C++: Use [, ...] syntax more widely.

geoffw0 · geoffw0 · commit 3536d84bdf5e · 2020-10-02T18:04:03.000+01:00
diff --git a/cpp/ql/src/Critical/OverflowDestination.ql b/cpp/ql/src/Critical/OverflowDestination.ql
@@ -23,10 +23,7 @@ import semmle.code.cpp.security.TaintTracking
  * ```
  */
 predicate sourceSized(FunctionCall fc, Expr src) {
-  exists(string name |
-    (name = "strncpy" or name = "strncat" or name = "memcpy" or name = "memmove") and
-    fc.getTarget().hasGlobalOrStdName(name)
-  ) and
+  fc.getTarget().hasGlobalOrStdName(["strncpy", "strncat", "memcpy", "memmove"]) and
   exists(Expr dest, Expr size, Variable v |
     fc.getArgument(0) = dest and
     fc.getArgument(1) = src and
diff --git a/cpp/ql/src/Critical/SizeCheck2.ql b/cpp/ql/src/Critical/SizeCheck2.ql
@@ -16,10 +16,7 @@ import cpp
 
 class Allocation extends FunctionCall {
   Allocation() {
-    exists(string name |
-      this.getTarget().hasGlobalOrStdName(name) and
-      (name = "malloc" or name = "calloc" or name = "realloc")
-    )
+    this.getTarget().hasGlobalOrStdName(["malloc", "calloc", "realloc"])
   }
 
   private string getName() { this.getTarget().hasGlobalOrStdName(result) }
diff --git a/cpp/ql/src/JPL_C/LOC-2/Rule 11/SimpleControlFlowJmp.ql b/cpp/ql/src/JPL_C/LOC-2/Rule 11/SimpleControlFlowJmp.ql
@@ -13,14 +13,7 @@
 import cpp
 
 class ForbiddenFunction extends Function {
-  ForbiddenFunction() {
-    exists(string name | name = this.getName() |
-      name = "setjmp" or
-      name = "longjmp" or
-      name = "sigsetjmp" or
-      name = "siglongjmp"
-    )
-  }
+  ForbiddenFunction() { this.getName() = ["setjmp", "longjmp", "sigsetjmp", "siglongjmp"] }
 }
 
 from FunctionCall call
diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql
@@ -40,9 +40,7 @@ class DateStructModifiedFieldAccess extends LeapYearFieldAccess {
  */
 class SafeTimeGatheringFunction extends Function {
   SafeTimeGatheringFunction() {
-    this.getQualifiedName() = "GetFileTime" or
-    this.getQualifiedName() = "GetSystemTime" or
-    this.getQualifiedName() = "NtQuerySystemTime"
+    this.getQualifiedName() = ["GetFileTime", "GetSystemTime", "NtQuerySystemTime"]
   }
 }
 
@@ -51,15 +49,11 @@ class SafeTimeGatheringFunction extends Function {
  */
 class TimeConversionFunction extends Function {
   TimeConversionFunction() {
-    this.getQualifiedName() = "FileTimeToSystemTime" or
-    this.getQualifiedName() = "SystemTimeToFileTime" or
-    this.getQualifiedName() = "SystemTimeToTzSpecificLocalTime" or
-    this.getQualifiedName() = "SystemTimeToTzSpecificLocalTimeEx" or
-    this.getQualifiedName() = "TzSpecificLocalTimeToSystemTime" or
-    this.getQualifiedName() = "TzSpecificLocalTimeToSystemTimeEx" or
-    this.getQualifiedName() = "RtlLocalTimeToSystemTime" or
-    this.getQualifiedName() = "RtlTimeToSecondsSince1970" or
-    this.getQualifiedName() = "_mkgmtime"
+    this.getQualifiedName() =
+      ["FileTimeToSystemTime", "SystemTimeToFileTime", "SystemTimeToTzSpecificLocalTime",
+          "SystemTimeToTzSpecificLocalTimeEx", "TzSpecificLocalTimeToSystemTime",
+          "TzSpecificLocalTimeToSystemTimeEx", "RtlLocalTimeToSystemTime",
+          "RtlTimeToSecondsSince1970", "_mkgmtime"]
   }
 }
 
diff --git a/cpp/ql/src/Microsoft/SAL.qll b/cpp/ql/src/Microsoft/SAL.qll
@@ -10,13 +10,8 @@ import cpp
  */
