From e7bad4cd90ffd4fb9beaf8e5330e8d51341c6378 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Fri, 24 Mar 2023 10:04:46 -0400 Subject: [PATCH] Refactor to DataFlow::Global --- .../lib/semmle/code/java/security/GroovyInjectionQuery.qll | 2 +- .../ql/lib/semmle/code/java/security/JexlInjectionQuery.qll | 6 +++--- .../ql/lib/semmle/code/java/security/JndiInjectionQuery.qll | 6 +++--- .../ql/lib/semmle/code/java/security/MvelInjectionQuery.qll | 2 +- .../ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll | 2 +- .../ql/lib/semmle/code/java/security/SpelInjectionQuery.qll | 6 +++--- java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll | 4 ++-- .../semmle/code/java/security/TemplateInjectionQuery.qll | 2 +- .../ql/lib/semmle/code/java/security/XsltInjectionQuery.qll | 6 +++--- .../code/java/security/regexp/RegexInjectionQuery.qll | 2 +- java/ql/src/Security/CWE/CWE-074/JndiInjection.ql | 2 +- java/ql/src/Security/CWE/CWE-074/XsltInjection.ql | 2 +- java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql | 2 +- java/ql/src/Security/CWE/CWE-094/JexlInjection.ql | 2 +- java/ql/src/Security/CWE/CWE-094/MvelInjection.ql | 2 +- java/ql/src/Security/CWE/CWE-094/SpelInjection.ql | 2 +- java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql | 2 +- java/ql/src/Security/CWE/CWE-730/RegexInjection.ql | 2 +- java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql | 2 +- .../test/query-tests/security/CWE-074/JndiInjectionTest.ql | 2 +- .../test/query-tests/security/CWE-074/XsltInjectionTest.ql | 2 +- .../query-tests/security/CWE-094/GroovyInjectionTest.ql | 2 +- .../test/query-tests/security/CWE-094/JexlInjectionTest.ql | 2 +- .../test/query-tests/security/CWE-094/MvelInjectionTest.ql | 2 +- .../test/query-tests/security/CWE-094/SpelInjectionTest.ql | 2 +- .../query-tests/security/CWE-094/TemplateInjectionTest.ql | 2 +- .../test/query-tests/security/CWE-730/RegexInjectionTest.ql | 2 +- .../test/query-tests/security/CWE-917/OgnlInjectionTest.ql | 2 +- 28 files changed, 37 insertions(+), 37 deletions(-) diff --git a/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll index f5ecf50fa2f..1d3c55398a5 100644 --- a/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll @@ -41,4 +41,4 @@ module GroovyInjectionConfig implements DataFlow::ConfigSig { * Detect taint flow of unsafe user input * that is used to evaluate a Groovy expression. */ -module GroovyInjectionFlow = TaintTracking::Make; +module GroovyInjectionFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll index e0ce78574bc..4138b851e85 100644 --- a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll @@ -76,7 +76,7 @@ module JexlInjectionConfig implements DataFlow::ConfigSig { * Tracks unsafe user input that is used to construct and evaluate a JEXL expression. * It supports both JEXL 2 and 3. */ -module JexlInjectionFlow = TaintTracking::Make; +module JexlInjectionFlow = TaintTracking::Global; /** * Holds if `n1` to `n2` is a dataflow step that creates a JEXL script using an unsafe engine @@ -122,7 +122,7 @@ private predicate createJexlTemplateStep(DataFlow::Node n1, DataFlow::Node n2) { /** * Holds if `expr` is a JEXL engine that is configured with a sandbox. */ -private predicate isSafeEngine(Expr expr) { SandboxedJexlFlow::hasFlowToExpr(expr) } +private predicate isSafeEngine(Expr expr) { SandboxedJexlFlow::flowToExpr(expr) } /** * A configuration for tracking sandboxed JEXL engines. @@ -145,7 +145,7 @@ private module SandboxedJexlFlowConfig implements DataFlow::ConfigSig { } } -private module SandboxedJexlFlow = DataFlow::Make; +private module SandboxedJexlFlow = DataFlow::Global; /** * Defines a data flow source for JEXL engines configured with a sandbox. diff --git a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll index 81a52bdeaeb..225627fc5de 100644 --- a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll @@ -47,14 +47,14 @@ module JndiInjectionFlowConfig implements DataFlow::ConfigSig { } /** Tracks flow of unvalidated user input that is used in JNDI lookup */ -module JndiInjectionFlow = TaintTracking::Make; +module JndiInjectionFlow = TaintTracking::Global; /** * A method that does a JNDI lookup when it receives a `SearchControls` argument with `setReturningObjFlag` = `true` */ private class UnsafeSearchControlsSink extends JndiInjectionSink { UnsafeSearchControlsSink() { - exists(MethodAccess ma | UnsafeSearchControlsFlow::hasFlowToExpr(ma.getAnArgument()) | + exists(MethodAccess ma | UnsafeSearchControlsFlow::flowToExpr(ma.getAnArgument()) | this.asExpr() = ma.getArgument(0) ) } @@ -70,7 +70,7 @@ private module UnsafeSearchControlsConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeSearchControlsArgument } } -private module UnsafeSearchControlsFlow = DataFlow::Make; +private module UnsafeSearchControlsFlow = DataFlow::Global; /** * An argument of type `SearchControls` of an `LdapOperations.search` or `DirContext.search` call. diff --git a/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll index 