Replace uses of StringConstCompare

2026-04-28 02:05:14 +02:00 · 2024-09-20 14:47:22 +01:00
parent 164cf27e67
commit 3001a570b2
16 changed files with 69 additions and 31 deletions
--- a/python/ql/src/experimental/Security/CWE-074/TemplateInjectionCustomizations.qll
+++ b/python/ql/src/experimental/Security/CWE-074/TemplateInjectionCustomizations.qll
@@ -45,7 +45,10 @@ module TemplateInjection {
  }

  /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
   */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 }
--- a/python/ql/src/experimental/Security/CWE-091/XsltInjectionCustomizations.qll
+++ b/python/ql/src/experimental/Security/CWE-091/XsltInjectionCustomizations.qll
@@ -52,7 +52,10 @@ module XsltInjection {
  }

  /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
   */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 }
--- a/python/ql/src/experimental/semmle/python/security/dataflow/EmailXss.qll
+++ b/python/ql/src/experimental/semmle/python/security/dataflow/EmailXss.qll
@@ -19,7 +19,7 @@ private module EmailXssConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node sanitizer) {
    sanitizer = any(HtmlEscaping esc).getOutput()
    or
-    sanitizer instanceof StringConstCompareBarrier
+    sanitizer instanceof ConstCompareBarrier
  }

  predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
--- a/python/ql/src/experimental/semmle/python/security/injection/CsvInjection.qll
+++ b/python/ql/src/experimental/semmle/python/security/injection/CsvInjection.qll
@@ -15,7 +15,7 @@ private module CsvInjectionConfig implements DataFlow::ConfigSig {

  predicate isBarrier(DataFlow::Node node) {
    node = DataFlow::BarrierGuard<startsWithCheck/3>::getABarrierNode() or
-    node instanceof StringConstCompareBarrier
+    node instanceof ConstCompareBarrier
  }
 }