Python: Rename sink definitions for XXE/XML bomb

2025-12-22 19:56:32 +01:00 · 2022-04-07 15:34:56 +02:00
parent 7728b6cf1b
commit 405480c410
2 changed files with 6 additions and 8 deletions
--- a/python/ql/src/experimental/semmle/python/security/dataflow/XmlBombCustomizations.qll
+++ b/python/ql/src/experimental/semmle/python/security/dataflow/XmlBombCustomizations.qll
@@ -35,11 +35,10 @@ module XmlBomb {
  }

  /**
-   * A call to an XML parser that performs internal entity expansion, viewed
-   * as a data flow sink for XML-bomb vulnerabilities.
+   * A call to an XML parser that is vulnerable to XML bombs.
   */
-  class XmlParsingWithEntityResolution extends Sink {
-    XmlParsingWithEntityResolution() {
+  class XmlParsingVulnerableToXmlBomb extends Sink {
+    XmlParsingVulnerableToXmlBomb() {
      exists(XML::XmlParsing parsing, XML::XmlParsingVulnerabilityKind kind |
        kind.isXmlBomb() and
        parsing.vulnerableTo(kind) and
--- a/python/ql/src/experimental/semmle/python/security/dataflow/XxeCustomizations.qll
+++ b/python/ql/src/experimental/semmle/python/security/dataflow/XxeCustomizations.qll
@@ -35,11 +35,10 @@ module Xxe {
  }

  /**
-   * A call to an XML parser that performs external entity expansion, viewed
-   * as a data flow sink for XXE vulnerabilities.
+   * A call to an XML parser that is vulnerable to XXE.
   */
-  class XmlParsingWithExternalEntityResolution extends Sink {
-    XmlParsingWithExternalEntityResolution() {
+  class XmlParsingVulnerableToXxe extends Sink {
+    XmlParsingVulnerableToXxe() {
      exists(XML::XmlParsing parsing, XML::XmlParsingVulnerabilityKind kind |
        kind.isXxe() and
        parsing.vulnerableTo(kind) and