Ruby: Simplify imports

hmac · hmac · commit 025e34d8e145 · 2022-08-17T16:03:48.000+12:00
diff --git a/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationQuery.qll b/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationQuery.qll
@@ -12,7 +12,7 @@ private import codeql.ruby.security.IncompleteMultiCharacterSanitization
  * `dangerous` which matches a dangerous string beginning with `prefix`, in
  * attempt to avoid a vulnerability of kind `kind`.
  */
-predicate hasResult(
+query predicate problems(
   StringSubstitutionCall replace, EmptyReplaceRegExpTerm dangerous, string prefix, string kind
 ) {
   exists(EmptyReplaceRegExpTerm regexp |
diff --git a/ruby/ql/src/queries/security/cwe-116/IncompleteMultiCharacterSanitization.ql b/ruby/ql/src/queries/security/cwe-116/IncompleteMultiCharacterSanitization.ql
@@ -13,15 +13,11 @@
  *       external/cwe/cwe-116
  */
 
-import ruby
-import codeql.ruby.frameworks.core.String
 import codeql.ruby.DataFlow
-import codeql.ruby.security.IncompleteMultiCharacterSanitizationQuery
-import codeql.ruby.security.IncompleteMultiCharacterSanitizationSpecific as Specific
+import codeql.ruby.security.IncompleteMultiCharacterSanitizationQuery as Query
+import codeql.ruby.regexp.RegExpTreeView
 
-from
-  StringSubstitutionCall replace, Specific::EmptyReplaceRegExpTerm dangerous, string prefix,
-  string kind
-where hasResult(replace, dangerous, prefix, kind)
+from DataFlow::Node replace, RegExpTerm dangerous, string prefix, string kind
+where Query::problems(replace, dangerous, prefix, kind)
 select replace, "This string may still contain $@, which may cause a " + kind + " vulnerability.",
   dangerous, prefix
diff --git a/ruby/ql/test/query-tests/security/cwe-116/IncompleteMultiCharacterSanitization/IncompleteMultiCharacterSanitization.ql b/ruby/ql/test/query-tests/security/cwe-116/IncompleteMultiCharacterSanitization/IncompleteMultiCharacterSanitization.ql
@@ -3,9 +3,9 @@
  */
 
 import ruby
+import codeql.ruby.regexp.RegExpTreeView as RETV
+import codeql.ruby.DataFlow
 import codeql.ruby.security.IncompleteMultiCharacterSanitizationQuery as Query
-import codeql.ruby.security.IncompleteMultiCharacterSanitizationSpecific as Specific
-import codeql.ruby.frameworks.core.String
 import TestUtilities.InlineExpectationsTest
 
 class Test extends InlineExpectationsTest {
@@ -20,15 +20,12 @@ class Test extends InlineExpectationsTest {
 }
 
 predicate hasResult(Location location, string element, string value) {
-  exists(
-    StringSubstitutionCall replace, Specific::EmptyReplaceRegExpTerm dangerous, string prefix,
-    string kind
-  |
+  exists(DataFlow::Node replace, RETV::RegExpTerm dangerous, string prefix, string kind |
     replace.getLocation() = location and
     element = replace.toString() and
     value = shortKind(kind)
   |
-    Query::hasResult(replace, dangerous, prefix, kind)
+    Query::problems(replace, dangerous, prefix, kind)
   )
 }
 
