change naming of StringSplitCall methods

erik-krogh · erik-krogh · commit fe02137d0b9b · 2020-05-05T13:27:14.000+02:00
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
@@ -28,9 +28,9 @@ class DangerousScheme extends string {
 DataFlow::SourceNode schemeOf(DataFlow::Node url) {
   // url.split(":")[0]
   exists(StringSplitCall split |
-    split.getSplitAt() = ":" and
+    split.getSeparator() = ":" and
     result = split.getAnElementRead(0) and
-    url = split.getUnsplit()
+    url = split.getBaseString()
   )
   or
   // url.getScheme(), url.getProtocol(), getScheme(url), getProtocol(url)
diff --git a/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql b/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql
@@ -23,8 +23,8 @@ import semmle.javascript.DynamicPropertyAccess
  */
 class SplitCall extends StringSplitCall {
   SplitCall() {
-    getSplitAt() = "." and
-    getUnsplit() instanceof ParameterNode
+    getSeparator() = "." and
+    getBaseString() instanceof ParameterNode
   }
 }
 
diff --git a/javascript/ql/src/semmle/javascript/StandardLibrary.qll b/javascript/ql/src/semmle/javascript/StandardLibrary.qll
@@ -170,9 +170,9 @@ class StringSplitCall extends DataFlow::MethodCallNode {
   }
 
   /**
-   * Gets a the SourceNode for the string before it is split.
+   * Gets the DataFlow::Node for the base string that is split.
    */
-  DataFlow::SourceNode getUnsplit() { result = getReceiver().getALocalSource() }
+  DataFlow::Node getBaseString() { result = getReceiver() }
 
   /**
    * Gets a read of the `i`th element from the split string.
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll
@@ -98,8 +98,8 @@ module TaintedPath {
       )
       or
       // A `str.split()` call can either split into path elements (`str.split("/")`) or split by some other string.
-      exists(StringSplitCall mcn | dst = mcn and mcn.getUnsplit() = src |
-        if mcn.getSplitAt() = "/"
+      exists(StringSplitCall mcn | dst = mcn and mcn.getBaseString() = src |
+        if mcn.getSeparator() = "/"
         then
           srclabel.(Label::PosixPath).canContainDotDotSlash() and
           dstlabel instanceof Label::SplitPath
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
@@ -286,8 +286,8 @@ module DomBasedXss {
 
     QueryPrefixSanitizer() {
       this = splitCall.getAnElementRead(0) and
-      splitCall.getSplitAt() = "?" and
-      splitCall.getUnsplit() = [DOM::locationRef(), DOM::locationRef().getAPropertyRead("href")]
+      splitCall.getSeparator() = "?" and
+      splitCall.getBaseString().getALocalSource() = [DOM::locationRef(), DOM::locationRef().getAPropertyRead("href")]
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -23,8 +23,8 @@ import semmle.javascript.DynamicPropertyAccess`
`23`	`23`	`*/`
`24`	`24`	`class SplitCall extends StringSplitCall {`
`25`	`25`	`SplitCall() {`
`26`		`- getSplitAt() = "." and`
`27`		`- getUnsplit() instanceof ParameterNode`
	`26`	`+ getSeparator() = "." and`
	`27`	`+ getBaseString() instanceof ParameterNode`
`28`	`28`	`}`
`29`	`29`	`}`
`30`	`30`
Original file line number	Diff line number	Diff line change
`@@ -286,8 +286,8 @@ module DomBasedXss {`
`286`	`286`
`287`	`287`	`QueryPrefixSanitizer() {`
`288`	`288`	`this = splitCall.getAnElementRead(0) and`
`289`		`- splitCall.getSplitAt() = "?" and`
`290`		`- splitCall.getUnsplit() = [DOM::locationRef(), DOM::locationRef().getAPropertyRead("href")]`
	`289`	`+ splitCall.getSeparator() = "?" and`
	`290`	`+ splitCall.getBaseString().getALocalSource() = [DOM::locationRef(), DOM::locationRef().getAPropertyRead("href")]`
`291`	`291`	`}`
`292`	`292`	`}`
`293`	`293`