From 405480c41045f943e025aa7d21a33b971b231cf2 Mon Sep 17 00:00:00 2001
From: Rasmus Wriedt Larsen <rasmuswl@github.com>
Date: Thu, 7 Apr 2022 15:34:56 +0200
Subject: [PATCH] Python: Rename sink definitions for XXE/XML bomb

---
 .../python/security/dataflow/XmlBombCustomizations.qll     | 7 +++----
 .../semmle/python/security/dataflow/XxeCustomizations.qll  | 7 +++----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/python/ql/src/experimental/semmle/python/security/dataflow/XmlBombCustomizations.qll b/python/ql/src/experimental/semmle/python/security/dataflow/XmlBombCustomizations.qll
index 7cc4ec5bad5..a2fe1b8ecb2 100644
--- a/python/ql/src/experimental/semmle/python/security/dataflow/XmlBombCustomizations.qll
+++ b/python/ql/src/experimental/semmle/python/security/dataflow/XmlBombCustomizations.qll
@@ -35,11 +35,10 @@ module XmlBomb {
   }
 
   /**
-   * A call to an XML parser that performs internal entity expansion, viewed
-   * as a data flow sink for XML-bomb vulnerabilities.
+   * A call to an XML parser that is vulnerable to XML bombs.
    */
-  class XmlParsingWithEntityResolution extends Sink {
-    XmlParsingWithEntityResolution() {
+  class XmlParsingVulnerableToXmlBomb extends Sink {
+    XmlParsingVulnerableToXmlBomb() {
       exists(XML::XmlParsing parsing, XML::XmlParsingVulnerabilityKind kind |
         kind.isXmlBomb() and
         parsing.vulnerableTo(kind) and
diff --git a/python/ql/src/experimental/semmle/python/security/dataflow/XxeCustomizations.qll b/python/ql/src/experimental/semmle/python/security/dataflow/XxeCustomizations.qll
index 0fc139ec4f3..1d1ad087f84 100644
--- a/python/ql/src/experimental/semmle/python/security/dataflow/XxeCustomizations.qll
+++ b/python/ql/src/experimental/semmle/python/security/dataflow/XxeCustomizations.qll
@@ -35,11 +35,10 @@ module Xxe {
   }
 
   /**
-   * A call to an XML parser that performs external entity expansion, viewed
-   * as a data flow sink for XXE vulnerabilities.
+   * A call to an XML parser that is vulnerable to XXE.
    */
-  class XmlParsingWithExternalEntityResolution extends Sink {
-    XmlParsingWithExternalEntityResolution() {
+  class XmlParsingVulnerableToXxe extends Sink {
+    XmlParsingVulnerableToXxe() {
       exists(XML::XmlParsing parsing, XML::XmlParsingVulnerabilityKind kind |
         kind.isXxe() and
         parsing.vulnerableTo(kind) and