github · owen-mc · Nov 28, 2025 · Nov 28, 2025 · Nov 28, 2025 · Nov 28, 2025
@@ -255,8 +255,6 @@ private predicate globalValueNumbers(DataFlow::CallNode ce, int start, GVN head,
  * methods.
  */
 class GVN extends GvnBase {
-  GVN() { this instanceof GvnBase }
-
   /** Gets a data-flow node that has this GVN. */
   DataFlow::Node getANode() { this = globalValueNumber(result) }
 

@@ -1347,7 +1347,6 @@ module Public {
   }
 }
 
-private import Private
 private import Public
 
 class SummaryPostUpdateNode extends FlowSummaryNode, PostUpdateNode {

@@ -6,7 +6,8 @@
  * @precision low
  * @problem.severity error
  * @security-severity 7.8
- * @tags security external/cwe/cwe-020
+ * @tags security
+ *       external/cwe/cwe-020
  */
 
 import go

@@ -6,7 +6,8 @@
  * @precision low
  * @problem.severity error
  * @security-severity 7.8
- * @tags security external/cwe/cwe-020
+ * @tags security
+ *       external/cwe/cwe-020
  */
 
 import go

@@ -24,7 +24,7 @@ class FieldWithTags extends FieldDecl {
    * For example: the tag `json:"word" binding:"required,alpha"` yields `key: "json", value: "word"`
    * and `key: "binding" values: "required","alpha"`.
    */
-  predicate getTagByKeyValue(string key, string value) {
+  predicate hasTagKeyValue(string key, string value) {
     exists(string tag, string key_value, string values |
       this.getTag().toString() = tag and
       // Each key_value is like key:"value1,value2"
@@ -50,7 +50,7 @@ class AlphanumericStructFieldRead extends DataFlow::Node {
     exists(FieldWithTags decl, Field field, string tag |
       this = field.getARead() and
       field.getDeclaration() = decl.getNameExpr(0) and
-      decl.getTagByKeyValue(key, tag) and
+      decl.hasTagKeyValue(key, tag) and
       isAlphanumericValidationKind(tag)
     )
   }

@@ -511,7 +511,7 @@ module DecompressionBombs {
   }
 
   /**
-   * Provides decompression bomb sinks for packages that use some standard IO interfaces/methods for reading decompressed data
+   * A standard IO function for reading decompressed data.
    */
   class GeneralReadIoSink extends Sink {
     GeneralReadIoSink() {

@@ -2,7 +2,6 @@ import go
 import utils.test.InlineFlowTest
 
 string getArgString(DataFlow::Node src, DataFlow::Node sink) {
-  exists(src) and
   result =
     "\"" + sink.toString() + " (from source " +
       src.(DataFlow::CallNode).getArgument(0).getExactValue() + ")\""

@@ -321,12 +321,7 @@ class WriteObjectMethod extends Method {
 class ReadObjectMethod extends Method {
   ReadObjectMethod() {
     this.getDeclaringType() instanceof TypeObjectInputStream and
-    (
-      this.hasName("readObject") or
-      this.hasName("readObjectOverride") or
-      this.hasName("readUnshared") or
-      this.hasName("resolveObject")
-    )
+    this.hasName(["readObject", "readObjectOverride", "readUnshared", "resolveObject"])
   }
 }
 

@@ -46,12 +46,7 @@ private class SpecialClassInstanceExpr extends ClassInstanceExpr {
   }
 
   predicate throwsNfe() {
-    this.isStringConstructor("Byte") or
-    this.isStringConstructor("Short") or
-    this.isStringConstructor("Integer") or
-    this.isStringConstructor("Long") or
-    this.isStringConstructor("Float") or
-    this.isStringConstructor("Double")
+    this.isStringConstructor(["Byte", "Short", "Integer", "Long", "Float", "Double"])
   }
 }
 

