Remove fields which are only used in char pred

Author: owen-mc

go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll

@@ -61,9 +61,8 @@ module Private {
   /** A data flow node that represents the output of a call. */
   class OutNode extends Node {
     DataFlow::CallNode call;
-    int i;
 
-    OutNode() { this = call.getResult(i) }
+    OutNode() { this = call.getResult(_) }
 
     /** Gets the underlying call. */
     DataFlowCall getCall() { result = call.asExpr() }
@@ -753,13 +752,14 @@ module Public {
    * of the function.
    */
   class ResultNode extends InstructionNode {
-    FuncDef fd;
     int i;
 
     ResultNode() {
-      exists(IR::ReturnInstruction ret | ret.getRoot() = fd | insn = ret.getResult(i))
-      or
-      insn.(IR::ReadResultInstruction).reads(fd.getResultVar(i))
+      exists(FuncDef fd |
+        exists(IR::ReturnInstruction ret | ret.getRoot() = fd | insn = ret.getResult(i))
+        or
+        insn.(IR::ReadResultInstruction).reads(fd.getResultVar(i))
+      )
     }
 
     /** Gets the index of this result among all results of the function. */
@@ -1112,12 +1112,12 @@ module Public {
    */
   class RangeElementNode extends Node {
     DataFlow::Node base;
-    IR::ExtractTupleElementInstruction extract;
 
     RangeElementNode() {
-      this.asInstruction() = extract and
-      extract.extractsElement(_, 1) and
-      extract.getBase().(IR::GetNextEntryInstruction).getDomain() = base.asInstruction()
+      exists(IR::ExtractTupleElementInstruction extract | extract = this.asInstruction() |
+        extract.extractsElement(_, 1) and
+        extract.getBase().(IR::GetNextEntryInstruction).getDomain() = base.asInstruction()
+      )
     }
 
     /** Gets the data-flow node representing the base from which the element is read. */

go/ql/lib/semmle/go/frameworks/Beego.qll

@@ -51,13 +51,9 @@ module Beego {
    */
   private class BeegoInputSource extends UntrustedFlowSource::Range {
     string methodName;
-    FunctionOutput output;
 
     BeegoInputSource() {
-      exists(DataFlow::MethodCallNode c | this = output.getExitNode(c) |
-        c.getTarget().hasQualifiedName(contextPackagePath(), "BeegoInput", methodName)
-      ) and
-      (
+      exists(FunctionOutput output |
         methodName = "Bind" and
         output.isParameter(0)
         or
@@ -66,6 +62,10 @@ module Beego {
             "URI", "URL", "UserAgent"
           ] and
         output.isResult(0)
+      |
+        exists(DataFlow::MethodCallNode c | this = output.getExitNode(c) |
+          c.getTarget().hasQualifiedName(contextPackagePath(), "BeegoInput", methodName)
+        )
       )
     }
 
@@ -81,16 +81,8 @@ module Beego {
    * `beego.Controller` sources of untrusted data.
    */
   private class BeegoControllerSource extends UntrustedFlowSource::Range {
-    string methodName;
-    FunctionOutput output;
-
     BeegoControllerSource() {
-      exists(DataFlow::MethodCallNode c |
-        c.getTarget().hasQualifiedName(packagePath(), "Controller", methodName)
-      |
-        this = output.getExitNode(c)
-      ) and
-      (
+      exists(string methodName, FunctionOutput output |
         methodName = "ParseForm" and
         output.isParameter(0)
         or
@@ -99,6 +91,12 @@ module Beego {
         or
         methodName = "GetFile" and
         output.isResult(1)
+      |
+        exists(DataFlow::MethodCallNode c |
+          c.getTarget().hasQualifiedName(packagePath(), "Controller", methodName)
+        |
+          this = output.getExitNode(c)
+        )
       )
     }
   }
@@ -225,10 +223,8 @@ module Beego {
   }
 
   private class ContextResponseBody extends Http::ResponseBody::Range {
-    string name;
-
     ContextResponseBody() {
-      exists(Method m | m.hasQualifiedName(contextPackagePath(), "Context", name) |
+      exists(Method m, string name | m.hasQualifiedName(contextPackagePath(), "Context", name) |
         name = "Abort" and this = m.getACall().getArgument(1)
         or
         name = "WriteString" and this = m.getACall().getArgument(0)
@@ -326,16 +322,17 @@ module Beego {
   }
 
   private class RedirectMethods extends Http::Redirect::Range, DataFlow::CallNode {
-    string package;
     string className;
 