 class SALMacro extends Macro {
   SALMacro() {
-    exists(string filename | filename = this.getFile().getBaseName() |
-      filename = "sal.h" or
-      filename = "specstrings_strict.h" or
-      filename = "specstrings.h" or
-      filename = "w32p.h" or
-      filename = "minwindef.h"
-    ) and
+    this.getFile().getBaseName() =
+      ["sal.h", "specstrings_strict.h", "specstrings.h", "w32p.h", "minwindef.h"] and
     (
       // Dialect for Windows 8 and above
       this.getName().matches("\\_%\\_")
@@ -58,10 +53,7 @@ class SALAnnotation extends MacroInvocation {
  */
 class SALCheckReturn extends SALAnnotation {
   SALCheckReturn() {
-    exists(SALMacro m | m = this.getMacro() |
-      m.getName() = "_Check_return_" or
-      m.getName() = "_Must_inspect_result_"
-    )
+    this.getMacro().(SALMacro).getName() = ["_Check_return_", "_Must_inspect_result_"]
   }
 }
 
diff --git a/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql b/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
@@ -56,7 +56,7 @@ class VarargsFunction extends Function {
   }
 
   string normalTerminator(int cnt) {
-    (result = "0" or result = "-1") and
+    result = ["0", "-1"] and
     cnt = trailingArgValueCount(result) and
     2 * cnt > totalCount() and
     not exists(FunctionCall fc, int index |
diff --git a/cpp/ql/src/Security/CWE/CWE-676/DangerousUseOfCin.ql b/cpp/ql/src/Security/CWE/CWE-676/DangerousUseOfCin.ql
@@ -66,19 +66,14 @@ class IFStream extends Type {
  */
 class CinVariable extends NamespaceVariable {
   CinVariable() {
-    (
-      getName() = "cin" or
-      getName() = "wcin"
-    ) and
-    getNamespace().getName() = "std"
+    this.hasQualifiedName("std", ["cin", "wcin"])
   }
 }
 
 /** A call to `std::operator>>`. */
 class OperatorRShiftCall extends FunctionCall {
   OperatorRShiftCall() {
-    getTarget().getNamespace().getName() = "std" and
-    getTarget().hasName("operator>>")
+    getTarget().hasQualifiedName("std", "operator>>")
   }
 
   /*
diff --git a/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql b/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
@@ -14,12 +14,7 @@ import cpp
 
 predicate potentiallyDangerousFunction(Function f, string message) {
   exists(string name | f.hasGlobalName(name) |
-    (
-      name = "gmtime" or
-      name = "localtime" or
-      name = "ctime" or
-      name = "asctime"
-    ) and
+    name = ["gmtime", "localtime", "ctime", "asctime"] and
     message = "Call to " + name + " is potentially dangerous"
   )
 }
diff --git a/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql b/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
@@ -19,12 +19,7 @@ predicate worldWritableCreation(FileCreationExpr fc, int mode) {
 }
 
 predicate setWorldWritable(FunctionCall fc, int mode) {
-  exists(string name | fc.getTarget().getName() = name |
-    name = "chmod" or
-    name = "fchmod" or
-    name = "_chmod" or
-    name = "_wchmod"
-  ) and
+  fc.getTarget().getName() = ["chmod", "fchmod", "_chmod", "_wchmod"] and
   mode = fc.getArgument(1).getValue().toInt() and
   sets(mode, s_iwoth())
 }
diff --git a/cpp/ql/src/Security/CWE/CWE-732/FilePermissions.qll b/cpp/ql/src/Security/CWE/CWE-732/FilePermissions.qll
@@ -31,11 +31,7 @@ predicate sets(int mask, int fields) { mask.bitAnd(fields) != 0 }
  * one of the `umask` family of functions.
