Replace uses of StringConstCompare

joefarebrother · joefarebrother · commit 3001a570b25a · 2024-09-20T14:47:22.000+01:00
diff --git a/python/ql/lib/semmle/python/security/dataflow/CodeInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionCustomizations.qll
@@ -49,7 +49,10 @@ module CodeInjection {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizer extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 }
diff --git a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionCustomizations.qll
@@ -84,7 +84,10 @@ module CommandInjection {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 }
diff --git a/python/ql/lib/semmle/python/security/dataflow/LdapInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/LdapInjectionCustomizations.qll
@@ -61,15 +61,20 @@ module LdapInjection {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsDnSanitizerGuard extends DnSanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsDnSanitizerGuard extends DnSanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsDnSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsDnSanitizerGuard;
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsFilterSanitizerGuard extends FilterSanitizer, StringConstCompareBarrier {
-  }
+  class ConstCompareAsFilterSanitizerGuard extends FilterSanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsFilterSanitizerGuard instead. */
+  deprecated class StringConstCompareAsFilterSanitizerGuard = ConstCompareAsFilterSanitizerGuard;
 
   /**
    * A call to replace line breaks functions as a sanitizer.
diff --git a/python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll
@@ -77,9 +77,12 @@ module LogInjection {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 
   /**
    * A call to replace line breaks, considered as a sanitizer.
diff --git a/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll
@@ -87,7 +87,10 @@ module PathInjection {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 }
diff --git a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll
@@ -70,7 +70,10 @@ module PolynomialReDoS {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 }
diff --git a/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll
@@ -75,7 +75,10 @@ module ReflectedXss {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 }
diff --git a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
@@ -72,9 +72,12 @@ module ServerSideRequestForgery {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 
   /**
    * A string construction (concat, format, f-string) where the left side is not
diff --git a/python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll
@@ -51,9 +51,12 @@ module SqlInjection {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 
   private import semmle.python.frameworks.data.ModelsAsData
 
diff --git a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationCustomizations.qll
@@ -54,7 +54,10 @@ module UnsafeDeserialization {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 }
diff --git a/python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll
@@ -142,7 +142,7 @@ module UrlRedirect {
   /**
    * A comparison with a constant string, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier {
+  class StringConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier {
     override predicate sanitizes(FlowState state) {
       // sanitize all flow states
       any()
diff --git a/python/ql/src/experimental/Security/CWE-074/TemplateInjectionCustomizations.qll b/python/ql/src/experimental/Security/CWE-074/TemplateInjectionCustomizations.qll
@@ -45,7 +45,10 @@ module TemplateInjection {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 }
diff --git a/python/ql/src/experimental/Security/CWE-091/XsltInjectionCustomizations.qll b/python/ql/src/experimental/Security/CWE-091/XsltInjectionCustomizations.qll
@@ -52,7 +52,10 @@ module XsltInjection {
   }
 
   /**
-   * A comparison with a constant string, considered as a sanitizer-guard.
+   * A comparison with a constant, considered as a sanitizer-guard.
    */
-  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }
+  class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }
+
+  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
+  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
 }
diff --git a/python/ql/src/experimental/semmle/python/security/dataflow/EmailXss.qll b/python/ql/src/experimental/semmle/python/security/dataflow/EmailXss.qll
@@ -19,7 +19,7 @@ private module EmailXssConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node sanitizer) {
     sanitizer = any(HtmlEscaping esc).getOutput()
     or
-    sanitizer instanceof StringConstCompareBarrier
+    sanitizer instanceof ConstCompareBarrier
   }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
diff --git a/python/ql/src/experimental/semmle/python/security/injection/CsvInjection.qll b/python/ql/src/experimental/semmle/python/security/injection/CsvInjection.qll
@@ -15,7 +15,7 @@ private module CsvInjectionConfig implements DataFlow::ConfigSig {
 
   predicate isBarrier(DataFlow::Node node) {
     node = DataFlow::BarrierGuard<startsWithCheck/3>::getABarrierNode() or
-    node instanceof StringConstCompareBarrier
+    node instanceof ConstCompareBarrier
   }
 }
 
diff --git a/python/ql/test/library-tests/dataflow/tainttracking/commonSanitizer/InlineTaintTest.ql b/python/ql/test/library-tests/dataflow/tainttracking/commonSanitizer/InlineTaintTest.ql
@@ -6,7 +6,7 @@ module CustomSanitizerOverridesConfig implements DataFlow::ConfigSig {
 
   predicate isSink = TestTaintTrackingConfig::isSink/1;
 
-  predicate isBarrier(DataFlow::Node node) { node instanceof StringConstCompareBarrier }
+  predicate isBarrier(DataFlow::Node node) { node instanceof ConstCompareBarrier }
 }
 
 import MakeInlineTaintTest<CustomSanitizerOverridesConfig>

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,10 @@ module CodeInjection {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`/**`
`52`		`- * A comparison with a constant string, considered as a sanitizer-guard.`
	`52`	`+ * A comparison with a constant, considered as a sanitizer-guard.`
`53`	`53`	`*/`
`54`		`- class StringConstCompareAsSanitizer extends Sanitizer, StringConstCompareBarrier { }`
	`54`	`+ class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }`
	`55`	`+`
	`56`	`+ /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */`
	`57`	`+ deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;`
`55`	`58`	`}`
Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,10 @@ module CommandInjection {`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`/**`
`87`		`- * A comparison with a constant string, considered as a sanitizer-guard.`
	`87`	`+ * A comparison with a constant, considered as a sanitizer-guard.`
`88`	`88`	`*/`
`89`		`- class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }`
	`89`	`+ class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }`
	`90`	`+`
	`91`	`+ /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */`
	`92`	`+ deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;`
`90`	`93`	`}`
Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,10 @@ module PathInjection {`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`/**`
`90`		`- * A comparison with a constant string, considered as a sanitizer-guard.`
	`90`	`+ * A comparison with a constant, considered as a sanitizer-guard.`
`91`	`91`	`*/`
`92`		`- class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }`
	`92`	`+ class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }`
	`93`	`+`
	`94`	`+ /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */`
	`95`	`+ deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;`
`93`	`96`	`}`
Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,10 @@ module PolynomialReDoS {`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`/**`
`73`		`- * A comparison with a constant string, considered as a sanitizer-guard.`
	`73`	`+ * A comparison with a constant, considered as a sanitizer-guard.`
`74`	`74`	`*/`
`75`		`- class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }`
	`75`	`+ class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }`
	`76`	`+`
	`77`	`+ /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */`
	`78`	`+ deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;`
`76`	`79`	`}`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,10 @@ module ReflectedXss {`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`/**`
`78`		`- * A comparison with a constant string, considered as a sanitizer-guard.`
	`78`	`+ * A comparison with a constant, considered as a sanitizer-guard.`
`79`	`79`	`*/`
`80`		`- class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }`
	`80`	`+ class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }`
	`81`	`+`
	`82`	`+ /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */`
	`83`	`+ deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;`
`81`	`84`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,10 @@ module UnsafeDeserialization {`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`/**`
`57`		`- * A comparison with a constant string, considered as a sanitizer-guard.`
	`57`	`+ * A comparison with a constant, considered as a sanitizer-guard.`
`58`	`58`	`*/`
`59`		`- class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }`
	`59`	`+ class ConstCompareAsSanitizerGuard extends Sanitizer, ConstCompareBarrier { }`
	`60`	`+`
	`61`	`+ /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */`
	`62`	`+ deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;`
`60`	`63`	`}`