C++: Match createLSParser more precisely.

Author: geoffw0

cpp/ql/src/Security/CWE/CWE-611/XXE.ql

@@ -167,7 +167,10 @@ class ParseFunction extends Function {
  * The `createLSParser` function that returns a newly created `LSParser` object.
  */
 class CreateLSParser extends Function {
-  CreateLSParser() { this.hasName("createLSParser") }
+  CreateLSParser() {
+    this.hasName("createLSParser") and
+    this.getType().(PointerType).getBaseType().getName() = "DOMLSParser" // returns a `DOMLSParser *`.
+  }
 }
 
 /**

cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected

@@ -25,7 +25,7 @@ edges
 | tests.cpp:140:23:140:43 | XercesDOMParser output argument | tests.cpp:146:18:146:18 | q |
 | tests.cpp:144:18:144:18 | q | tests.cpp:130:39:130:39 | p |
 | tests.cpp:146:18:146:18 | q | tests.cpp:134:39:134:39 | p |
-| tests.cpp:150:16:150:29 | call to createLSParser | tests.cpp:152:2:152:2 | p |
+| tests.cpp:150:19:150:32 | call to createLSParser | tests.cpp:152:2:152:2 | p |
 nodes
 | tests.cpp:33:23:33:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
 | tests.cpp:35:2:35:2 | p | semmle.label | p |
@@ -62,7 +62,7 @@ nodes
 | tests.cpp:140:23:140:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
 | tests.cpp:144:18:144:18 | q | semmle.label | q |
 | tests.cpp:146:18:146:18 | q | semmle.label | q |
-| tests.cpp:150:16:150:29 | call to createLSParser | semmle.label | call to createLSParser |
+| tests.cpp:150:19:150:32 | call to createLSParser | semmle.label | call to createLSParser |
 | tests.cpp:152:2:152:2 | p | semmle.label | p |
 subpaths
 #select
@@ -77,4 +77,4 @@ subpaths
 | tests.cpp:122:3:122:3 | q | tests.cpp:118:24:118:44 | XercesDOMParser output argument | tests.cpp:122:3:122:3 | q | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:118:24:118:44 | XercesDOMParser output argument | XML parser |
 | tests.cpp:131:2:131:2 | p | tests.cpp:140:23:140:43 | XercesDOMParser output argument | tests.cpp:131:2:131:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:140:23:140:43 | XercesDOMParser output argument | XML parser |
 | tests.cpp:135:2:135:2 | p | tests.cpp:140:23:140:43 | XercesDOMParser output argument | tests.cpp:135:2:135:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:140:23:140:43 | XercesDOMParser output argument | XML parser |
-| tests.cpp:152:2:152:2 | p | tests.cpp:150:16:150:29 | call to createLSParser | tests.cpp:152:2:152:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:150:16:150:29 | call to createLSParser | XML parser |
+| tests.cpp:152:2:152:2 | p | tests.cpp:150:19:150:32 | call to createLSParser | tests.cpp:152:2:152:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:150:19:150:32 | call to createLSParser | XML parser |

cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.cpp

@@ -22,10 +22,10 @@ class XercesDOMParser: public AbstractDOMParser {
 	XercesDOMParser();
 };
 
-class LSParser: public AbstractDOMParser {
+class DOMLSParser : public AbstractDOMParser {
 };
 
-LSParser *createLSParser();
+DOMLSParser *createLSParser();
 
 // ---
 
@@ -147,20 +147,20 @@ void test10(InputSource &data) {
 }
 
 void test11(InputSource &data) {
-	LSParser *p = createLSParser();
+	DOMLSParser *p = createLSParser();
 
 	p->parse(data); // BAD (parser not correctly configured)
 }
 
 void test12(InputSource &data) {
-	LSParser *p = createLSParser();
+	DOMLSParser *p = createLSParser();
 
 	p->setDisableDefaultEntityResolution(true);
 	p->parse(data); // GOOD
 }
 
-LSParser *g_p1 = createLSParser();
-LSParser *g_p2 = createLSParser();
+DOMLSParser *g_p1 = createLSParser();
+DOMLSParser *g_p2 = createLSParser();
 InputSource *g_data;
 
 void test13() {