Add XMLParser concept

python/ql/src/experimental/semmle/python/Concepts.qll

@@ -36,7 +36,7 @@ module XMLParsing {
 }
 
 /**
- * A data-flow node that collects functions setting HTTP Headers' content.
+ * A data-flow node that collects functions parsing XML.
  *
  * Extend this class to model new APIs. If you want to refine existing API models,
  * extend `XMLParsing` instead.
@@ -56,3 +56,46 @@ class XMLParsing extends DataFlow::Node {
    */
   predicate mayBeDangerous() { range.mayBeDangerous() }
 }
+
+/** Provides classes for modeling XML parsers. */
+module XMLParser {
+  /**
+   * A data-flow node that collects XML parsers.
+   *
+   * Extend this class to model new APIs. If you want to refine existing API models,
+   * extend `XMLParser` instead.
+   */
+  abstract class Range extends DataFlow::Node {
+    /**
+     * Gets the argument containing the content to parse.
+     */
+    abstract DataFlow::Node getAnInput();
+
+    /**
+     * Holds if the parser may be dangerously configured.
+     */
+    abstract predicate mayBeDangerous();
+  }
+}
+
+/**
+ * A data-flow node that collects XML parsers.
+ *
+ * Extend this class to model new APIs. If you want to refine existing API models,
+ * extend `XMLParser` instead.
+ */
+class XMLParser extends DataFlow::Node {
+  XMLParser::Range range;
+
+  XMLParser() { this = range }
+
+  /**
+   * Gets the argument containing the content to parse.
+   */
+  DataFlow::Node getAnInput() { result = range.getAnInput() }
+
+  /**
+   * Holds if the parser may be dangerously configured.
+   */
+  predicate mayBeDangerous() { range.mayBeDangerous() }
+}