17`	`17`	`or`
`18`		`- fn.matches("URLQueryEscape%") and kind = "url"`
	`18`	`+ fn = "URLQueryEscaper" and kind = "url"`
`19`	`19`	`\|`
`20`	`20`	`this.hasQualifiedName("html/template", fn)`
`21`	`21`	`)`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,9 @@ module Log {`
`11`	`11`
`12`	`12`	`LogFunction() {`
`13`	`13`	`exists(string fn \|`
`14`		`- fn.matches(["Fatal%", "Panic%", "Print%"]) and firstPrintedArg = 0`
	`14`	`+ fn =`
	`15`	`+ ["Fatal", "Fatalf", "Fatalln", "Panic", "Panicf", "Panicln", "Print", "Printf", "Println"] and`
	`16`	`+ firstPrintedArg = 0`
`15`	`17`	`or`
`16`	`18`	`fn = "Output" and firstPrintedArg = 1`
`17`	`19`	`\|`
`@@ -25,7 +27,7 @@ module Log {`
`25`	`27`	`}`
`26`	`28`
`27`	`29`	`private class LogFormatter extends StringOps::Formatting::Range instanceof LogFunction {`
`28`		`- LogFormatter() { this.getName().matches("%f") }`
	`30`	`+ LogFormatter() { this.getName() = ["Fatalf", "Panicf", "Printf"] }`
`29`	`31`
`30`	`32`	`override int getFormatStringIndex() { result = 0 }`
`31`	`33`	`}`
`@@ -42,9 +44,7 @@ module Log {`
`42`	`44`
`43`	`45`	/** A fatal log function, which calls `os.Exit`. */
`44`	`46`	`private class FatalLogFunction extends Function {`
`45`		`- FatalLogFunction() {`
`46`		`- exists(string fn \| fn.matches("Fatal%") \| this.hasQualifiedName("log", fn))`
`47`		`- }`
	`47`	`+ FatalLogFunction() { this.hasQualifiedName("log", ["Fatal", "Fatalf", "Fatalln"]) }`
`48`	`48`
`49`	`49`	`override predicate mayReturnNormally() { none() }`
`50`	`50`	`}`