Python: Rename to EmailXss

python/ql/src/experimental/Security/CWE-079/EmailXss.ql

@@ -15,10 +15,10 @@
 
 // determine precision above
 import python
-import experimental.semmle.python.security.dataflow.ReflectedXSS
-import ReflectedXSSFlow::PathGraph
+import experimental.semmle.python.security.dataflow.EmailXss
+import EmailXssFlow::PathGraph
 
-from ReflectedXSSFlow::PathNode source, ReflectedXSSFlow::PathNode sink
-where ReflectedXSSFlow::flowPath(source, sink)
+from EmailXssFlow::PathNode source, EmailXssFlow::PathNode sink
+where EmailXssFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.",
   source.getNode(), "a user-provided value"

python/ql/src/experimental/semmle/python/security/dataflow/EmailXss.qll

@@ -1,6 +1,5 @@
 /**
- * Provides a taint-tracking configuration for detecting reflected server-side
- * cross-site scripting vulnerabilities.
+ * Provides a taint-tracking configuration for detecting "Email XSS" vulnerabilities.
  */
 
 import python
@@ -12,11 +11,7 @@ import experimental.semmle.python.Concepts
 import semmle.python.Concepts
 import semmle.python.ApiGraphs
 
-/**
- * A taint-tracking configuration for detecting reflected server-side cross-site
- * scripting vulnerabilities.
- */
-private module ReflectedXSSConfig implements DataFlow::ConfigSig {
+private module EmailXssConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
   predicate isSink(DataFlow::Node sink) { sink = any(EmailSender email).getHtmlBody() }
@@ -41,5 +36,5 @@ private module ReflectedXSSConfig implements DataFlow::ConfigSig {
   }
 }
 
-/** Global taint-tracking for detecting "TODO" vulnerabilities. */
-module ReflectedXSSFlow = TaintTracking::Global<ReflectedXSSConfig>;
+/** Global taint-tracking for detecting "Email XSS" vulnerabilities. */
+module EmailXssFlow = TaintTracking::Global<EmailXssConfig>;