Skip to content

Commit 85b5ef3

Browse files
jorgectfjorgectf
committed
XmlInjection -> XmlEntityInjection 
1 parent b00051e commit 85b5ef3

File tree

8 files changed

+18
-16
lines changed

8 files changed

+18
-16
lines changed

python/ql/src/experimental/Security/CWE-611/XmlInjection.py renamed to python/ql/src/experimental/Security/CWE-611/XmlEntityInjection.py

File renamed without changes.

python/ql/src/experimental/Security/CWE-611/XmlInjection.qhelp renamed to python/ql/src/experimental/Security/CWE-611/XmlEntityInjection.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ to prevent any potentially malicious operation.
2626
The following example calls <code>xml.etree.ElementTree.fromstring</code> using a parser (<code>lxml.etree.XMLParser</code>)
2727
that is not safely configured on untrusted data, and is therefore inherently unsafe.
2828
</p>
29-
<sample src="XmlInjection.py"/>
29+
<sample src="XmlEntityInjection.py"/>
3030
<p>
3131
Providing an input (<code>xml_content</code>) like the following XML content against /bad, the request response would contain the contents of
3232
<code>/etc/passwd</code>.

python/ql/src/experimental/Security/CWE-611/XmlInjection.ql renamed to python/ql/src/experimental/Security/CWE-611/XmlEntityInjection.ql

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
/**
2-
* @name XML injection
3-
* @description User input should not be parsed without security options enabled.
2+
* @name XML Entity injection
3+
* @description User input should not be parsed allowing the injection of entities.
44
* @kind path-problem
55
* @problem.severity error
6-
* @id py/xml-injection
6+
* @id py/xml-entity-injection
77
* @tags security
88
* external/cwe/cwe-611
99
* external/cwe/cwe-776
@@ -12,11 +12,11 @@
1212

1313
// determine precision above
1414
import python
15-
import experimental.semmle.python.security.dataflow.XmlInjection
15+
import experimental.semmle.python.security.dataflow.XmlEntityInjection
1616
import DataFlow::PathGraph
1717

1818
from DataFlow::PathNode source, DataFlow::PathNode sink, string kind
19-
where XmlInjection::xmlInjectionVulnerable(source, sink, kind)
19+
where XmlEntityInjection::xmlEntityInjectionVulnerable(source, sink, kind)
2020
select sink.getNode(), source, sink,
2121
"$@ XML input is constructed from a $@ and is vulnerable to " + kind + ".", sink.getNode(),
2222
"This", source.getNode(), "user-provided value"

python/ql/src/experimental/semmle/python/security/dataflow/XmlInjection.qll renamed to python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjection.qll

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,11 @@ import semmle.python.dataflow.new.TaintTracking
55
import semmle.python.dataflow.new.RemoteFlowSources
66
import semmle.python.dataflow.new.BarrierGuards
77

8-
module XmlInjection {
9-
import XmlInjectionCustomizations::XmlInjection
8+
module XmlEntityInjection {
9+
import XmlEntityInjectionCustomizations::XmlEntityInjection
1010

11-
class XMLInjectionConfiguration extends TaintTracking::Configuration {
12-
XMLInjectionConfiguration() { this = "XMLInjectionConfiguration" }
11+
class XmlEntityInjectionConfiguration extends TaintTracking::Configuration {
12+
XmlEntityInjectionConfiguration() { this = "XmlEntityInjectionConfiguration" }
1313

1414
override predicate isSource(DataFlow::Node source) {
1515
source instanceof RemoteFlowSourceAsSource
@@ -29,13 +29,15 @@ module XmlInjection {
2929
private import DataFlow::PathGraph
3030

3131
/** Holds if there is an XML injection from `source` to `sink` */
32-
predicate xmlInjection(DataFlow::PathNode source, DataFlow::PathNode sink) {
33-
any(XMLInjectionConfiguration xmlInjectionConfig).hasFlowPath(source, sink)
32+
predicate xmlEntityInjection(DataFlow::PathNode source, DataFlow::PathNode sink) {
33+
any(XmlEntityInjectionConfiguration x).hasFlowPath(source, sink)
3434
}
3535

3636
/** Holds if there is an XML injection from `source` to `sink` vulnerable to `kind` */
37-
predicate xmlInjectionVulnerable(DataFlow::PathNode source, DataFlow::PathNode sink, string kind) {
38-
xmlInjection(source, sink) and
37+
predicate xmlEntityInjectionVulnerable(
38+
DataFlow::PathNode source, DataFlow::PathNode sink, string kind
39+
) {
40+
xmlEntityInjection(source, sink) and
3941
(
4042
xmlParsingInputAsVulnerableSink(sink.getNode(), kind) or
4143
xmlParserInputAsVulnerableSink(sink.getNode(), kind)

python/ql/src/experimental/semmle/python/security/dataflow/XmlInjectionCustomizations.qll renamed to python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjectionCustomizations.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ private import semmle.python.ApiGraphs
1515
* Provides default sources, sinks and sanitizers for detecting "xml injection"
1616
* vulnerabilities, as well as extension points for adding your own.
1717
*/
18-
module XmlInjection {
18+
module XmlEntityInjection {
1919
/**
2020
* A data flow source for "xml injection" vulnerabilities.
2121
*/

python/ql/test/experimental/query-tests/Security/CWE-611/XmlInjection.expected renamed to python/ql/test/experimental/query-tests/Security/CWE-611/XmlEntityInjection.expected

File renamed without changes.

python/ql/test/experimental/query-tests/Security/CWE-611/XmlEntityInjection.qlref

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
experimental/Security/CWE-611/XmlEntityInjection.ql

python/ql/test/experimental/query-tests/Security/CWE-611/XmlInjection.qlref

Lines changed: 0 additions & 1 deletion
This file was deleted.

0 commit comments

Comments
 (0)