@@ -107,10 +107,7 @@ class XmlAccessType extends EnumConstant {
  */
 class JaxbMemberAnnotation extends JaxbAnnotationType {
   JaxbMemberAnnotation() {
-    this.hasName("XmlElement") or
-    this.hasName("XmlAttribute") or
-    this.hasName("XmlElementRefs") or
-    this.hasName("XmlElements")
+    this.hasName(["XmlElement", "XmlAttribute", "XmlElementRefs", "XmlElements"])
   }
 }
 

@@ -677,7 +677,7 @@ Type inheritsMatchingMethodExceptThrows(SessionEjb ejb, Method m) {
 }
 
 /**
- * Holds if `ejb` inherits an `ejbCreate` or `@Init` method matching `create` method `m`.
+ * Holds if `ejb` inherits an `ejbCreate` or `@Init` method matching `create` method `icm`.
  * (Ignores `throws` clauses.)
  */
 predicate inheritsMatchingCreateMethodIgnoreThrows(
@@ -704,7 +704,7 @@ predicate inheritsMatchingCreateMethodIgnoreThrows(
 }
 
 /**
- * If `ejb` inherits an `ejbCreate` or `@Init` method matching `create` method `m` except for the `throws` clause,
+ * If `ejb` inherits an `ejbCreate` or `@Init` method matching `create` method `icm` except for the `throws` clause,
  * then return any type in the `throws` clause that does not match.
  */
 Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEjb ejb, EjbInterfaceCreateMethod icm) {

@@ -187,13 +187,10 @@ class SpringServletInputAnnotation extends Annotation {
       a = this.getType() and
       a.getPackage().getName() = "org.springframework.web.bind.annotation"
     |
-      a.hasName("MatrixVariable") or
-      a.hasName("RequestParam") or
-      a.hasName("RequestHeader") or
-      a.hasName("CookieValue") or
-      a.hasName("RequestPart") or
-      a.hasName("PathVariable") or
-      a.hasName("RequestBody")
+      a.hasName([
+          "MatrixVariable", "RequestParam", "RequestHeader", "CookieValue", "RequestPart",
+          "PathVariable", "RequestBody"
+        ])
     )
   }
 }

@@ -40,26 +40,15 @@ class Struts2ActionClass extends Class {
       getStrutsMapperClass(this) = "org.apache.struts2.dispatcher.mapper.RestfulActionMapper"
     then
       // The "Restful" action mapper maps rest APIs to specific methods
-      result.hasName("index") or
-      result.hasName("create") or
-      result.hasName("editNew") or
-      result.hasName("view") or
-      result.hasName("remove") or
-      result.hasName("update")
+      result.hasName(["index", "create", "editNew", "view", "remove", "update"])
     else
       if
         getStrutsMapperClass(this) = "org.apache.struts2.rest.RestActionMapper" or
         getStrutsMapperClass(this) = "rest"
       then
         // The "Rest" action mapper is provided with the rest plugin, and maps rest APIs to specific
         // methods based on a "ruby-on-rails" style.
-        result.hasName("index") or
-        result.hasName("show") or
-        result.hasName("edit") or
-        result.hasName("editNew") or
-        result.hasName("create") or
-        result.hasName("update") or
-        result.hasName("destroy")
+        result.hasName(["index", "show", "edit", "editNew", "create", "update", "destroy"])
       else
         if exists(getStrutsMapperClass(this))
         then

@@ -6,7 +6,8 @@
  * @precision low
  * @problem.severity error
  * @security-severity 7.8
- * @tags security external/cwe/cwe-020
+ * @tags security
+ *       external/cwe/cwe-020
  */
 
 import java
-Original file line number
+Diff line change
@@ Expand Up / @@ -1347,7 +1347,6 @@ module Public { @@
       }
     }
-    private import Private
     private import Public
     class SummaryPostUpdateNode extends FlowSummaryNode, PostUpdateNode {
@@ Expand Down @@