  */
 private int umask(FunctionCall fc) {
-  exists(string name | name = fc.getTarget().getName() |
-    name = "umask" or
-    name = "_umask" or
-    name = "_umask_s"
-  ) and
+  fc.getTarget().getName() = ["umask", "_umask", "_umask_s"] and
   result = fc.getArgument(0).getValue().toInt()
 }
 
@@ -89,11 +85,7 @@ abstract class FileCreationExpr extends FunctionCall {
 
 class OpenCreationExpr extends FileCreationExpr {
   OpenCreationExpr() {
-    exists(string name | name = this.getTarget().getName() |
-      name = "open" or
-      name = "_open" or
-      name = "_wopen"
-    ) and
+    this.getTarget().getName() = ["open", "_open", "_wopen"] and
     sets(this.getArgument(1).getValue().toInt(), o_creat())
   }
 
@@ -134,14 +126,9 @@ private int fopenMode() {
 
 class FopenCreationExpr extends FileCreationExpr {
   FopenCreationExpr() {
-    exists(string name | name = this.getTarget().getName() |
-      name = "fopen" or
-      name = "_wfopen" or
-      name = "fsopen" or
-      name = "_wfsopen"
-    ) and
+    this.getTarget().getName() = ["fopen", "_wfopen", "fsopen", "_wfsopen"] and
     exists(string mode |
-      (mode = "w" or mode = "a") and
+      mode = ["w", "a"] and
       this.getArgument(1).getValue().matches(mode + "%")
     )
   }
diff --git a/cpp/ql/src/jsf/4.09 Style/AV Rule 53.ql b/cpp/ql/src/jsf/4.09 Style/AV Rule 53.ql
@@ -18,6 +18,6 @@ import cpp
 
 from File f
 where
-  (f.getExtension().toLowerCase() = "h" or f.getExtension().toLowerCase() = "hpp") and
+  f.getExtension().toLowerCase() = ["h", "hpp"] and
   f.getExtension() != "h"
 select f, "AV Rule 53: Header files will always have a file name extension of .h."
diff --git a/cpp/ql/src/jsf/4.12 Templates/AV Rule 104.ql b/cpp/ql/src/jsf/4.12 Templates/AV Rule 104.ql
@@ -21,8 +21,8 @@ import cpp
  */
 class WarningLateTemplateSpecialization extends CompilerWarning {
   WarningLateTemplateSpecialization() {
-    this.getTag() = "partial_spec_after_instantiation" or
-    this.getTag() = "partial_spec_after_instantiation_ambiguous"
+    this.getTag() =
+      ["partial_spec_after_instantiation", "partial_spec_after_instantiation_ambiguous"]
   }
 }
 
diff --git a/cpp/ql/src/semmle/code/cpp/commons/Environment.qll b/cpp/ql/src/semmle/code/cpp/commons/Environment.qll
@@ -29,7 +29,7 @@ private predicate readsEnvironment(Expr read, string sourceDescription) {
   exists(FunctionCall call, string name |
     read = call and
     call.getTarget().hasGlobalOrStdName(name) and
-    (name = "getenv" or name = "secure_getenv" or name = "_wgetenv") and
+    name = ["getenv", "secure_getenv", "_wgetenv"] and
     sourceDescription = name
   )
 }
diff --git a/cpp/ql/src/semmle/code/cpp/commons/Printf.qll b/cpp/ql/src/semmle/code/cpp/commons/Printf.qll
@@ -9,10 +9,7 @@ import semmle.code.cpp.models.interfaces.FormattingFunction
 import semmle.code.cpp.models.implementations.Printf
 
 class PrintfFormatAttribute extends FormatAttribute {
-  PrintfFormatAttribute() {
-    getArchetype() = "printf" or
-    getArchetype() = "__printf__"
-  }
+  PrintfFormatAttribute() { getArchetype() = ["printf", "__printf__"] }
 }
 
 /**
@@ -601,12 +598,12 @@ class FormatLiteral extends Literal {
         or
         len = "l" and result = this.getLongType()
         or
-        (len = "ll" or len = "L" or len = "q") and
+        len = ["ll", "L", "q"] and
         result instanceof LongLongType
         or
         len = "j" and result = this.getIntmax_t()
         or
-        (len = "z" or len = "Z") and
+        len = ["z", "Z"] and
         (result = this.getSize_t() or result = this.getSsize_t())
         or
         len = "t" and result = this.getPtrdiff_t()
