Skip to content

Commit c9640ff

Browse files
RasmusWLRasmusWL
committed
Python: Minor adjustments to XPath Injection
1 parent 2896600 commit c9640ff

File tree

1 file changed

+2
-5
lines changed

1 file changed

+2
-5
lines changed

python/ql/src/experimental/Security/CWE-643-new/Xpath.ql renamed to python/ql/src/experimental/Security/CWE-643-new/XpathInjection.ql

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,19 +18,16 @@ private import semmle.python.ApiGraphs
1818
private import semmle.python.dataflow.new.RemoteFlowSources
1919
private import semmle.python.dataflow.new.BarrierGuards
2020
import XpathInjection::XpathInjection
21+
import DataFlow::PathGraph
2122

2223
class XpathInjectionConfiguration extends TaintTracking::Configuration {
2324
XpathInjectionConfiguration() { this = "PathNotNormalizedConfiguration" }
2425

2526
override predicate isSource(DataFlow::Node source) { source instanceof Source }
2627

2728
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
28-
// override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
29-
// exists(AdditionalFlowStep af | af.isAdditionalTaintStep(node1, node2))
30-
// }
3129
}
3230

3331
from XpathInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
3432
where config.hasFlowPath(source, sink)
35-
select sink, source, sink, "This Xpath query depends on $@.", source,
36-
"a user-provided value"
33+
select sink, source, sink, "This Xpath query depends on $@.", source, "a user-provided value"

0 commit comments

Comments
 (0)