Refactor Security.CWE.CWE-611 Xxe queries

2025-12-24 04:36:35 +01:00 · 2023-03-15 14:35:36 -04:00
parent 80012b190d
commit 271d50ba99
4 changed files with 36 additions and 8 deletions
--- a/java/ql/src/Security/CWE/CWE-611/XXE.ql
+++ b/java/ql/src/Security/CWE/CWE-611/XXE.ql
@@ -16,10 +16,10 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.security.XxeRemoteQuery
-import DataFlow::PathGraph
+import XxeFlow::PathGraph

-from DataFlow::PathNode source, DataFlow::PathNode sink, XxeConfig conf
-where conf.hasFlowPath(source, sink)
+from XxeFlow::PathNode source, XxeFlow::PathNode sink
+where XxeFlow::hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
  "XML parsing depends on a $@ without guarding against external entity expansion.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-611/XXELocal.ql
+++ b/java/ql/src/Security/CWE/CWE-611/XXELocal.ql
@@ -16,10 +16,10 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.security.XxeLocalQuery
-import DataFlow::PathGraph
+import XxeLocalFlow::PathGraph

-from DataFlow::PathNode source, DataFlow::PathNode sink, XxeLocalConfig conf
-where conf.hasFlowPath(source, sink)
+from XxeLocalFlow::PathNode source, XxeLocalFlow::PathNode sink
+where XxeLocalFlow::hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
  "XML parsing depends on a $@ without guarding against external entity expansion.",
  source.getNode(), "user-provided value"