     RedirectMethods() {
-      (
-        package = packagePath() and className = "Controller"
-        or
-        package = contextPackagePath() and className = "Context"
-      ) and
-      this = any(Method m | m.hasQualifiedName(package, className, "Redirect")).getACall()
+      exists(string package |
+        (
+          package = packagePath() and className = "Controller"
+          or
+          package = contextPackagePath() and className = "Context"
+        ) and
+        this = any(Method m | m.hasQualifiedName(package, className, "Redirect")).getACall()
+      )
     }
 
     override DataFlow::Node getUrl() {

go/ql/lib/semmle/go/frameworks/Echo.qll

@@ -43,17 +43,15 @@ private module Echo {
    * Models of `Context.Get/Set`. `Context` behaves like a map, with corresponding taint propagation.
    */
   private class ContextMapModels extends TaintTracking::FunctionModel, Method {
-    string methodName;
     FunctionInput input;
     FunctionOutput output;
 
     ContextMapModels() {
-      (
+      exists(string methodName | this.hasQualifiedName(packagePath(), "Context", methodName) |
         methodName = "Get" and input.isReceiver() and output.isResult()
         or
         methodName = "Set" and input.isParameter(1) and output.isReceiver()
-      ) and
-      this.hasQualifiedName(packagePath(), "Context", methodName)
+      )
     }
 
     override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {

go/ql/lib/semmle/go/frameworks/K8sIoApiCoreV1.qll

@@ -10,16 +10,16 @@ module K8sIoApiCoreV1 {
   string packagePath() { result = package("k8s.io/api", "core/v1") }
 
   private class SecretDeepCopy extends TaintTracking::FunctionModel, Method {
-    string methodName;
     FunctionOutput output;
 
     SecretDeepCopy() {
-      (
+      exists(string methodName |
         methodName in ["DeepCopy", "DeepCopyObject"] and output.isResult()
         or
         methodName = "DeepCopyInto" and output.isParameter(0)
-      ) and
-      this.hasQualifiedName(packagePath(), ["Secret", "SecretList"], methodName)
+      |
+        this.hasQualifiedName(packagePath(), ["Secret", "SecretList"], methodName)
+      )
     }
 
     override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {

go/ql/lib/semmle/go/frameworks/Revel.qll

@@ -201,11 +201,9 @@ module Revel {
   private class RevelHeaderMethods extends TaintTracking::FunctionModel {
     FunctionInput input;
     FunctionOutput output;
-    string name;
 
     RevelHeaderMethods() {
-      this.(Method).hasQualifiedName(packagePath(), "RevelHeader", name) and
-      (
+      exists(string name | this.(Method).hasQualifiedName(packagePath(), "RevelHeader", name) |
         name = ["Add", "Set"] and input.isParameter([0, 1]) and output.isReceiver()
         or
         name = ["Get", "GetAll"] and input.isReceiver() and output.isResult()

go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll

@@ -57,13 +57,12 @@ module NetHttp {
   }
 
   private class MapWrite extends Http::HeaderWrite::Range, DataFlow::Node {
-    Write write;
     DataFlow::Node index;
     DataFlow::Node rhs;
 
     MapWrite() {
       this.getType().hasQualifiedName("net/http", "Header") and
-      write.writesElement(this, index, rhs)
+      any(Write write).writesElement(this, index, rhs)
     }
 
     override DataFlow::Node getName() { result = index }

go/ql/src/experimental/frameworks/CleverGo.qll

@@ -175,18 +175,14 @@ private module CleverGo {
    * Models HTTP redirects.
    */
   private class HttpRedirect extends Http::Redirect::Range, DataFlow::CallNode {
-    string package;
     DataFlow::Node urlNode;
 
     HttpRedirect() {
       // HTTP redirect models for package: clevergo.tech/clevergo@v0.5.2
-      package = packagePath() and
       // Receiver type: Context
-      (
-        // signature: func (*Context) Redirect(code int, url string) error
-        this = any(Method m | m.hasQualifiedName(package, "Context", "Redirect")).getACall() and
-        urlNode = this.getArgument(1)
-      )
+      // signature: func (*Context) Redirect(code int, url string) error
+      this = any(Method m | m.hasQualifiedName(packagePath(), "Context", "Redirect")).getACall() and
+      urlNode = this.getArgument(1)
     }
 
     override DataFlow::Node getUrl() { result = urlNode }

go/ql/src/experimental/frameworks/Fiber.qll

@@ -130,18 +130,14 @@ private module Fiber {
    * Models HTTP redirects.
    */
   private class Redirect extends Http::Redirect::Range, DataFlow::CallNode {
-    string package;
     DataFlow::Node urlNode;
 
     Redirect() {
       // HTTP redirect models for package: github.com/gofiber/fiber@v1.14.6
-      package = fiberPackagePath() and
       // Receiver type: Ctx
-      (
-        // signature: func (*Ctx) Redirect(location string, status ...int)
-        this = any(Method m | m.hasQualifiedName(package, "Ctx", "Redirect")).getACall() and
-        urlNode = this.getArgument(0)
-      )
+      // signature: func (*Ctx) Redirect(location string, status ...int)
+      this = any(Method m | m.hasQualifiedName(fiberPackagePath(), "Ctx", "Redirect")).getACall() and
+      urlNode = this.getArgument(0)
     }
 
     override DataFlow::Node getUrl() { result = urlNode }