Renaming in java/ql/src/experimental/Security/CWE/CWE-094

artem-smotrakov · artem-smotrakov · commit b96b6652626c · 2021-04-12T21:40:49.000+03:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/FlowUtils.qll b/java/ql/src/experimental/Security/CWE/CWE-094/FlowUtils.qll
@@ -5,7 +5,7 @@ import semmle.code.java.dataflow.FlowSources
  * Holds if `fromNode` to `toNode` is a dataflow step that returns data from
  * a bean by calling one of its getters.
  */
-predicate returnsDataFromBean(DataFlow::Node fromNode, DataFlow::Node toNode) {
+predicate hasGetterFlow(DataFlow::Node fromNode, DataFlow::Node toNode) {
   exists(MethodAccess ma, Method m | ma.getMethod() = m |
     m instanceof GetterMethod and
     ma.getQualifier() = fromNode.asExpr() and
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.qhelp b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.qhelp
@@ -29,14 +29,14 @@ with sandboxing capabilities such as Apache Commons JEXL or the Spring Expressio
 The following example shows how untrusted data is used to build and run an expression
 using the JUEL interpreter:
 </p>
-<sample src="UnsafeExpressionEvaluationWithJUEL.java" />
+<sample src="UnsafeExpressionEvaluationWithJuel.java" />
 
 <p>
-JUEL does not support to run expressions in a sandbox. To prevent running arbitrary code,
+JUEL does not support running expressions in a sandbox. To prevent running arbitrary code,
 incoming data has to be checked before including it in an expression. The next example
 uses a Regex pattern to check whether a user tries to run an allowed expression or not:
 </p>
-<sample src="SaferExpressionEvaluationWithJUEL.java" />
+<sample src="SaferExpressionEvaluationWithJuel.java" />
 
 </example>
 
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll
@@ -1,5 +1,5 @@
 import java
-import InjectionLib
+import FlowUtils
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.TaintTracking
 
@@ -16,7 +16,7 @@ class JakartaExpressionInjectionConfig extends TaintTracking::Configuration {
 
   override predicate isAdditionalTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
     any(TaintPropagatingCall c).taintFlow(fromNode, toNode) or
-    returnsDataFromBean(fromNode, toNode)
+    hasGetterFlow(fromNode, toNode)
   }
 }
 
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll
@@ -1,5 +1,5 @@
 import java
-import InjectionLib
+import FlowUtils
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.TaintTracking
 
@@ -17,7 +17,7 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
 
   override predicate isAdditionalTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
     any(TaintPropagatingJexlMethodCall c).taintFlow(fromNode, toNode) or
-    returnsDataFromBean(fromNode, toNode)
+    hasGetterFlow(fromNode, toNode)
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`import java`
`2`		`-import InjectionLib`
	`2`	`+import FlowUtils`
`3`	`3`	`import semmle.code.java.dataflow.FlowSources`
`4`	`4`	`import semmle.code.java.dataflow.TaintTracking`
`5`	`5`
`@@ -16,7 +16,7 @@ class JakartaExpressionInjectionConfig extends TaintTracking::Configuration {`
`16`	`16`
`17`	`17`	`override predicate isAdditionalTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {`
`18`	`18`	`any(TaintPropagatingCall c).taintFlow(fromNode, toNode) or`
`19`		`- returnsDataFromBean(fromNode, toNode)`
	`19`	`+ hasGetterFlow(fromNode, toNode)`
`20`	`20`	`}`
`21`	`21`	`}`
`22`	`22`