From 7306f58e574666dbc5b954598051c2ffbc6489ea Mon Sep 17 00:00:00 2001
From: Rasmus Wriedt Larsen <rasmuswl@github.com>
Date: Tue, 7 Jul 2020 19:44:43 +0200
Subject: [PATCH] Python: Fix experimental tests

---
 python/ql/src/experimental/CWE-643/xpath.ql               | 1 +
 .../semmle/python/security/injection/Xpath.qll            | 4 ++--
 python/ql/test/experimental/CWE-091/Xslt.qlref            | 2 +-
 python/ql/test/experimental/CWE-643/xpath.qlref           | 2 +-
 python/ql/test/experimental/CWE-643/xpathSinks.expected   | 8 ++++----
 python/ql/test/experimental/CWE-643/xpathSinks.ql         | 1 +
 6 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/python/ql/src/experimental/CWE-643/xpath.ql b/python/ql/src/experimental/CWE-643/xpath.ql
index fbdf57d4f1a..15720c408ee 100644
--- a/python/ql/src/experimental/CWE-643/xpath.ql
+++ b/python/ql/src/experimental/CWE-643/xpath.ql
@@ -12,6 +12,7 @@
 
 import python
 import semmle.python.security.Paths
+import semmle.python.security.strings.Untrusted
 /* Sources */
 import semmle.python.web.HttpRequest
 /* Sinks */
diff --git a/python/ql/src/experimental/semmle/python/security/injection/Xpath.qll b/python/ql/src/experimental/semmle/python/security/injection/Xpath.qll
index 01a3e6de38d..fa5c7647f1f 100644
--- a/python/ql/src/experimental/semmle/python/security/injection/Xpath.qll
+++ b/python/ql/src/experimental/semmle/python/security/injection/Xpath.qll
@@ -22,14 +22,14 @@ module XpathInjection {
   abstract class XpathInjectionSink extends TaintSink { }
 
   /**
-   * A Sink representing an argument to the `etree.Xpath` call.
+   * A Sink representing an argument to the `etree.XPath` call.
    *
    *    from lxml import etree
    *    root = etree.XML("<xmlContent>")
    *    find_text = etree.XPath("`sink`")
    */
   private class EtreeXpathArgument extends XpathInjectionSink {
-    override string toString() { result = "lxml.etree.Xpath" }
+    override string toString() { result = "lxml.etree.XPath" }
 
     EtreeXpathArgument() {
       exists(CallNode call | call.getFunction().(AttrNode).getObject("XPath").pointsTo(etree()) |
diff --git a/python/ql/test/experimental/CWE-091/Xslt.qlref b/python/ql/test/experimental/CWE-091/Xslt.qlref
index 32605307db8..27123a448a7 100644
--- a/python/ql/test/experimental/CWE-091/Xslt.qlref
+++ b/python/ql/test/experimental/CWE-091/Xslt.qlref
@@ -1 +1 @@
-experimental/CWE-643/Xslt.ql
+experimental/CWE-091/Xslt.ql
diff --git a/python/ql/test/experimental/CWE-643/xpath.qlref b/python/ql/test/experimental/CWE-643/xpath.qlref
index 61dcb500e5e..e569931999c 100644
--- a/python/ql/test/experimental/CWE-643/xpath.qlref
+++ b/python/ql/test/experimental/CWE-643/xpath.qlref
@@ -1 +1 @@
-experimental/CWE-643/xpath.ql
\ No newline at end of file
+experimental/CWE-643/xpath.ql
diff --git a/python/ql/test/experimental/CWE-643/xpathSinks.expected b/python/ql/test/experimental/CWE-643/xpathSinks.expected
index c5d2000ab52..c3bfec2fcaf 100644
--- a/python/ql/test/experimental/CWE-643/xpathSinks.expected
+++ b/python/ql/test/experimental/CWE-643/xpathSinks.expected
@@ -1,12 +1,12 @@
 | xpath.py:8:20:8:29 | lxml.etree.parse.xpath | externally controlled string |
-| xpath.py:13:29:13:38 | lxml.etree.Xpath | externally controlled string |
-| xpath.py:19:29:19:38 | lxml.etree.Xpath | externally controlled string |
+| xpath.py:13:29:13:38 | lxml.etree.XPath | externally controlled string |
+| xpath.py:19:29:19:38 | lxml.etree.XPath | externally controlled string |
 | xpath.py:25:38:25:46 | lxml.etree.ETXpath | externally controlled string |
 | xpath.py:32:29:32:34 | libxml2.parseFile.xpathEval | externally controlled string |
 | xpathBad.py:13:20:13:43 | lxml.etree.parse.xpath | externally controlled string |
 | xpathFlow.py:14:20:14:29 | lxml.etree.parse.xpath | externally controlled string |
-| xpathFlow.py:23:29:23:38 | lxml.etree.Xpath | externally controlled string |
-| xpathFlow.py:32:29:32:38 | lxml.etree.Xpath | externally controlled string |
+| xpathFlow.py:23:29:23:38 | lxml.etree.XPath | externally controlled string |
+| xpathFlow.py:32:29:32:38 | lxml.etree.XPath | externally controlled string |
 | xpathFlow.py:41:31:41:40 | lxml.etree.ETXpath | externally controlled string |
 | xpathFlow.py:49:29:49:38 | libxml2.parseFile.xpathEval | externally controlled string |
 | xpathGood.py:13:20:13:37 | lxml.etree.parse.xpath | externally controlled string |
diff --git a/python/ql/test/experimental/CWE-643/xpathSinks.ql b/python/ql/test/experimental/CWE-643/xpathSinks.ql
index 8a96e90035c..a9e5aaae427 100644
--- a/python/ql/test/experimental/CWE-643/xpathSinks.ql
+++ b/python/ql/test/experimental/CWE-643/xpathSinks.ql
@@ -1,5 +1,6 @@
 import python
 import experimental.semmle.python.security.injection.Xpath
+import semmle.python.security.strings.Untrusted
 
 from XpathInjection::XpathInjectionSink sink, TaintKind kind
 where sink.sinks(kind)