github
diff --git a/‎javascript/ql/lib/semmle/javascript/Arrays.qll‎
Lines changed: 3 additions & 6 deletions b/‎javascript/ql/lib/semmle/javascript/Arrays.qll‎
Lines changed: 3 additions & 6 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll‎
Lines changed: 1 addition & 2 deletions b/‎javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/dataflow/internal/InterModuleTypeInference.qll‎
Lines changed: 3 additions & 2 deletions b/‎javascript/ql/lib/semmle/javascript/dataflow/internal/InterModuleTypeInference.qll‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/dataflow/internal/InterProceduralTypeInference.qll‎
Lines changed: 1 addition & 2 deletions b/‎javascript/ql/lib/semmle/javascript/dataflow/internal/InterProceduralTypeInference.qll‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/explore/BackwardDataFlow.qll‎
Lines changed: 1 addition & 3 deletions b/‎javascript/ql/lib/semmle/javascript/explore/BackwardDataFlow.qll‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/explore/ForwardDataFlow.qll‎
Lines changed: 1 addition & 3 deletions b/‎javascript/ql/lib/semmle/javascript/explore/ForwardDataFlow.qll‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll‎
Lines changed: 1 addition & 3 deletions b/‎javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll‎
Lines changed: 1 addition & 2 deletions b/‎javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/frameworks/Babel.qll‎
Lines changed: 2 additions & 4 deletions b/‎javascript/ql/lib/semmle/javascript/frameworks/Babel.qll‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll‎
Lines changed: 19 additions & 31 deletions b/‎javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll‎
Lines changed: 19 additions & 31 deletions
@@ -152,15 +152,12 @@ private module ArrayDataFlow {
   /**
    * A node that reads or writes an element from an array inside a for-loop.
    */
-  private class ArrayIndexingAccess extends DataFlow::Node {
-    DataFlow::PropRef read;
-
+  private class ArrayIndexingAccess extends DataFlow::Node instanceof DataFlow::PropRef {
     ArrayIndexingAccess() {
-      read = this and
       TTNumber() =
-        unique(InferredType type | type = read.getPropertyNameExpr().flow().analyze().getAType()) and
+        unique(InferredType type | type = super.getPropertyNameExpr().flow().analyze().getAType()) and
       exists(VarAccess i, ExprOrVarDecl init |
-        i = read.getPropertyNameExpr() and init = any(ForStmt f).getInit()
+        i = super.getPropertyNameExpr() and init = any(ForStmt f).getInit()
       |
         i.getVariable().getADefinition() = init or
         i.getVariable().getADefinition().(VariableDeclarator).getDeclStmt() = init
 
@@ -445,9 +445,8 @@ module DataFlow {
    */
   private class ReflectiveCallNode extends Node, TReflectiveCallNode {
     MethodCallExpr call;
-    string kind;
 
-    ReflectiveCallNode() { this = TReflectiveCallNode(call, kind) }
+    ReflectiveCallNode() { this = TReflectiveCallNode(call, _) }
 
     override BasicBlock getBasicBlock() { result = call.getBasicBlock() }
 
 
@@ -380,9 +380,10 @@ private class AnalyzedExportAssign extends AnalyzedPropertyWrite, DataFlow::Valu
  */
 private class AnalyzedClosureExportAssign extends AnalyzedPropertyWrite, DataFlow::ValueNode {
   override AssignExpr astNode;
-  Closure::ClosureModule mod;
 
-  AnalyzedClosureExportAssign() { astNode.getLhs() = mod.getExportsVariable().getAReference() }
+  AnalyzedClosureExportAssign() {
+    astNode.getLhs() = any(Closure::ClosureModule mod).getExportsVariable().getAReference()
+  }
 
   override predicate writes(AbstractValue baseVal, string propName, DataFlow::AnalyzedNode source) {
     baseVal = TAbstractModuleObject(astNode.getTopLevel()) and
 
@@ -302,12 +302,11 @@ private class TypeInferredMethodWithAnalyzedReturnFlow extends CallWithNonLocalA
  * Propagates receivers into locally defined callbacks of partial invocations.
  */
 private class AnalyzedThisInPartialInvokeCallback extends AnalyzedNode, DataFlow::ThisNode {
-  DataFlow::PartialInvokeNode call;
   DataFlow::Node receiver;
 
   AnalyzedThisInPartialInvokeCallback() {
     exists(DataFlow::Node callbackArg |
-      receiver = call.getBoundReceiver(callbackArg) and
+      receiver = any(DataFlow::PartialInvokeNode call).getBoundReceiver(callbackArg) and
       getBinder().flowsTo(callbackArg)
     )
   }
 
