@@ -334,6 +334,7 @@ module CodeExecution {
334334
335335/**
336336 * A data-flow node that constructs an SQL statement.
337+ *
337338 * Often, it is worthy of an alert if an SQL statement is constructed such that
338339 * executing it would be a security risk.
339340 *
@@ -355,11 +356,14 @@ class SqlConstruction extends DataFlow::Node {
355356module SqlConstruction {
356357 /**
357358 * A data-flow node that constructs an SQL statement.
359+ *
358360 * Often, it is worthy of an alert if an SQL statement is constructed such that
359361 * executing it would be a security risk.
360362 *
363+ * If it is important that the SQL statement is indeed executed, then use `SQLExecution`.
364+ *
361365 * Extend this class to model new APIs. If you want to refine existing API models,
362- * extend `SqlExecution ` instead.
366+ * extend `SqlConstruction ` instead.
363367 */
364368 abstract class Range extends DataFlow:: Node {
365369 /** Gets the argument that specifies the SQL statements to be constructed. */
@@ -449,9 +453,49 @@ module RegexExecution {
449453 }
450454}
451455
456+ /**
457+ * A data-flow node that constructs an XPath expression.
458+ *
459+ * Often, it is worthy of an alert if an XPath expression is constructed such that
460+ * executing it would be a security risk.
461+ *
462+ * If it is important that the XPath expression is indeed executed, then use `XPathExecution`.
463+ *
464+ * Extend this class to refine existing API models. If you want to model new APIs,
465+ * extend `XPathConstruction::Range` instead.
466+ */
467+ class XPathConstruction extends DataFlow:: Node {
468+ XPathConstruction:: Range range ;
469+
470+ XPathConstruction ( ) { this = range }
471+
472+ /** Gets the argument that specifies the XPath expressions to be constructed. */
473+ DataFlow:: Node getXPath ( ) { result = range .getXPath ( ) }
474+ }
475+
476+ /** Provides a class for modeling new XPath construction APIs. */
477+ module XPathConstruction {
478+ /**
479+ * A data-flow node that constructs an XPath expression.
480+ *
481+ * Often, it is worthy of an alert if an XPath expression is constructed such that
482+ * executing it would be a security risk.
483+ *
484+ * Extend this class to model new APIs. If you want to refine existing API models,
485+ * extend `XPathConstruction` instead.
486+ */
487+ abstract class Range extends DataFlow:: Node {
488+ /** Gets the argument that specifies the XPath expressions to be constructed. */
489+ abstract DataFlow:: Node getXPath ( ) ;
490+ }
491+ }
492+
452493/**
453494 * A data-flow node that executes a xpath expression.
454495 *
496+ * If the context of interest is such that merely constructing an XPath expression
497+ * would be valuabe to report, then consider using `XPathConstruction`.
498+ *
455499 * Extend this class to refine existing API models. If you want to model new APIs,
456500 * extend `XPathExecution::Range` instead.
457501 */
@@ -460,14 +504,14 @@ class XPathExecution extends DataFlow::Node {
460504
461505 XPathExecution ( ) { this = range }
462506
463- /** Gets the data flow node for the xpath expression being executed by this node. */
507+ /** Gets the data flow node for the XPath expression being executed by this node. */
464508 DataFlow:: Node getXPath ( ) { result = range .getXPath ( ) }
465509
466- /** Gets a dataflow node for the tree in which the xpath is being evaluated. */
510+ /** Gets a dataflow node for the tree in which the XPath expression is being evaluated. */
467511 DataFlow:: Node getTree ( ) { result = range .getTree ( ) }
468512
469513 /**
470- * Gets the name of this xpath expression execution, typically the name of an executing method.
514+ * Gets the name of this XPath expression execution, typically the name of an executing method.
471515 * This is used for nice alert messages and should include the module if possible.
472516 */
473517 string getName ( ) { result = range .getName ( ) }
@@ -476,16 +520,19 @@ class XPathExecution extends DataFlow::Node {
476520/** Provides classes for modeling new regular-expression execution APIs. */
477521module XPathExecution {
478522 /**
479- * A data-flow node that executes a xpath expression.
523+ * A data-flow node that executes a XPath expression.
524+ *
525+ * If the context of interest is such that merely constructing an XPath expression
526+ * would be valuabe to report, then consider using `XPathConstruction`.
480527 *
481528 * Extend this class to model new APIs. If you want to refine existing API models,
482529 * extend `XPathExecution` instead.
483530 */
484531 abstract class Range extends DataFlow:: Node {
485- /** Gets the data flow node for the xpath expression being executed by this node. */
532+ /** Gets the data flow node for the XPath expression being executed by this node. */
486533 abstract DataFlow:: Node getXPath ( ) ;
487534
488- /** Gets a dataflow node for the tree in which the xpath is being evaluated. */
535+ /** Gets a dataflow node for the tree in which the XPath expression is being evaluated. */
489536 abstract DataFlow:: Node getTree ( ) ;
490537
491538 /**
0 commit comments