Skip to content

Commit bd5edc7

Browse files
MathiasVPMathiasVP
committed
Respond to review comments.
1 parent dfe932d commit bd5edc7

File tree

3 files changed

+9
-9
lines changed

3 files changed

+9
-9
lines changed

cpp/ql/lib/semmle/code/cpp/models/implementations/PostgreSql.qll

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -71,8 +71,8 @@ private class PostgreSqlExecutionFunction extends SqlExecutionFunction {
7171
}
7272
}
7373

74-
private class PostgreSqlEscapeFunction extends SqlEscapeFunction {
75-
PostgreSqlEscapeFunction() {
74+
private class PostgreSqlBarrierFunction extends SqlBarrierFunction {
75+
PostgreSqlBarrierFunction() {
7676
exists(Class c |
7777
this.getDeclaringType() = c and
7878
// transaction and connection escape functions
@@ -84,7 +84,7 @@ private class PostgreSqlEscapeFunction extends SqlEscapeFunction {
8484
)
8585
}
8686

87-
override predicate escapesSqlArgument(FunctionInput input, FunctionOutput output) {
87+
override predicate barrierSqlArgument(FunctionInput input, FunctionOutput output) {
8888
exists(int argIndex |
8989
input.isParameterDeref(argIndex) and
9090
output.isReturnValueDeref() and

cpp/ql/lib/semmle/code/cpp/models/interfaces/Sql.qll

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/**
22
* Provides abstract classes for modeling functions that execute and escape SQL query strings.
3-
* To use this QL library, create a QL class extending `SqlExecutionFunction` or `SqlEscapeFunction`
3+
* To extend this QL library, create a QL class extending `SqlExecutionFunction` or `SqlEscapeFunction`
44
* with a characteristic predicate that selects the function or set of functions you are modeling.
55
* Within that class, override the predicates provided by the class to match the way a
66
* parameter flows into the function and, in the case of `SqlEscapeFunction`, out of the function.
@@ -21,10 +21,10 @@ abstract class SqlExecutionFunction extends Function {
2121
/**
2222
* An abstract class that represents a function that escapes an SQL query string.
2323
*/
24-
abstract class SqlEscapeFunction extends Function {
24+
abstract class SqlBarrierFunction extends Function {
2525
/**
26-
* Holds if the `output` escapes the SQL input `input` such that is it safe to pass to
26+
* Holds if the `output` is a barrier to the SQL input `input` such that is it safe to pass to
2727
* an `SqlExecutionFunction`.
2828
*/
29-
abstract predicate escapesSqlArgument(FunctionInput input, FunctionOutput output);
29+
abstract predicate barrierSqlArgument(FunctionInput input, FunctionOutput output);
3030
}

cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,10 +34,10 @@ class Configuration extends TaintTrackingConfiguration {
3434
or
3535
e.getUnspecifiedType() instanceof IntegralType
3636
or
37-
exists(SqlEscapeFunction sql, int arg, FunctionInput input |
37+
exists(SqlBarrierFunction sql, int arg, FunctionInput input |
3838
e = sql.getACallToThisFunction().getArgument(arg) and
3939
input.isParameterDeref(arg) and
40-
sql.escapesSqlArgument(input, _)
40+
sql.barrierSqlArgument(input, _)
4141
)
4242
}
4343
}

0 commit comments

Comments
 (0)