Get rid of getParent

edvraa · edvraa · commit 9e46ef3cd976 · 2021-04-21T17:11:40.000+03:00
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/UnsafeDeserialization.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/UnsafeDeserialization.qll
@@ -27,10 +27,12 @@ module UnsafeDeserialization {
   abstract private class InstanceMethodSink extends Sink {
     InstanceMethodSink() {
       not exists(
-        SafeConstructorTrackingConfig safeConstructorTracking, DataFlow::Node safeTypeUsage
+        SafeConstructorTrackingConfig safeConstructorTracking, DataFlow::Node safeTypeUsage,
+        MethodCall mc
       |
         safeConstructorTracking.hasFlow(_, safeTypeUsage) and
-        safeTypeUsage.asExpr().getParent() = this.asExpr().getParent()
+        mc.getQualifier() = safeTypeUsage.asExpr() and
+        mc.getAnArgument() = this.asExpr()
       )
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -27,10 +27,12 @@ module UnsafeDeserialization {`
`27`	`27`	`abstract private class InstanceMethodSink extends Sink {`
`28`	`28`	`InstanceMethodSink() {`
`29`	`29`	`not exists(`
`30`		`- SafeConstructorTrackingConfig safeConstructorTracking, DataFlow::Node safeTypeUsage`
	`30`	`+ SafeConstructorTrackingConfig safeConstructorTracking, DataFlow::Node safeTypeUsage,`
	`31`	`+ MethodCall mc`
`31`	`32`	`\|`
`32`	`33`	`safeConstructorTracking.hasFlow(_, safeTypeUsage) and`
`33`		`- safeTypeUsage.asExpr().getParent() = this.asExpr().getParent()`
	`34`	`+ mc.getQualifier() = safeTypeUsage.asExpr() and`
	`35`	`+ mc.getAnArgument() = this.asExpr()`
`34`	`36`	`)`
`35`	`37`	`}`
`36`	`38`	`}`