From 4e4ef520abd756c87234374b415479bb77d0ed60 Mon Sep 17 00:00:00 2001
From: Max Schaefer <max@semmle.com>
Date: Wed, 29 Aug 2018 15:37:35 +0100
Subject: [PATCH] JavaScript: Rename a predicate in `CommandInjection.qll`.

---
 javascript/ql/src/Security/CWE-078/CommandInjection.ql       | 5 ++++-
 .../semmle/javascript/security/dataflow/CommandInjection.qll | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql
index 64b454703a2..36158c3d0b9 100644
--- a/javascript/ql/src/Security/CWE-078/CommandInjection.ql
+++ b/javascript/ql/src/Security/CWE-078/CommandInjection.ql
@@ -17,5 +17,8 @@ import semmle.javascript.security.dataflow.CommandInjection::CommandInjection
 
 from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, DataFlow::Node highlight
 where cfg.hasFlow(source, sink) and
-      if cfg.isSink(sink, _) then cfg.isSink(sink, highlight) else highlight = sink
+      if cfg.isSinkWithHighlight(sink, _) then
+        cfg.isSinkWithHighlight(sink, highlight)
+      else
+        highlight = sink
 select highlight, "This command depends on $@.", source, "a user-provided value"
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/CommandInjection.qll b/javascript/ql/src/semmle/javascript/security/dataflow/CommandInjection.qll
index facc320973f..14ba1f4f715 100644
--- a/javascript/ql/src/semmle/javascript/security/dataflow/CommandInjection.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/CommandInjection.qll
@@ -37,14 +37,14 @@ module CommandInjection {
      * Holds if `sink` is a data flow sink for command-injection vulnerabilities, and
      * the alert should be placed at the node `highlight`.
      */
-    predicate isSink(DataFlow::Node sink, DataFlow::Node highlight) {
+    predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) {
       sink instanceof Sink and highlight = sink
       or
       indirectCommandInjection(sink, highlight)
     }
 
     override predicate isSink(DataFlow::Node sink) {
-      isSink(sink, _)
+      isSinkWithHighlight(sink, _)
     }
 
     override predicate isSanitizer(DataFlow::Node node) {