Deprecated and replace uses of old name ServletWriterSource

smowton · smowton · commit a1ad1ddc1025 · 2021-09-14T14:21:29.000+01:00
diff --git a/java/ql/lib/semmle/code/java/security/XSS.qll b/java/ql/lib/semmle/code/java/security/XSS.qll
@@ -149,6 +149,11 @@ class XssVulnerableWriterSource extends MethodAccess {
   }
 }
 
+/**
+ * DEPRECATED: Use `XssVulnerableWriterSource` instead.
+ */
+deprecated class ServletWriterSource = XssVulnerableWriterSource;
+
 /**
  * Holds if `s` is an HTTP Content-Type vulnerable to XSS.
  */
diff --git a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
@@ -36,7 +36,9 @@ class ServletWriterSourceToPrintStackTraceMethodFlowConfig extends TaintTracking
     this = "StackTraceExposure::ServletWriterSourceToPrintStackTraceMethodFlowConfig"
   }
 
-  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ServletWriterSource }
+  override predicate isSource(DataFlow::Node src) {
+    src.asExpr() instanceof XssVulnerableWriterSource
+  }
 
   override predicate isSink(DataFlow::Node sink) {
     exists(MethodAccess ma |

Original file line number	Diff line number	Diff line change
`@@ -149,6 +149,11 @@ class XssVulnerableWriterSource extends MethodAccess {`
`149`	`149`	`}`
`150`	`150`	`}`
`151`	`151`
	`152`	`+/**`
	`153`	+ * DEPRECATED: Use `XssVulnerableWriterSource` instead.
	`154`	`+ */`
	`155`	`+deprecated class ServletWriterSource = XssVulnerableWriterSource;`
	`156`	`+`
`152`	`157`	`/**`
`153`	`158`	* Holds if `s` is an HTTP Content-Type vulnerable to XSS.
`154`	`159`	`*/`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,9 @@ class ServletWriterSourceToPrintStackTraceMethodFlowConfig extends TaintTracking`
`36`	`36`	`this = "StackTraceExposure::ServletWriterSourceToPrintStackTraceMethodFlowConfig"`
`37`	`37`	`}`
`38`	`38`
`39`		`- override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ServletWriterSource }`
	`39`	`+ override predicate isSource(DataFlow::Node src) {`
	`40`	`+ src.asExpr() instanceof XssVulnerableWriterSource`
	`41`	`+ }`
`40`	`42`
`41`	`43`	`override predicate isSink(DataFlow::Node sink) {`
`42`	`44`	`exists(MethodAccess ma \|`