Python: Remove XMLParser concept

2026-04-29 18:55:14 +02:00 · 2022-03-03 22:04:48 +01:00
parent df8e0fce68
commit 837daaae3b
2 changed files with 0 additions and 52 deletions
--- a/python/ql/src/experimental/semmle/python/Concepts.qll
+++ b/python/ql/src/experimental/semmle/python/Concepts.qll
@@ -76,45 +76,6 @@ module XML {
      abstract predicate vulnerable(XMLVulnerabilityKind kind);
    }
  }
-
-  /**
-   * A data-flow node that constructs an XML parser.
-   *
-   * Extend this class to model new APIs. If you want to refine existing API models,
-   * extend `XMLParser` instead.
-   */
-  class XMLParser extends DataFlow::Node instanceof XMLParser::Range {
-    /**
-     * Gets the argument containing the content to parse.
-     */
-    DataFlow::Node getAnInput() { result = super.getAnInput() }
-
-    /**
-     * Holds if the parser is vulnerable to `kind`.
-     */
-    predicate vulnerable(XMLVulnerabilityKind kind) { super.vulnerable(kind) }
-  }
-
-  /** Provides classes for modeling XML parsers. */
-  module XMLParser {
-    /**
-     * A data-flow node that constructs an XML parser.
-     *
-     * Extend this class to model new APIs. If you want to refine existing API models,
-     * extend `XMLParser` instead.
-     */
-    abstract class Range extends DataFlow::Node {
-      /**
-       * Gets the argument containing the content to parse.
-       */
-      abstract DataFlow::Node getAnInput();
-
-      /**
-       * Holds if the parser is vulnerable to `kind`.
-       */
-      abstract predicate vulnerable(XMLVulnerabilityKind kind);
-    }
-  }
 }

 /** Provides classes for modeling LDAP query execution-related APIs. */
--- a/python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjectionCustomizations.qll
+++ b/python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjectionCustomizations.qll
@@ -61,19 +61,6 @@ module XmlEntityInjection {
    override string getVulnerableKind() { xmlParsing.vulnerable(result) }
  }

-  /**
-   * An input to an XML parser, considered as a flow sink.
-   *
-   * See `XML::XMLParser`
-   */
-  class XMLParserInputAsSink extends Sink {
-    XML::XMLParser xmlParser;
-
-    XMLParserInputAsSink() { this = xmlParser.getAnInput() }
-
-    override string getVulnerableKind() { xmlParser.vulnerable(result) }
-  }
-
  /**
   * A source of remote user input, considered as a flow source.
   */