Skip to content

Commit 9d39226

Browse files
luchua-bcluchua-bc
committed
Refactor inconsistent method names
1 parent 2fa249a commit 9d39226

File tree

1 file changed

+9
-9
lines changed

1 file changed

+9
-9
lines changed

java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@ predicate isScriptArgument(MethodAccess ma, Expr sink) {
8585
/**
8686
* Holds if a Rhino expression evaluation method is vulnerable to code injection.
8787
*/
88-
predicate evaluateRhinoExpression(MethodAccess ma, Expr sink) {
88+
predicate evaluatesRhinoExpression(MethodAccess ma, Expr sink) {
8989
exists(RhinoEvaluateExpressionMethod m | m = ma.getMethod() |
9090
(
9191
if ma.getMethod().getName() = "compileReader"
@@ -102,32 +102,32 @@ predicate evaluateRhinoExpression(MethodAccess ma, Expr sink) {
102102
/**
103103
* Holds if a Rhino expression compilation method is vulnerable to code injection.
104104
*/
105-
predicate compileScript(MethodAccess ma, Expr sink) {
105+
predicate compilesScript(MethodAccess ma, Expr sink) {
106106
exists(RhinoCompileClassMethod m | m = ma.getMethod() | sink = ma.getArgument(0))
107107
}
108108

109109
/**
110110
* Holds if a Rhino class loading method is vulnerable to code injection.
111111
*/
112-
predicate defineClass(MethodAccess ma, Expr sink) {
112+
predicate definesRhinoClass(MethodAccess ma, Expr sink) {
113113
exists(RhinoDefineClassMethod m | m = ma.getMethod() | sink = ma.getArgument(1))
114114
}
115115

116116
/** A script injection sink. */
117117
class ScriptInjectionSink extends DataFlow::ExprNode {
118118
ScriptInjectionSink() {
119119
isScriptArgument(_, this.getExpr()) or
120-
evaluateRhinoExpression(_, this.getExpr()) or
121-
compileScript(_, this.getExpr()) or
122-
defineClass(_, this.getExpr())
120+
evaluatesRhinoExpression(_, this.getExpr()) or
121+
compilesScript(_, this.getExpr()) or
122+
definesRhinoClass(_, this.getExpr())
123123
}
124124

125125
/** An access to the method associated with this sink. */
126126
MethodAccess getMethodAccess() {
127127
isScriptArgument(result, this.getExpr()) or
128-
evaluateRhinoExpression(result, this.getExpr()) or
129-
compileScript(result, this.getExpr()) or
130-
defineClass(result, this.getExpr())
128+
evaluatesRhinoExpression(result, this.getExpr()) or
129+
compilesScript(result, this.getExpr()) or
130+
definesRhinoClass(result, this.getExpr())
131131
}
132132
}
133133

0 commit comments

Comments
 (0)