[fix] refactor

Author: eternalsakura

CodeQL_Queries/cpp/Chrome/bindings.qll

@@ -4,63 +4,46 @@ import common
 /**
  * Library for mojo bindings.
  */
-
 class StrongBinding extends ClassTemplateInstantiation {
-  StrongBinding() {
-    getName().matches("StrongBinding%")
-  }
-  
-  Type getBindingType() {
-    result = this.getTemplateArgument(0).(Type).stripType()
-  }
+  StrongBinding() { getName().matches("StrongBinding%") }
+
+  Type getBindingType() { result = this.getTemplateArgument(0).(Type).stripType() }
 }
 
 class Binding extends ClassTemplateInstantiation {
-  Binding() {
-    getName().matches("Binding<%")
-  }
-  
-  Type getBindingType() {
-    result = this.getTemplateArgument(0).(Type).stripType()
-  }
-}
+  Binding() { getName().matches("Binding<%") }
 
+  Type getBindingType() { result = this.getTemplateArgument(0).(Type).stripType() }
+}
 
 class MojoReceiver extends ClassTemplateInstantiation {
-  MojoReceiver() {
-    getQualifiedName().matches("%mojo::Receiver<%")
-  }
-  
-  Type getBindingType() {
-    result = this.getTemplateArgument(0).(Type).stripType()
-  }
+  MojoReceiver() { getQualifiedName().matches("%mojo::Receiver<%") }
+
+  Type getBindingType() { result = this.getTemplateArgument(0).(Type).stripType() }
 }
 
 class InterfaceBinding extends Class {
   FunctionCall addBinding;
-  
+
   InterfaceBinding() {
     addBinding.getTarget().hasName("AddBinding") and
     this = generalStripType(addBinding.getArgument(0).getAChild*().getType())
   }
-  
-  FunctionCall getABinding() {
-    result = addBinding
-  }
+
+  FunctionCall getABinding() { result = addBinding }
 }
 
 class InterfacePtr extends ClassTemplateInstantiation {
   InterfacePtr() {
     stripType().getName().matches("InterfacePtr<%") or
     stripType().getName().matches("InterfacePtrInfo<%")
   }
-  
-  Type getInterfaceType() {
-    result = getTemplateArgument(0)
-  }
-  
+
+  Type getInterfaceType() { result = getTemplateArgument(0) }
+
   Type getInterfacePtrType() {
-    exists(string s | s = getInterfaceType().getName() + "Ptr" and
+    exists(string s |
+      s = getInterfaceType().getName() + "Ptr" and
       result.getName() = s
     )
   }
@@ -81,19 +64,18 @@ class StructPtr extends Class {
     getName().matches("StructPtr<%") or
     getName().matches("InlinedStructPtr<%")
   }
-  
-  Type getStructType() {
-    result = getTemplateArgument(0)
-  }
+
+  Type getStructType() { result = getTemplateArgument(0) }
 }
 
 Type stripStructPtrType(Type c) {
-  (
-    c.getName().matches("vector<%") and
-    result = stripStructPtrType(c.(Class).getTemplateArgument(0))
-  ) or
-  exists(StructPtr t | t = c.stripType() and
+  c.getName().matches("vector<%") and
+  result = stripStructPtrType(c.(Class).getTemplateArgument(0))
+  or
+  exists(StructPtr t |
+    t = c.stripType() and
     result = t.getStructType().stripType()
-  ) or
+  )
+  or
   result = c.stripType()
 }

CodeQL_Queries/cpp/Chrome/callback_tracking.qll

@@ -4,10 +4,6 @@ import bindings
 import field
 import callbacks
 
-/**
- * Dataflow library for tracking unretained or retained types in a callback.
- */
-
 /**
  * An assignment to a callback field.
  */
@@ -26,26 +22,30 @@ predicate runCallbackSink(DataFlow::Node sink) {
  * An expression that posts a callback to a task runner.
  */
 predicate postTaskSink(DataFlow::Node sink) {
-  exists(FunctionCall postTask | postTask.getTarget().getName().matches("PostTask%") or
-    postTask.getTarget().getName() = "PostDelayedTask" |
+  exists(FunctionCall postTask |
+    postTask.getTarget().getName().matches("PostTask%") or
+    postTask.getTarget().getName() = "PostDelayedTask"
+  |
     postTask.getAnArgument() = sink.asExpr()
   )
 }
 
