Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql

haby0 · smowton · web-flow · commit 92c00cb741cc · 2021-02-16T00:09:21.000+08:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql b/java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql
@@ -30,7 +30,7 @@ class XQueryInjectionConfig extends TaintTracking::Configuration {
   }
 
   /**
-   * Conveys taint from the input to a `prepareExpression` call to the returned prepared expression.
+   * Holds if taint from the input `pred` to a `prepareExpression` call flows to the returned prepared expression `succ`.
    */
   override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
     exists(XQueryParserCall parser | pred.asExpr() = parser.getInput() and succ.asExpr() = parser)

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ class XQueryInjectionConfig extends TaintTracking::Configuration {`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`/**`
`33`		- * Conveys taint from the input to a `prepareExpression` call to the returned prepared expression.
	`33`	+ * Holds if taint from the input `pred` to a `prepareExpression` call flows to the returned prepared expression `succ`.
`34`	`34`	`*/`
`35`	`35`	`override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {`
`36`	`36`	`exists(XQueryParserCall parser \| pred.asExpr() = parser.getInput() and succ.asExpr() = parser)`