From 963631dedf2567ca28c71f428993ef45c9495bdb Mon Sep 17 00:00:00 2001 From: Slavomir Date: Mon, 8 Mar 2021 15:52:10 +0100 Subject: [PATCH] Improve naming. --- .../CWE-79/HTMLTemplateEscapingPassthrough.ql | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql b/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql index a05220edcf7..ae9a936ddcc 100755 --- a/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql +++ b/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql @@ -91,11 +91,11 @@ class TemplateExecutionFlowConf extends TaintTracking::Configuration { } from - TemplateExecutionFlowConf cfg, DataFlow::PathNode source, DataFlow::PathNode sink, - string targetTypeName, DataFlow::PathNode conversionSink + TemplateExecutionFlowConf cfg, DataFlow::PathNode untrustedSource, + DataFlow::PathNode tplExecutionSink, string targetTypeName, DataFlow::PathNode conversionSink where - cfg.hasFlowPath(source, sink) and - isConvertedToPassthroughType(source.getNode(), targetTypeName, conversionSink) -select sink.getNode(), source, sink, + cfg.hasFlowPath(untrustedSource, tplExecutionSink) and + isConvertedToPassthroughType(untrustedSource.getNode(), targetTypeName, conversionSink) +select tplExecutionSink.getNode(), untrustedSource, tplExecutionSink, "Data from an $@ will not be auto-escaped because it was $@ to template." + targetTypeName, - source.getNode(), "untrusted source", conversionSink.getNode(), "converted" + untrustedSource.getNode(), "untrusted source", conversionSink.getNode(), "converted"