@@ -639,12 +636,12 @@ class FormatLiteral extends Literal {
         or
         len = "l" and result = this.getLongType()
         or
-        (len = "ll" or len = "L" or len = "q") and
+        len = ["ll", "L", "q"] and
         result instanceof LongLongType
         or
         len = "j" and result = this.getIntmax_t()
         or
-        (len = "z" or len = "Z") and
+        len = ["z", "Z"] and
         (result = this.getSize_t() or result = this.getSsize_t())
         or
         len = "t" and result = this.getPtrdiff_t()
@@ -670,9 +667,7 @@ class FormatLiteral extends Literal {
   FloatingPointType getFloatingPointConversion(int n) {
     exists(string len |
       len = this.getLength(n) and
-      if len = "L" or len = "ll"
-      then result instanceof LongDoubleType
-      else result instanceof DoubleType
+      if len = ["L", "ll"] then result instanceof LongDoubleType else result instanceof DoubleType
     )
   }
 
@@ -689,7 +684,7 @@ class FormatLiteral extends Literal {
         or
         len = "l" and base = this.getLongType()
         or
-        (len = "ll" or len = "L") and
+        len = ["ll", "L"] and
         base instanceof LongLongType
         or
         len = "q" and base instanceof LongLongType
@@ -736,12 +731,12 @@ class FormatLiteral extends Literal {
     exists(string len, string conv |
       this.parseConvSpec(n, _, _, _, _, _, len, conv) and
       (
-        (conv = "c" or conv = "C") and
+        conv = ["c", "C"] and
         len = "h" and
         result instanceof PlainCharType
         or
-        (conv = "c" or conv = "C") and
-        (len = "l" or len = "w") and
+        conv = ["c", "C"] and
+        len = ["l", "w"] and
         result = getWideCharType()
         or
         conv = "c" and
@@ -781,12 +776,12 @@ class FormatLiteral extends Literal {
     exists(string len, string conv |
       this.parseConvSpec(n, _, _, _, _, _, len, conv) and
       (
-        (conv = "s" or conv = "S") and
+        conv = ["s", "S"] and
         len = "h" and
         result.(PointerType).getBaseType() instanceof PlainCharType
         or
-        (conv = "s" or conv = "S") and
-        (len = "l" or len = "w") and
+        conv = ["s", "S"] and
+        len = ["l", "w"] and
         result.(PointerType).getBaseType() = getWideCharType()
         or
         conv = "s" and
@@ -823,10 +818,7 @@ class FormatLiteral extends Literal {
 
   private Type getConversionType9(int n) {
     this.getConversionChar(n) = "Z" and
-    (
-      this.getLength(n) = "l" or
-      this.getLength(n) = "w"
-    ) and
+    this.getLength(n) = ["l", "w"] and
     exists(Type t |
       t.getName() = "UNICODE_STRING" and
       result.(PointerType).getBaseType() = t
@@ -979,10 +971,7 @@ class FormatLiteral extends Literal {
           len = (afterdot.maximum(1) + 6).maximum(1 + 1 + dot + afterdot + 1 + 1 + 3)
         ) // (e.g. "-1.59203e-319")
         or
-        (
-          this.getConversionChar(n).toLowerCase() = "d" or
-          this.getConversionChar(n).toLowerCase() = "i"
-        ) and
+        this.getConversionChar(n).toLowerCase() = ["d", "i"] and
         // e.g. -2^31 = "-2147483648"
         exists(int sizeBits |
           sizeBits =
diff --git a/cpp/ql/src/semmle/code/cpp/commons/Strcat.qll b/cpp/ql/src/semmle/code/cpp/commons/Strcat.qll
@@ -8,14 +8,13 @@ import cpp
  */
 class StrcatFunction extends Function {
   StrcatFunction() {
-    exists(string name | name = getName() |
-      name = "strcat" or // strcat(dst, src)
-      name = "strncat" or // strncat(dst, src, max_amount)
-      name = "wcscat" or // wcscat(dst, src)
-      name = "_mbscat" or // _mbscat(dst, src)
