From a1ad1ddc10259cb76b31f1ec577c1df3564f31db Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Tue, 14 Sep 2021 14:21:29 +0100
Subject: [PATCH] Deprecated and replace uses of old name `ServletWriterSource`

---
 java/ql/lib/semmle/code/java/security/XSS.qll          | 5 +++++
 java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/java/ql/lib/semmle/code/java/security/XSS.qll b/java/ql/lib/semmle/code/java/security/XSS.qll
index 890291be510..fdb52a95e3a 100644
--- a/java/ql/lib/semmle/code/java/security/XSS.qll
+++ b/java/ql/lib/semmle/code/java/security/XSS.qll
@@ -149,6 +149,11 @@ class XssVulnerableWriterSource extends MethodAccess {
   }
 }
 
+/**
+ * DEPRECATED: Use `XssVulnerableWriterSource` instead.
+ */
+deprecated class ServletWriterSource = XssVulnerableWriterSource;
+
 /**
  * Holds if `s` is an HTTP Content-Type vulnerable to XSS.
  */
diff --git a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
index 3b085b609b2..c10fa45e93d 100644
--- a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
+++ b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
@@ -36,7 +36,9 @@ class ServletWriterSourceToPrintStackTraceMethodFlowConfig extends TaintTracking
     this = "StackTraceExposure::ServletWriterSourceToPrintStackTraceMethodFlowConfig"
   }
 
-  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ServletWriterSource }
+  override predicate isSource(DataFlow::Node src) {
+    src.asExpr() instanceof XssVulnerableWriterSource
+  }
 
   override predicate isSink(DataFlow::Node sink) {
     exists(MethodAccess ma |