change naming of StringSplitCall methods

2026-04-29 18:55:14 +02:00 · 2020-05-05 13:27:14 +02:00
parent 4a26c293c1
commit fe02137d0b
5 changed files with 10 additions and 10 deletions
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
@@ -28,9 +28,9 @@ class DangerousScheme extends string {
 DataFlow::SourceNode schemeOf(DataFlow::Node url) {
  // url.split(":")[0]
  exists(StringSplitCall split |
-    split.getSplitAt() = ":" and
+    split.getSeparator() = ":" and
    result = split.getAnElementRead(0) and
-    url = split.getUnsplit()
+    url = split.getBaseString()
  )
  or
  // url.getScheme(), url.getProtocol(), getScheme(url), getProtocol(url)
--- a/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql
+++ b/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql
@@ -23,8 +23,8 @@ import semmle.javascript.DynamicPropertyAccess
 */
 class SplitCall extends StringSplitCall {
  SplitCall() {
-    getSplitAt() = "." and
-    getUnsplit() instanceof ParameterNode
+    getSeparator() = "." and
+    getBaseString() instanceof ParameterNode
  }
 }

--- a/javascript/ql/src/semmle/javascript/StandardLibrary.qll
+++ b/javascript/ql/src/semmle/javascript/StandardLibrary.qll
@@ -170,9 +170,9 @@ class StringSplitCall extends DataFlow::MethodCallNode {
  }

  /**
-   * Gets a the SourceNode for the string before it is split.
+   * Gets the DataFlow::Node for the base string that is split.
   */
-  DataFlow::SourceNode getUnsplit() { result = getReceiver().getALocalSource() }
+  DataFlow::Node getBaseString() { result = getReceiver() }

  /**
   * Gets a read of the `i`th element from the split string.
--- a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll
@@ -98,8 +98,8 @@ module TaintedPath {
      )
      or
      // A `str.split()` call can either split into path elements (`str.split("/")`) or split by some other string.
-      exists(StringSplitCall mcn | dst = mcn and mcn.getUnsplit() = src |
-        if mcn.getSplitAt() = "/"
+      exists(StringSplitCall mcn | dst = mcn and mcn.getBaseString() = src |
+        if mcn.getSeparator() = "/"
        then
          srclabel.(Label::PosixPath).canContainDotDotSlash() and
          dstlabel instanceof Label::SplitPath
--- a/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
@@ -286,8 +286,8 @@ module DomBasedXss {

    QueryPrefixSanitizer() {
      this = splitCall.getAnElementRead(0) and
-      splitCall.getSplitAt() = "?" and
-      splitCall.getUnsplit() = [DOM::locationRef(), DOM::locationRef().getAPropertyRead("href")]
+      splitCall.getSeparator() = "?" and
+      splitCall.getBaseString().getALocalSource() = [DOM::locationRef(), DOM::locationRef().getAPropertyRead("href")]
    }
  }