-      name = "wcsncat" or // wcsncat(dst, src, max_amount)
-      name = "_mbsncat" or // _mbsncat(dst, src, max_amount)
-      name = "_mbsncat_l" // _mbsncat_l(dst, src, max_amount, locale)
-    )
+    // strcat(dst, src)
+    // strncat(dst, src, max_amount)
+    // wcscat(dst, src)
+    // _mbscat(dst, src)
+    // wcsncat(dst, src, max_amount)
+    // _mbsncat(dst, src, max_amount)
+    // _mbsncat_l(dst, src, max_amount, locale)
+    getName() = ["strcat", "strncat", "wcscat", "_mbscat", "wcsncat", "_mbsncat", "_mbsncat_l"]
   }
 }
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Gets.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Gets.qll
@@ -16,11 +16,10 @@ import semmle.code.cpp.models.interfaces.FlowSource
 class GetsFunction extends DataFlowFunction, TaintFunction, ArrayFunction, AliasFunction,
   SideEffectFunction, RemoteFlowFunction {
   GetsFunction() {
-    exists(string name | hasGlobalOrStdName(name) |
-      name = "gets" or // gets(str)
-      name = "fgets" or // fgets(str, num, stream)
-      name = "fgetws" // fgetws(wstr, num, stream)
-    )
+    // gets(str)
+    // fgets(str, num, stream)
+    // fgetws(wstr, num, stream)
+    hasGlobalOrStdName(["gets", "fgets", "fgetws"])
   }
 
   override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/IdentityFunction.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/IdentityFunction.qll
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Strcpy.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Strcpy.qll
diff --git a/cpp/ql/src/semmle/code/cpp/security/BufferWrite.qll b/cpp/ql/src/semmle/code/cpp/security/BufferWrite.qll
diff --git a/cpp/ql/src/semmle/code/cpp/security/FileWrite.qll b/cpp/ql/src/semmle/code/cpp/security/FileWrite.qll
diff --git a/cpp/ql/src/semmle/code/cpp/security/OutputWrite.qll b/cpp/ql/src/semmle/code/cpp/security/OutputWrite.qll
diff --git a/cpp/ql/src/semmle/code/cpp/security/TaintTrackingImpl.qll b/cpp/ql/src/semmle/code/cpp/security/TaintTrackingImpl.qll
diff --git a/cpp/ql/src/semmle/uml/MagicDraw.qll b/cpp/ql/src/semmle/uml/MagicDraw.qll

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ class VarargsFunction extends Function {`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`string normalTerminator(int cnt) {`
`59`		`- (result = "0" or result = "-1") and`
	`59`	`+ result = ["0", "-1"] and`
`60`	`60`	`cnt = trailingArgValueCount(result) and`
`61`	`61`	`2 * cnt > totalCount() and`
`62`	`62`	`not exists(FunctionCall fc, int index \|`
Original file line number	Diff line number	Diff line change
`@@ -14,12 +14,7 @@ import cpp`
`14`	`14`
`15`	`15`	`predicate potentiallyDangerousFunction(Function f, string message) {`
`16`	`16`	`exists(string name \| f.hasGlobalName(name) \|`
`17`		`- (`
`18`		`- name = "gmtime" or`
`19`		`- name = "localtime" or`
`20`		`- name = "ctime" or`
`21`		`- name = "asctime"`
`22`		`- ) and`
	`17`	`+ name = ["gmtime", "localtime", "ctime", "asctime"] and`
`23`	`18`	`message = "Call to " + name + " is potentially dangerous"`
`24`	`19`	`)`
`25`	`20`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,12 +19,7 @@ predicate worldWritableCreation(FileCreationExpr fc, int mode) {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`predicate setWorldWritable(FunctionCall fc, int mode) {`
`22`		`- exists(string name \| fc.getTarget().getName() = name \|`
`23`		`- name = "chmod" or`
`24`		`- name = "fchmod" or`
`25`		`- name = "_chmod" or`
`26`		`- name = "_wchmod"`
`27`		`- ) and`
	`22`	`+ fc.getTarget().getName() = ["chmod", "fchmod", "_chmod", "_wchmod"] and`
`28`	`23`	`mode = fc.getArgument(1).getValue().toInt() and`
`29`	`24`	`sets(mode, s_iwoth())`
`30`	`25`	`}`