@@ -16,9 +16,7 @@
 import javascript
 
 private class BackwardExploringConfiguration extends DataFlow::Configuration {
-  DataFlow::Configuration cfg;
-
-  BackwardExploringConfiguration() { this = cfg }
+  BackwardExploringConfiguration() { this = any(DataFlow::Configuration cfg) }
 
   override predicate isSource(DataFlow::Node node) { any() }
 
 
@@ -14,9 +14,7 @@
 import javascript
 
 private class ForwardExploringConfiguration extends DataFlow::Configuration {
-  DataFlow::Configuration cfg;
-
-  ForwardExploringConfiguration() { this = cfg }
+  ForwardExploringConfiguration() { this = any(DataFlow::Configuration cfg) }
 
   override predicate isSink(DataFlow::Node node) { any() }
 
 
@@ -149,12 +149,10 @@ DataFlow::CallNode moduleRef(AngularModule m) {
  * A call to a method from the `angular.Module` API.
  */
 class ModuleApiCall extends DataFlow::CallNode {
-  /** The module on which the method is called. */
-  AngularModule mod;
   /** The name of the called method. */
   string methodName;
 
-  ModuleApiCall() { this = moduleRef(mod).getAMethodCall(methodName) }
+  ModuleApiCall() { this = moduleRef(_).getAMethodCall(methodName) }
 
   /**
    * Gets the name of the invoked method.
 
@@ -65,10 +65,9 @@ private string getInterpolatedExpressionPattern() { result = "(?<=\\{\\{).*?(?=\
  */
 private class HtmlTextNodeAsNgSourceProvider extends NgSourceProvider, HTML::TextNode {
   string source;
-  int offset;
 
   HtmlTextNodeAsNgSourceProvider() {
-    source = this.getText().regexpFind(getInterpolatedExpressionPattern(), _, offset)
+    source = this.getText().regexpFind(getInterpolatedExpressionPattern(), _, _)
   }
 
   override predicate providesSourceAt(
 
@@ -140,17 +140,15 @@ module Babel {
    */
   private class BabelRootTransformedPathExpr extends PathExpr, Expr {
     RootImportConfig plugin;
-    string rawPath;
     string prefix;
     string mappedPrefix;
     string suffix;
 
     BabelRootTransformedPathExpr() {
       this instanceof PathExpr and
       plugin.appliesTo(getTopLevel()) and
-      rawPath = getStringValue() and
-      prefix = rawPath.regexpCapture("(.)/(.*)", 1) and
-      suffix = rawPath.regexpCapture("(.)/(.*)", 2) and
+      prefix = getStringValue().regexpCapture("(.)/(.*)", 1) and
+      suffix = getStringValue().regexpCapture("(.)/(.*)", 2) and
       mappedPrefix = plugin.getRoot(prefix)
     }
 
 
@@ -378,10 +378,9 @@ private module CryptoJS {
  * A model of the TweetNaCl library.
  */
 private module TweetNaCl {
-  private class Apply extends CryptographicOperation {
+  private class Apply extends CryptographicOperation instanceof MethodCallExpr {
     Expr input;
     CryptographicAlgorithm algorithm;
-    MethodCallExpr mce;
 
     Apply() {
       /*
@@ -395,15 +394,14 @@ private module TweetNaCl {
        *      Also matches the "hash" method name, and the "nacl-fast" module.
        */
 
-      this = mce and
       exists(DataFlow::SourceNode mod, string name |
         name = "hash" and algorithm.matchesName("SHA512")
         or
         name = "sign" and algorithm.matchesName("ed25519")
       |
         (mod = DataFlow::moduleImport("nacl") or mod = DataFlow::moduleImport("nacl-fast")) and
-        mce = mod.getAMemberCall(name).asExpr() and
-        mce.getArgument(0) = input
+        this = mod.getAMemberCall(name).asExpr() and
+        super.getArgument(0) = input
       )
     }
 
@@ -440,10 +438,9 @@ private module HashJs {
     )
   }
 
-  private class Apply extends CryptographicOperation {
+  private class Apply extends CryptographicOperation instanceof MethodCallExpr {
     Expr input;
     CryptographicAlgorithm algorithm; // non-functional
-    MethodCallExpr mce;
 
     Apply() {
       /*
@@ -459,9 +456,8 @@ private module HashJs {
        *      Also matches where `hash.<algorithmName>()` has been replaced by a more specific require a la `require("hash.js/lib/hash/sha/512")`
        */
 
-      this = mce and
-      mce = getAlgorithmExpr(algorithm).getAMemberCall("update").asExpr() and
-      input = mce.getArgument(0)
+      this = getAlgorithmExpr(algorithm).getAMemberCall("update").asExpr() and
+      input = super.getArgument(0)
     }
 
     override Expr getInput() { result = input }
@@ -535,16 +531,14 @@ private module Forge {
     override CryptographicAlgorithm getAlgorithm() { result = algorithm }
   }
 
-  private class Apply extends CryptographicOperation {
+  private class Apply extends CryptographicOperation instanceof MethodCallExpr {
     Expr input;
     CryptographicAlgorithm algorithm; // non-functional
-    MethodCallExpr mce;
 
     Apply() {
-      this = mce and
       exists(Cipher cipher |
-        mce = cipher.getAMemberCall("update").asExpr() and
-        mce.getArgument(0) = input and
+        this = cipher.getAMemberCall("update").asExpr() and
+        super.getArgument(0) = input and
         algorithm = cipher.getAlgorithm()
       )
     }
@@ -596,19 +590,17 @@ private module Forge {
  * A model of the md5 library.
  */
 private module Md5 {
-  private class Apply extends CryptographicOperation {
+  private class Apply extends CryptographicOperation instanceof CallExpr {
     Expr input;
     CryptographicAlgorithm algorithm;
-    CallExpr call;
 
     Apply() {
       // `require("md5")("message");`
-      this = call and
       exists(DataFlow::SourceNode mod |
         mod = DataFlow::moduleImport("md5") and
         algorithm.matchesName("MD5") and
-        call = mod.getACall().asExpr() and
-        call.getArgument(0) = input
+        this = mod.getACall().asExpr() and
+        super.getArgument(0) = input
       )
     }
 
@@ -622,14 +614,12 @@ private module Md5 {
  * A model of the bcrypt, bcryptjs, bcrypt-nodejs libraries.
  */
 private module Bcrypt {
-  private class Apply extends CryptographicOperation {
+  private class Apply extends CryptographicOperation instanceof MethodCallExpr {
     Expr input;
     CryptographicAlgorithm algorithm;
-    MethodCallExpr mce;
 
     Apply() {
       // `require("bcrypt").hash(password);` with minor naming variations
-      this = mce and
       exists(DataFlow::SourceNode mod, string moduleName, string methodName |
         algorithm.matchesName("BCRYPT") and
         (
@@ -642,8 +632,8 @@ private module Bcrypt {
           methodName = "hashSync"
         ) and
         mod = DataFlow::moduleImport(moduleName) and
-        mce = mod.getAMemberCall(methodName).asExpr() and
-        mce.getArgument(0) = input
+        this = mod.getAMemberCall(methodName).asExpr() and
+        super.getArgument(0) = input
       )
     }
 
@@ -657,20 +647,18 @@ private module Bcrypt {
  * A model of the hasha library.
  */
 private module Hasha {
-  private class Apply extends CryptographicOperation {
+  private class Apply extends CryptographicOperation instanceof CallExpr {
     Expr input;
     CryptographicAlgorithm algorithm;
-    CallExpr call;
 
     Apply() {
       // `require('hasha')('unicorn', { algorithm: "md5" });`
-      this = call and
       exists(DataFlow::SourceNode mod, string algorithmName, Expr algorithmNameNode |
         mod = DataFlow::moduleImport("hasha") and
-        call = mod.getACall().asExpr() and
-        call.getArgument(0) = input and
+        this = mod.getACall().asExpr() and
+        super.getArgument(0) = input and
         algorithm.matchesName(algorithmName) and
-        call.hasOptionArgument(1, "algorithm", algorithmNameNode) and
+        super.hasOptionArgument(1, "algorithm", algorithmNameNode) and
         algorithmNameNode.mayHaveStringValue(algorithmName)
       )
     }
Original file line number	Diff line number	Diff line change
`@@ -302,12 +302,11 @@ private class TypeInferredMethodWithAnalyzedReturnFlow extends CallWithNonLocalA`
`302`	`302`	`* Propagates receivers into locally defined callbacks of partial invocations.`
`303`	`303`	`*/`
`304`	`304`	`private class AnalyzedThisInPartialInvokeCallback extends AnalyzedNode, DataFlow::ThisNode {`
`305`		`- DataFlow::PartialInvokeNode call;`
`306`	`305`	`DataFlow::Node receiver;`
`307`	`306`
`308`	`307`	`AnalyzedThisInPartialInvokeCallback() {`
`309`	`308`	`exists(DataFlow::Node callbackArg \|`
`310`		`- receiver = call.getBoundReceiver(callbackArg) and`
	`309`	`+ receiver = any(DataFlow::PartialInvokeNode call).getBoundReceiver(callbackArg) and`
`311`	`310`	`getBinder().flowsTo(callbackArg)`
`312`	`311`	`)`
`313`	`312`	`}`