Ruby: renames for rb/xpath-injection

alexrford · alexrford · commit 77f3a7037611 · 2023-09-03T17:20:05.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/security/XpathInjectionQuery.qll b/ruby/ql/lib/codeql/ruby/security/XpathInjectionQuery.qll
@@ -10,18 +10,23 @@ private import codeql.ruby.DataFlow
 private import codeql.ruby.TaintTracking
 import XpathInjectionCustomizations::XpathInjection
 
-/** Provides a taint-tracking configuration for detecting "Xpath Injection" vulnerabilities. */
-module XpathInjection {
-  /**
-   * A taint-tracking configuration for detecting "Xpath Injection" vulnerabilities.
-   */
-  private module Config implements DataFlow::ConfigSig {
-    predicate isSource(DataFlow::Node source) { source instanceof Source }
+/**
+ * Provides a taint-tracking configuration for detecting "Xpath Injection" vulnerabilities.
+ * DEPRECATED: Use `XpathInjectionFlow`
+ */
+deprecated module XpathInjection {
+  import TaintTracking::Global<XpathInjectionConfig>
+}
 
-    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+private module XpathInjectionConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof Source }
 
-    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
-  }
+  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
-  import TaintTracking::Global<Config>
+  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 }
+
+/**
+ * Taint-tracking for detecting "Xpath Injection" vulnerabilities.
+ */
+module XpathInjectionFlow = TaintTracking::Global<XpathInjectionConfig>;
diff --git a/ruby/ql/src/experimental/xpath-injection/XpathInjection.ql b/ruby/ql/src/experimental/xpath-injection/XpathInjection.ql
@@ -13,9 +13,9 @@
 
 import codeql.ruby.DataFlow
 import codeql.ruby.security.XpathInjectionQuery
-import XpathInjection::PathGraph
+import XpathInjectionFlow::PathGraph
 
-from XpathInjection::PathNode source, XpathInjection::PathNode sink
-where XpathInjection::flowPath(source, sink)
+from XpathInjectionFlow::PathNode source, XpathInjectionFlow::PathNode sink
+where XpathInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(),
   "user-provided value"
