MSM: autoformat all queries

Author: jbj

ql_demos/cpp/Qualcomm-MSM-copy_from_user/01_copy_from_user_annotated.ql

@@ -18,12 +18,9 @@ import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 //    and the size argument of the kzalloc is the same as the
 //    size argument of copy_from_user. These calls are safe.
 from FunctionCall call, Expr destArg, Expr sizeArg
-where call.getTarget().getName() = "copy_from_user"
-  and destArg = call.getArgument(0)
-  and sizeArg = call.getArgument(2)
-select
-  call,
-  destArg.getType(),
-  lowerBound(sizeArg),
-  upperBound(sizeArg),
+where
+  call.getTarget().getName() = "copy_from_user" and
+  destArg = call.getArgument(0) and
+  sizeArg = call.getArgument(2)
+select call, destArg.getType(), lowerBound(sizeArg), upperBound(sizeArg),
   call.getFile().getRelativePath()

ql_demos/cpp/Qualcomm-MSM-copy_from_user/02_filter_with_upperbound.ql

@@ -16,13 +16,10 @@ import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 // copy_from_user(&s, usrptr, sizeof(s));
 // ```
 from FunctionCall call, Expr destArg, Expr sizeArg
-where call.getTarget().getName() = "copy_from_user"
-and destArg = call.getArgument(0)
-and sizeArg = call.getArgument(2)
-and not (destArg.getType().(PointerType).getBaseType().getSize() >= upperBound(sizeArg))
-select
-  call,
-  destArg.getType(),
-  lowerBound(sizeArg),
-  upperBound(sizeArg),
+where
+  call.getTarget().getName() = "copy_from_user" and
+  destArg = call.getArgument(0) and
+  sizeArg = call.getArgument(2) and
+  not destArg.getType().(PointerType).getBaseType().getSize() >= upperBound(sizeArg)
+select call, destArg.getType(), lowerBound(sizeArg), upperBound(sizeArg),
   call.getFile().getRelativePath()

ql_demos/cpp/Qualcomm-MSM-copy_from_user/03_filter_with_upperbound.ql

@@ -18,14 +18,11 @@ import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 // copy_from_user(s, usrptr, sizeof(s));
 // ```
 from FunctionCall call, Expr destArg, Expr sizeArg
-where call.getTarget().getName() = "copy_from_user"
-and destArg = call.getArgument(0)
-and sizeArg = call.getArgument(2)
-and not (destArg.getType().(PointerType).getBaseType().getSize() >= upperBound(sizeArg))
-and not (destArg.getType().(ArrayType).getSize() >= upperBound(sizeArg))
-select
-  call,
-  destArg.getType(),
-  lowerBound(sizeArg),
-  upperBound(sizeArg),
+where
+  call.getTarget().getName() = "copy_from_user" and
+  destArg = call.getArgument(0) and
+  sizeArg = call.getArgument(2) and
+  not destArg.getType().(PointerType).getBaseType().getSize() >= upperBound(sizeArg) and
+  not destArg.getType().(ArrayType).getSize() >= upperBound(sizeArg)
+select call, destArg.getType(), lowerBound(sizeArg), upperBound(sizeArg),
   call.getFile().getRelativePath()

ql_demos/cpp/Qualcomm-MSM-copy_from_user/04_safe_malloc.ql

@@ -20,14 +20,14 @@ import semmle.code.cpp.dataflow.DataFlow
 // In the next query, we'll use `safe_malloc` to filter those
 // calls out, because they are safe.
 predicate safe_malloc(FunctionCall allocCall, FunctionCall copy_from_user) {
-  exists (DataFlow::Node source, DataFlow::Node sink
-  | allocCall.getTarget().getName() = "kzalloc" and
+  exists(DataFlow::Node source, DataFlow::Node sink |
+    allocCall.getTarget().getName() = "kzalloc" and
     copy_from_user.getTarget().getName() = "copy_from_user" and
     source.asExpr() = allocCall and
     sink.asExpr() = copy_from_user.getArgument(0) and
     DataFlow::localFlow(source, sink) and
-    globalValueNumber(allocCall.getArgument(0)) =
-      globalValueNumber(copy_from_user.getArgument(2)))
+    globalValueNumber(allocCall.getArgument(0)) = globalValueNumber(copy_from_user.getArgument(2))
+  )
 }
 
 from FunctionCall allocCall, FunctionCall copy_from_user

ql_demos/cpp/Qualcomm-MSM-copy_from_user/05_filter_with_upperbound_and_safe_malloc.ql

