Fix codescanning alert by tweaking imported modules

joefarebrother · joefarebrother · commit d7c1be40d950 · 2023-09-25T15:47:05.000+01:00
diff --git a/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll
@@ -2,8 +2,6 @@
 
 import csharp
 import semmle.code.csharp.dataflow.flowsources.Remote
-import DataFlow as DF
-import TaintTracking as TT
 import ActionMethods
 
 /**
@@ -25,8 +23,8 @@ private predicate hasIdParameter(ActionMethod m) {
     // handle cases like `Request.QueryString["Id"]`
     exists(StringLiteral idStr, IndexerCall idx |
       idStr.getValue().toLowerCase().matches(["%id", "%idx"]) and
-      TT::localTaint(src, DataFlow::exprNode(idx.getQualifier())) and
-      DF::localExprFlow(idStr, idx.getArgument(0))
+      TaintTracking::localTaint(src, DataFlow::exprNode(idx.getQualifier())) and
+      DataFlow::localExprFlow(idStr, idx.getArgument(0))
     )
   )
 }

Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,6 @@`
`2`	`2`
`3`	`3`	`import csharp`
`4`	`4`	`import semmle.code.csharp.dataflow.flowsources.Remote`
`5`		`-import DataFlow as DF`
`6`		`-import TaintTracking as TT`
`7`	`5`	`import ActionMethods`
`8`	`6`
`9`	`7`	`/**`
`@@ -25,8 +23,8 @@ private predicate hasIdParameter(ActionMethod m) {`
`25`	`23`	// handle cases like `Request.QueryString["Id"]`
`26`	`24`	`exists(StringLiteral idStr, IndexerCall idx \|`
`27`	`25`	`idStr.getValue().toLowerCase().matches(["%id", "%idx"]) and`
`28`		`- TT::localTaint(src, DataFlow::exprNode(idx.getQualifier())) and`
`29`		`- DF::localExprFlow(idStr, idx.getArgument(0))`
	`26`	`+ TaintTracking::localTaint(src, DataFlow::exprNode(idx.getQualifier())) and`
	`27`	`+ DataFlow::localExprFlow(idStr, idx.getArgument(0))`
`30`	`28`	`)`
`31`	`29`	`)`
`32`	`30`	`}`