Restrict logic for checking for id parameters on index expressions for performance

joefarebrother · joefarebrother · commit 68ad5b7c003d · 2023-09-15T16:35:29.000+01:00
diff --git a/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll
@@ -2,7 +2,6 @@
 
 import csharp
 import semmle.code.csharp.dataflow.flowsources.Remote
-import DataFlow as DF
 import TaintTracking as TT
 import ActionMethods
 
@@ -26,7 +25,7 @@ private predicate hasIdParameter(ActionMethod m) {
     exists(StringLiteral idStr, IndexerCall idx |
       idStr.getValue().toLowerCase().matches(["%id", "%idx"]) and
       TT::localTaint(src, DataFlow::exprNode(idx.getQualifier())) and
-      DF::localExprFlow(idStr, idx.getArgument(0))
+      idStr = idx.getArgument(0)
     )
   )
 }

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,6 @@`
`2`	`2`
`3`	`3`	`import csharp`
`4`	`4`	`import semmle.code.csharp.dataflow.flowsources.Remote`
`5`		`-import DataFlow as DF`
`6`	`5`	`import TaintTracking as TT`
`7`	`6`	`import ActionMethods`
`8`	`7`
`@@ -26,7 +25,7 @@ private predicate hasIdParameter(ActionMethod m) {`
`26`	`25`	`exists(StringLiteral idStr, IndexerCall idx \|`
`27`	`26`	`idStr.getValue().toLowerCase().matches(["%id", "%idx"]) and`
`28`	`27`	`TT::localTaint(src, DataFlow::exprNode(idx.getQualifier())) and`
`29`		`- DF::localExprFlow(idStr, idx.getArgument(0))`
	`28`	`+ idStr = idx.getArgument(0)`
`30`	`29`	`)`
`31`	`30`	`)`
`32`	`31`	`}`