Merge pull request #2488 from geoffw0/speedup2

CPP: Speed up SensitiveExprs.qll

Author: Robert Marsh

cpp/ql/src/semmle/code/cpp/security/SensitiveExprs.qll

@@ -1,37 +1,32 @@
 import cpp
 
-private string suspicious() {
-  result = "%password%" or
-  result = "%passwd%" or
-  result = "%account%" or
-  result = "%accnt%" or
-  result = "%trusted%"
+bindingset[s]
+private predicate suspicious(string s) {
+  (
+    s.matches("%password%") or
+    s.matches("%passwd%") or
+    s.matches("%account%") or
+    s.matches("%accnt%") or
+    s.matches("%trusted%")
+  ) and
+  not (
+    s.matches("%hashed%") or
+    s.matches("%encrypted%") or
+    s.matches("%crypt%")
+  )
 }
 
-private string nonSuspicious() {
-  result = "%hashed%" or
-  result = "%encrypted%" or
-  result = "%crypt%"
+class SensitiveVariable extends Variable {
+  SensitiveVariable() { suspicious(getName().toLowerCase()) }
 }
 
-abstract class SensitiveExpr extends Expr { }
-
-class SensitiveVarAccess extends SensitiveExpr {
-  SensitiveVarAccess() {
-    this instanceof VariableAccess and
-    exists(string s | this.toString().toLowerCase() = s |
-      s.matches(suspicious()) and
-      not s.matches(nonSuspicious())
-    )
-  }
+class SensitiveFunction extends Function {
+  SensitiveFunction() { suspicious(getName().toLowerCase()) }
 }
 
-class SensitiveCall extends SensitiveExpr {
-  SensitiveCall() {
-    this instanceof FunctionCall and
-    exists(string s | this.toString().toLowerCase() = s |
-      s.matches(suspicious()) and
-      not s.matches(nonSuspicious())
-    )
+class SensitiveExpr extends Expr {
+  SensitiveExpr() {
+    this.(VariableAccess).getTarget() instanceof SensitiveVariable or
+    this.(FunctionCall).getTarget() instanceof SensitiveFunction
   }
 }