@@ -15,27 +15,24 @@ import semmle.code.cpp.dataflow.DataFlow
 
 // We wrote this predicate in the previous query.
 predicate safe_malloc(FunctionCall allocCall, FunctionCall copy_from_user) {
-  exists (DataFlow::Node source, DataFlow::Node sink
-  | allocCall.getTarget().getName() = "kzalloc" and
+  exists(DataFlow::Node source, DataFlow::Node sink |
+    allocCall.getTarget().getName() = "kzalloc" and
     copy_from_user.getTarget().getName() = "copy_from_user" and
     source.asExpr() = allocCall and
     sink.asExpr() = copy_from_user.getArgument(0) and
     DataFlow::localFlow(source, sink) and
-    globalValueNumber(allocCall.getArgument(0)) =
-      globalValueNumber(copy_from_user.getArgument(2)))
+    globalValueNumber(allocCall.getArgument(0)) = globalValueNumber(copy_from_user.getArgument(2))
+  )
 }
 
 // Add a filter to remove results that match the `safe_malloc` pattern.
 from FunctionCall call, Expr destArg, Expr sizeArg
-where call.getTarget().getName() = "copy_from_user"
-and destArg = call.getArgument(0)
-and sizeArg = call.getArgument(2)
-and not (destArg.getType().(PointerType).getBaseType().getSize() >= upperBound(sizeArg))
-and not (destArg.getType().(ArrayType).getSize() >= upperBound(sizeArg))
-and not safe_malloc(_, call)
-select
-  call,
-  destArg.getType(),
-  lowerBound(sizeArg),
-  upperBound(sizeArg),
+where
+  call.getTarget().getName() = "copy_from_user" and
+  destArg = call.getArgument(0) and
+  sizeArg = call.getArgument(2) and
+  not destArg.getType().(PointerType).getBaseType().getSize() >= upperBound(sizeArg) and
+  not destArg.getType().(ArrayType).getSize() >= upperBound(sizeArg) and
+  not safe_malloc(_, call)
+select call, destArg.getType(), lowerBound(sizeArg), upperBound(sizeArg),
   call.getFile().getRelativePath()

ql_demos/cpp/Qualcomm-MSM-copy_from_user/06_stackaddress_dataflow.ql

@@ -16,19 +16,19 @@ class Config extends DataFlow::Configuration {
   Config() { this = "copy_from_user" }
 
   override predicate isSource(DataFlow::Node source) {
-  	exists (LocalVariable v
-  	| source.asExpr().(AddressOfExpr).getOperand() = v.getAnAccess())
+    exists(LocalVariable v | source.asExpr().(AddressOfExpr).getOperand() = v.getAnAccess())
   }
 
   override predicate isSink(DataFlow::Node sink) {
     // This is the logic that was previously in the select clause of the query.
-    exists (FunctionCall call, Expr destArg, Expr sizeArg
-    | call.getTarget().getName() = "copy_from_user" and
+    exists(FunctionCall call, Expr destArg, Expr sizeArg |
+      call.getTarget().getName() = "copy_from_user" and
       destArg = sink.asExpr() and
       destArg = call.getArgument(0) and
       sizeArg = call.getArgument(2) and
-      not (destArg.getType().(PointerType).getBaseType().getSize() >= upperBound(sizeArg)) and
-      not (destArg.getType().(ArrayType).getSize() >= upperBound(sizeArg)))
+      not destArg.getType().(PointerType).getBaseType().getSize() >= upperBound(sizeArg) and
+      not destArg.getType().(ArrayType).getSize() >= upperBound(sizeArg)
+    )
   }
 }