Python: Remove XMLParser concept

RasmusWL · RasmusWL · commit 837daaae3b5f · 2022-03-03T22:04:48.000+01:00
diff --git a/python/ql/src/experimental/semmle/python/Concepts.qll b/python/ql/src/experimental/semmle/python/Concepts.qll
@@ -76,45 +76,6 @@ module XML {
       abstract predicate vulnerable(XMLVulnerabilityKind kind);
     }
   }
-
-  /**
-   * A data-flow node that constructs an XML parser.
-   *
-   * Extend this class to model new APIs. If you want to refine existing API models,
-   * extend `XMLParser` instead.
-   */
-  class XMLParser extends DataFlow::Node instanceof XMLParser::Range {
-    /**
-     * Gets the argument containing the content to parse.
-     */
-    DataFlow::Node getAnInput() { result = super.getAnInput() }
-
-    /**
-     * Holds if the parser is vulnerable to `kind`.
-     */
-    predicate vulnerable(XMLVulnerabilityKind kind) { super.vulnerable(kind) }
-  }
-
-  /** Provides classes for modeling XML parsers. */
-  module XMLParser {
-    /**
-     * A data-flow node that constructs an XML parser.
-     *
-     * Extend this class to model new APIs. If you want to refine existing API models,
-     * extend `XMLParser` instead.
-     */
-    abstract class Range extends DataFlow::Node {
-      /**
-       * Gets the argument containing the content to parse.
-       */
-      abstract DataFlow::Node getAnInput();
-
-      /**
-       * Holds if the parser is vulnerable to `kind`.
-       */
-      abstract predicate vulnerable(XMLVulnerabilityKind kind);
-    }
-  }
 }
 
 /** Provides classes for modeling LDAP query execution-related APIs. */
diff --git a/python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjectionCustomizations.qll b/python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjectionCustomizations.qll
@@ -61,19 +61,6 @@ module XmlEntityInjection {
     override string getVulnerableKind() { xmlParsing.vulnerable(result) }
   }
 
-  /**
-   * An input to an XML parser, considered as a flow sink.
-   *
-   * See `XML::XMLParser`
-   */
-  class XMLParserInputAsSink extends Sink {
-    XML::XMLParser xmlParser;
-
-    XMLParserInputAsSink() { this = xmlParser.getAnInput() }
-
-    override string getVulnerableKind() { xmlParser.vulnerable(result) }
-  }
-
   /**
    * A source of remote user input, considered as a flow source.
    */