 /**
  * Callback gets passed inside an interface pointer function. The idea is that such a
- * callback may then be called from the renderer. (A bit like 
+ * callback may then be called from the renderer. (A bit like
  * https://bugs.chromium.org/p/project-zero/issues/detail?id=1755
  * )
  */
 predicate interfacePtrCallSink(DataFlow::Node sink) {
-  exists(FunctionCall mojom, InterfacePtr iPtr, Function interfaceFunc | 
+  exists(FunctionCall mojom, InterfacePtr iPtr, Function interfaceFunc |
     overrides*(mojom.getTarget(), interfaceFunc) and
     interfaceFunc.getDeclaringType() = iPtr.getInterfaceType() and
     sink.asExpr() = mojom.getAnArgument()
-  ) or
-  exists(BindCall bc, InterfacePtr iPtr, Function interfaceFunc | 
-    overrides*(bc.getFunction(), interfaceFunc) and interfaceFunc.getDeclaringType() = iPtr.getInterfaceType() and
+  )
+  or
+  exists(BindCall bc, InterfacePtr iPtr, Function interfaceFunc |
+    overrides*(bc.getFunction(), interfaceFunc) and
+    interfaceFunc.getDeclaringType() = iPtr.getInterfaceType() and
     sink.asExpr() = bc.getAnArgument() and
     sink.asExpr() != bc.getArgument(0)
   )
@@ -59,25 +59,20 @@ predicate callbackArgSink(DataFlow::Node sink) {
 }
 
 class CallbackConfig extends DataFlow::Configuration {
-  CallbackConfig() {
-    this = "callbackconfig"
-  }
-  
+  CallbackConfig() { this = "callbackconfig" }
+
   override predicate isSource(DataFlow::Node source) {
     (
-      exists(GeneralCallback fc |
-        source.asExpr() = fc
-      )
+      exists(GeneralCallback fc | source.asExpr() = fc)
       or
       exists(CallbackField f | source.asExpr() = f.getAnAccess())
-    ) 
-    and
+    ) and
     not source.asExpr().getFile().getBaseName() = "bind.h" and
-    not source.asExpr().getFile().getBaseName() = "callback_helpers.h"// and
+    not source.asExpr().getFile().getBaseName() = "callback_helpers.h" // and
   }
-  
+
   override predicate isSink(DataFlow::Node sink) {
-    ( 
+    (
       isCallbackFieldSink(sink)
       or
       runCallbackSink(sink)
@@ -87,7 +82,7 @@ class CallbackConfig extends DataFlow::Configuration {
       interfacePtrCallSink(sink)
       or
       callbackArgSink(sink)
-    ) and     
+    ) and
     (
       //Exclude sinks that are in uninteresting files.
       not sink.asExpr().getFile().getBaseName() = "bind_internal.h" and
@@ -103,15 +98,21 @@ class CallbackConfig extends DataFlow::Configuration {
       sink.asExpr().fromSource()
     )
   }
-  
+
   override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    callbackStep(node1, node2) or
-    collectionsEdge(node1, node2) or
-    getEdge(node1, node2) or
-    generalAssignEdge(node1, node2) or
-    exists(Parameter p | p = node1.asParameter() and
+    callbackStep(node1, node2)
+    or
+    collectionsEdge(node1, node2)
+    or
+    getEdge(node1, node2)
+    or
+    generalAssignEdge(node1, node2)
+    or
+    exists(Parameter p |
+      p = node1.asParameter() and
       node2.asExpr() = p.getAnAccess()
-    ) or
+    )
+    or
     copyConstructorEdge(node1, node2)
     or
     pointerTransferEdge(node1, node2)
@@ -134,4 +135,4 @@ class CallbackConfig extends DataFlow::Configuration {
     or
     forRangeEdge(node1, node2)
   }
-}
+}