393ccd0f4f8..a87d7554dd7 100644 --- a/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll @@ -44,4 +44,4 @@ module MvelInjectionFlowConfig implements DataFlow::ConfigSig { } /** Tracks flow of unsafe user input that is used to construct and evaluate a MVEL expression. */ -module MvelInjectionFlow = TaintTracking::Make; +module MvelInjectionFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll index 4501b4fe0c3..d0dfdda94a4 100644 --- a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll @@ -43,4 +43,4 @@ module OgnlInjectionFlowConfig implements DataFlow::ConfigSig { } /** Tracks flow of unvalidated user input that is used in OGNL EL evaluation. */ -module OgnlInjectionFlow = TaintTracking::Make; +module OgnlInjectionFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll index 67e5f053f2d..e54515f4827 100644 --- a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll @@ -39,7 +39,7 @@ module SpelInjectionConfig implements DataFlow::ConfigSig { } /** Tracks flow of unsafe user input that is used to construct and evaluate a SpEL expression. */ -module SpelInjectionFlow = TaintTracking::Make; +module SpelInjectionFlow = TaintTracking::Global; /** Default sink for SpEL injection vulnerabilities. */ private class DefaultSpelExpressionEvaluationSink extends SpelExpressionEvaluationSink { @@ -47,7 +47,7 @@ private class DefaultSpelExpressionEvaluationSink extends SpelExpressionEvaluati exists(MethodAccess ma | ma.getMethod() instanceof ExpressionEvaluationMethod and ma.getQualifier() = this.asExpr() and - not SafeEvaluationContextFlow::hasFlowToExpr(ma.getArgument(0)) + not SafeEvaluationContextFlow::flowToExpr(ma.getArgument(0)) ) } } @@ -68,7 +68,7 @@ private module SafeEvaluationContextFlowConfig implements DataFlow::ConfigSig { int fieldFlowBranchLimit() { result = 0 } } -private module SafeEvaluationContextFlow = DataFlow::Make; +private module SafeEvaluationContextFlow = DataFlow::Global; /** * A `ContextSource` that is safe from SpEL injection. diff --git a/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll index 71cb56d79c1..089ac1132ef 100644 --- a/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll @@ -53,7 +53,7 @@ module QueryInjectionFlowConfig implements DataFlow::ConfigSig { } /** Tracks flow of unvalidated user input that is used in SQL queries. */ -module QueryInjectionFlow = TaintTracking::Make; +module QueryInjectionFlow = TaintTracking::Global; /** * Implementation of `SqlTainted.ql`. This is extracted to a QLL so that it @@ -62,5 +62,5 @@ module QueryInjectionFlow = TaintTracking::Make; predicate queryTaintedBy( QueryInjectionSink query, QueryInjectionFlow::PathNode source, QueryInjectionFlow::PathNode sink ) { - QueryInjectionFlow::hasFlowPath(source, sink) and sink.getNode() = query + QueryInjectionFlow::flowPath(source, sink) and sink.getNode() = query } diff --git a/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll index aee797046f7..783c368482c 100644 --- a/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll @@ -71,4 +71,4 @@ module TemplateInjectionFlowConfig implements DataFlow::StateConfigSig { } /** Tracks server-side template injection (SST) vulnerabilities */ -module TemplateInjectionFlow = TaintTracking::MakeWithState; +module TemplateInjectionFlow = TaintTracking::GlobalWithState; diff --git a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll index 9aa9ca71613..5622ef60a84 100644 --- a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll @@ -47,7 +47,7 @@ module XsltInjectionFlowConfig implements DataFlow::ConfigSig { /** * Tracks flow from unvalidated user input to XSLT transformation. */ -module XsltInjectionFlow = TaintTracking::Make; +module XsltInjectionFlow = TaintTracking::Global; /** * A set of additional taint steps to consider when taint tracking XSLT related data flows. @@ -70,7 +70,7 @@ private predicate newTransformerOrTemplatesStep(DataFlow::Node n1, DataFlow::Nod n2.asExpr() = ma and m.getDeclaringType() instanceof TransformerFactory and m.hasName(["newTransformer", "newTemplates"]) and - not TransformerFactoryWithSecureProcessingFeatureFlow::hasFlowToExpr(ma.getQualifier()) + not TransformerFactoryWithSecureProcessingFeatureFlow::flowToExpr(ma.getQualifier()) ) } @@ -99,7 +99,7 @@ private module TransformerFactoryWithSecureProcessingFeatureFlowConfig implement } private module TransformerFactoryWithSecureProcessingFeatureFlow = - DataFlow::Make; + DataFlow::Global; /** A `ParserConfig` specific to `TransformerFactory`. */ private class TransformerFactoryFeatureConfig extends ParserConfig { diff --git a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll index d0a7bd7d7f3..af8b4e204a1 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll @@ -31,4 +31,4 @@ module RegexInjectionConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node instanceof RegexInjectionSanitizer } } -module RegexInjectionFlow = TaintTracking::Make; +module RegexInjectionFlow = TaintTracking::Global; diff --git a/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql