remove redundant code

erik-krogh · erik-krogh · commit 4073dfaf24b5 · 2019-11-15T16:17:18.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/ExceptionXss.qll b/javascript/ql/src/semmle/javascript/security/dataflow/ExceptionXss.qll
@@ -14,29 +14,21 @@ module ExceptionXss {
   import Xss::StoredXss as StoredXss
   import Xss as XSS
 
-  DataFlow::ExceptionalInvocationReturnNode getCallerExceptionalReturn(DataFlow::FunctionNode func) {
+  DataFlow::ExceptionalInvocationReturnNode getCallerExceptionalReturn(Function func) {
     exists(DataFlow::InvokeNode call |
       not call.isImprecise() and
-      func.getFunction() = call.(DataFlow::InvokeNode).getACallee() and
+      func = call.(DataFlow::InvokeNode).getACallee() and
       result = call.getExceptionalReturn()
     )
   }
 
   DataFlow::Node getExceptionalSuccssor(DataFlow::Node pred) {
-    exists(DataFlow::FunctionNode func |
-      pred.getContainer() = func.getFunction() and
-      if exists(getEnclosingTryStmt(pred.asExpr().getEnclosingStmt()))
-      then
-        result.(DataFlow::ParameterNode).getParameter() = getEnclosingTryStmt(pred
-                .asExpr()
-                .getEnclosingStmt()).getACatchClause().getAParameter()
-      else result = getCallerExceptionalReturn(func)
-    )
-    or
-    exists(DataFlow::InvokeNode call |
-      pred = call.getExceptionalReturn() and 
-      result = getExceptionalSuccssor(call)
-    )
+    if exists(getEnclosingTryStmt(pred.asExpr().getEnclosingStmt()))
+    then
+      result.(DataFlow::ParameterNode).getParameter() = getEnclosingTryStmt(pred
+              .asExpr()
+              .getEnclosingStmt()).getACatchClause().getAParameter()
+    else result = getCallerExceptionalReturn(pred.getContainer())
   }
 
   predicate canThrowSensitiveInformation(DataFlow::Node node) {
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss.expected
@@ -9,7 +9,6 @@ nodes
 | exception-xss.js:11:18:11:18 | e |
 | exception-xss.js:11:18:11:18 | e |
 | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
-| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
 | exception-xss.js:15:9:15:11 | foo |
 | exception-xss.js:16:10:16:10 | e |
 | exception-xss.js:17:18:17:18 | e |
@@ -36,7 +35,6 @@ nodes
 | exception-xss.js:42:3:42:10 | exceptional return of inner(x) |
 | exception-xss.js:42:9:42:9 | x |
 | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
-| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
 | exception-xss.js:46:8:46:18 | "bar" + foo |
 | exception-xss.js:46:16:46:18 | foo |
 | exception-xss.js:47:10:47:10 | e |
@@ -46,7 +44,6 @@ nodes
 | exception-xss.js:75:4:75:11 | exceptional return of inner(x) |
 | exception-xss.js:75:10:75:10 | x |
 | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
-| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
 | exception-xss.js:81:16:81:18 | foo |
 | exception-xss.js:82:10:82:10 | e |
 | exception-xss.js:83:18:83:18 | e |
@@ -81,14 +78,12 @@ edges
 | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:2:9:2:31 | foo |
 | exception-xss.js:4:20:4:20 | x | exception-xss.js:5:14:5:14 | x |
 | exception-xss.js:5:14:5:14 | x | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
-| exception-xss.js:5:14:5:14 | x | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
 | exception-xss.js:5:14:5:14 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) |
 | exception-xss.js:5:14:5:14 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) |
 | exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:10:10:10 | e |
 | exception-xss.js:10:10:10:10 | e | exception-xss.js:11:18:11:18 | e |
 | exception-xss.js:10:10:10:10 | e | exception-xss.js:11:18:11:18 | e |
 | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:10:16:10 | e |
-| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:10:16:10 | e |
 | exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:20:4:20 | x |
 | exception-xss.js:16:10:16:10 | e | exception-xss.js:17:18:17:18 | e |
 | exception-xss.js:16:10:16:10 | e | exception-xss.js:17:18:17:18 | e |
@@ -106,23 +101,19 @@ edges
 | exception-xss.js:34:10:34:10 | e | exception-xss.js:35:18:35:18 | e |
 | exception-xss.js:38:16:38:16 | x | exception-xss.js:39:9:39:9 | x |
 | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
-| exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
 | exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x |
 | exception-xss.js:41:17:41:17 | x | exception-xss.js:42:9:42:9 | x |
 | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) |
 | exception-xss.js:42:9:42:9 | x | exception-xss.js:4:20:4:20 | x |
 | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:10:47:10 | e |
-| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:10:47:10 | e |
 | exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x |
 | exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo |
 | exception-xss.js:47:10:47:10 | e | exception-xss.js:48:18:48:18 | e |
 | exception-xss.js:47:10:47:10 | e | exception-xss.js:48:18:48:18 | e |
 | exception-xss.js:74:28:74:28 | x | exception-xss.js:75:10:75:10 | x |
 | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
-| exception-xss.js:75:4:75:11 | exceptional return of inner(x) | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
 | exception-xss.js:75:10:75:10 | x | exception-xss.js:4:20:4:20 | x |
 | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:10:82:10 | e |
-| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:10:82:10 | e |
 | exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x |
 | exception-xss.js:82:10:82:10 | e | exception-xss.js:83:18:83:18 | e |
 | exception-xss.js:82:10:82:10 | e | exception-xss.js:83:18:83:18 | e |
