Rewrie some simple IPA types

Author: joefarebrother

python/ql/lib/semmle/python/Concepts.qll

@@ -1419,29 +1419,24 @@ module Http {
         }
       }
 
-      private newtype TSameSiteValue =
-        TSameSiteStrict() or
-        TSameSiteLax() or
-        TSameSiteNone()
-
       /** A possible value for the SameSite attribute of a cookie. */
-      class SameSiteValue extends TSameSiteValue {
+      abstract new class SameSiteValue {
         /** Gets a string representation of this value. */
-        string toString() { none() }
+        abstract string toString();
       }
 
       /** A `Strict` value of the `SameSite` attribute. */
-      class SameSiteStrict extends SameSiteValue, TSameSiteStrict {
+      final new class SameSiteStrict extends SameSiteValue {
         override string toString() { result = "Strict" }
       }
 
       /** A `Lax` value of the `SameSite` attribute. */
-      class SameSiteLax extends SameSiteValue, TSameSiteLax {
+      final new class SameSiteLax extends SameSiteValue {
         override string toString() { result = "Lax" }
       }
 
       /** A `None` value of the `SameSite` attribute. */
-      class SameSiteNone extends SameSiteValue, TSameSiteNone {
+      final new class SameSiteNone extends SameSiteValue {
         override string toString() { result = "None" }
       }
     }

ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll

@@ -26,12 +26,8 @@ module CodeInjection {
      */
     deprecated DataFlow::FlowState full() { result = "full" }
 
-    private newtype TState =
-      TFull() or
-      TSubString()
-
     /** A flow state used to distinguish whether an attacker controls the entire string. */
-    class State extends TState {
+    abstract new class State {
       /**
        * Gets a string representation of this state.
        */
@@ -40,22 +36,22 @@ module CodeInjection {
       /**
        * Gets a canonical string representation of this state.
        */
-      string getStringRepresentation() {
-        this = TSubString() and result = "substring"
-        or
-        this = TFull() and result = "full"
-      }
+      abstract string getStringRepresentation();
     }
 
     /**
      * A flow state used for normal tainted data, where an attacker might only control a substring.
      */
-    class SubString extends State, TSubString { }
+    final new class SubString extends State {
+      override string getStringRepresentation() { result = "substring" }
+    }
 
     /**
      * A flow state used for data that is entirely controlled by the attacker.
      */
-    class Full extends State, TFull { }
+    final new class Full extends State {
+      override string getStringRepresentation() { result = "full" }
+    }
   }
 
   /**

ruby/ql/lib/codeql/ruby/security/MassAssignmentQuery.qll

@@ -9,24 +9,20 @@ private import codeql.ruby.dataflow.RemoteFlowSources
 private import MassAssignmentCustomizations
 
 private module FlowState {
-  private newtype TState =
-    TUnpermitted() or
-    TPermitted()
-
   /** A flow state used to distinguish whether arbitrary user parameters have been permitted to be used for mass assignment. */
-  class State extends TState {
-    string toString() {
-      this = TUnpermitted() and result = "unpermitted"
-      or
-      this = TPermitted() and result = "permitted"
-    }
+  abstract new class State {
+    abstract string toString();
   }
 
   /** A flow state used for user parameters for which arbitrary parameters have not been permitted to use for mass assignment. */
-  class Unpermitted extends State, TUnpermitted { }
+  final new class Unpermitted extends State {
+    override string toString() { result = "unpermitted" }
+  }
 
   /** A flow state used for user parameters for which arbitrary parameters have been permitted to use for mass assignment. */
-  class Permitted extends State, TPermitted { }
+  final new class Permitted extends State {
+    override string toString() { result = "permitted" }
+  }
 }
 
 /** A flow configuration for reasoning about insecure mass assignment. */