b/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql index 7e22c4205d1..900f3d923b3 100644 --- a/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +++ b/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.JndiInjectionQuery import JndiInjectionFlow::PathGraph from JndiInjectionFlow::PathNode source, JndiInjectionFlow::PathNode sink -where JndiInjectionFlow::hasFlowPath(source, sink) +where JndiInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "JNDI lookup might include name from $@.", source.getNode(), "this user input" diff --git a/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql b/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql index 2888b91b3bf..9cf98aea259 100644 --- a/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +++ b/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.XsltInjectionQuery import XsltInjectionFlow::PathGraph from XsltInjectionFlow::PathNode source, XsltInjectionFlow::PathNode sink -where XsltInjectionFlow::hasFlowPath(source, sink) +where XsltInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XSLT transformation might include stylesheet from $@.", source.getNode(), "this user input" diff --git a/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql b/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql index 1f077d36f3c..98ae9f2fef3 100644 --- a/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +++ b/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.GroovyInjectionQuery import GroovyInjectionFlow::PathGraph from GroovyInjectionFlow::PathNode source, GroovyInjectionFlow::PathNode sink -where GroovyInjectionFlow::hasFlowPath(source, sink) +where GroovyInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Groovy script depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql b/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql index d2ca8a2a8d9..5335235d748 100644 --- a/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +++ b/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.JexlInjectionQuery import JexlInjectionFlow::PathGraph from JexlInjectionFlow::PathNode source, JexlInjectionFlow::PathNode sink -where JexlInjectionFlow::hasFlowPath(source, sink) +where JexlInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "JEXL expression depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql b/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql index e10ecf1bf21..d7b033cabea 100644 --- a/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +++ b/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.MvelInjectionQuery import MvelInjectionFlow::PathGraph from MvelInjectionFlow::PathNode source, MvelInjectionFlow::PathNode sink -where MvelInjectionFlow::hasFlowPath(source, sink) +where MvelInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "MVEL expression depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql b/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql index 6963dfb22a6..fe1a434cd71 100644 --- a/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +++ b/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql @@ -17,6 +17,6 @@ import semmle.code.java.dataflow.DataFlow import SpelInjectionFlow::PathGraph from SpelInjectionFlow::PathNode source, SpelInjectionFlow::PathNode sink -where SpelInjectionFlow::hasFlowPath(source, sink) +where SpelInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "SpEL expression depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql b/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql index 279881f95a0..6e405cf9b82 100644 --- a/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +++ b/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.TemplateInjectionQuery import TemplateInjectionFlow::PathGraph from TemplateInjectionFlow::PathNode source, TemplateInjectionFlow::PathNode sink -where TemplateInjectionFlow::hasFlowPath(source, sink) +where TemplateInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Template, which may contain code, depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql b/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql index 954bc8337fe..64fe906658b 100644 --- a/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +++ b/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql @@ -18,6 +18,6 @@ import semmle.code.java.security.regexp.RegexInjectionQuery import RegexInjectionFlow::PathGraph from RegexInjectionFlow::PathNode source, RegexInjectionFlow::PathNode sink -where RegexInjectionFlow::hasFlowPath(source, sink) +where RegexInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This regular expression is constructed from a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql index 7a033b51ba2..964360a96bf 100644 --- a/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +++ b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.OgnlInjectionQuery import OgnlInjectionFlow::PathGraph from OgnlInjectionFlow::PathNode source, OgnlInjectionFlow::PathNode sink -where OgnlInjectionFlow::hasFlowPath(source, sink) +where OgnlInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "OGNL Expression Language statement depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.ql b/java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.ql index e6824300b86..7a6141b93ce 100644 --- a/java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.ql @@ -9,7 +9,7 @@ class HasJndiInjectionTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasJndiInjection" and - exists(DataFlow::Node sink | JndiInjectionFlow::hasFlowTo(sink) | + exists(DataFlow::Node sink | JndiInjectionFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-074/XsltInjectionTest.ql b/java/ql/test/query-tests/security/CWE-074/XsltInjectionTest.ql index a8c79964742..1f5a3030cdb 100644 --- a/java/ql/test/query-tests/security/CWE-074/XsltInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-074/XsltInjectionTest.ql @@ -11,7 +11,7 @@ class HasXsltInjectionTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasXsltInjection" and - exists(DataFlow::Node sink | XsltInjectionFlow::hasFlowTo(sink) | + exists(DataFlow::Node sink | XsltInjectionFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-094/GroovyInjectionTest.ql b/java/ql/test/query-tests/security/CWE-094/GroovyInjectionTest.ql index 3eb01533bdd..9d979f125a8 100644 --- a/java/ql/test/query-tests/security/CWE-094/GroovyInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-094/GroovyInjectionTest.ql @@ -11,7 +11,7 @@ class HasGroovyInjectionTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasGroovyInjection" and - exists(DataFlow::Node sink | GroovyInjectionFlow::hasFlowTo(sink) | + exists(DataFlow::Node sink | GroovyInjectionFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-094/JexlInjectionTest.ql b/java/ql/test/query-tests/security/CWE-094/JexlInjectionTest.ql index 729cc69cf7d..9593ae1a8ee 100644 --- a/java/ql/test/query-tests/security/CWE-094/JexlInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-094/JexlInjectionTest.ql @@ -9,7 +9,7 @@ class JexlInjectionTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasJexlInjection" and - exists(DataFlow::Node sink | JexlInjectionFlow::hasFlowTo(sink) | + exists(DataFlow::Node sink | JexlInjectionFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-094/MvelInjectionTest.ql b/java/ql/test/query-tests/security/CWE-094/MvelInjectionTest.ql index b3ffdc6d5ca..8dc4127cbf1 100644 --- a/java/ql/test/query-tests/security/CWE-094/MvelInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-094/MvelInjectionTest.ql @@ -11,7 +11,7 @@ class HasMvelInjectionTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasMvelInjection" and - exists(DataFlow::Node sink | MvelInjectionFlow::hasFlowTo(sink) | + exists(DataFlow::Node sink | MvelInjectionFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-094/SpelInjectionTest.ql b/java/ql/test/query-tests/security/CWE-094/SpelInjectionTest.ql index 92bd3b2114e..78e147849f1 100644 --- a/java/ql/test/query-tests/security/CWE-094/SpelInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-094/SpelInjectionTest.ql @@ -11,7 +11,7 @@ class HasSpelInjectionTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasSpelInjection" and - exists(DataFlow::Node sink | SpelInjectionFlow::hasFlowTo(sink) | + exists(DataFlow::Node sink | SpelInjectionFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-094/TemplateInjectionTest.ql b/java/ql/test/query-tests/security/CWE-094/TemplateInjectionTest.ql index cc834b07a6b..7e0a7ae1ae2 100644 --- a/java/ql/test/query-tests/security/CWE-094/TemplateInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-094/TemplateInjectionTest.ql @@ -9,7 +9,7 @@ class TemplateInjectionTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasTemplateInjection" and - exists(DataFlow::Node sink | TemplateInjectionFlow::hasFlowTo(sink) | + exists(DataFlow::Node sink | TemplateInjectionFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql b/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql index 2a9b34fc4cd..f42de310988 100644 --- a/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql @@ -9,7 +9,7 @@ class RegexInjectionTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasRegexInjection" and - exists(RegexInjectionFlow::PathNode sink | RegexInjectionFlow::hasFlowPath(_, sink) | + exists(RegexInjectionFlow::PathNode sink | RegexInjectionFlow::flowPath(_, sink) | location = sink.getNode().getLocation() and element = sink.getNode().toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-917/OgnlInjectionTest.ql b/java/ql/test/query-tests/security/CWE-917/OgnlInjectionTest.ql index cc3482dfe75..68db2593628 100644 --- a/java/ql/test/query-tests/security/CWE-917/OgnlInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-917/OgnlInjectionTest.ql @@ -9,7 +9,7 @@ class OgnlInjectionTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasOgnlInjection" and - exists(DataFlow::Node sink | OgnlInjectionFlow::hasFlowTo(sink) | + exists(DataFlow::Node sink | OgnlInjectionFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = ""