Python: Rename to XmlParsingVulnerabilityKind

RasmusWL · RasmusWL · commit 1f285b8983c1 · 2022-04-05T11:07:12.000+02:00
To keep up with style guide
diff --git a/python/ql/lib/semmle/python/Concepts.qll b/python/ql/lib/semmle/python/Concepts.qll
@@ -558,8 +558,8 @@ module XML {
    *
    * See PoC at `python/PoCs/XmlParsing/PoC.py` for some tests of vulnerable XML parsing.
    */
-  class XMLParsingVulnerabilityKind extends string {
-    XMLParsingVulnerabilityKind() {
+  class XmlParsingVulnerabilityKind extends string {
+    XmlParsingVulnerabilityKind() {
       this in ["Billion Laughs", "Quadratic Blowup", "XXE", "DTD retrieval"]
     }
 
@@ -586,7 +586,7 @@ module XML {
     /**
      * Holds if this XML parsing is vulnerable to `kind`.
      */
-    predicate vulnerableTo(XMLParsingVulnerabilityKind kind) { super.vulnerableTo(kind) }
+    predicate vulnerableTo(XmlParsingVulnerabilityKind kind) { super.vulnerableTo(kind) }
   }
 
   /** Provides classes for modeling XML parsing APIs. */
@@ -601,7 +601,7 @@ module XML {
       /**
        * Holds if this XML parsing is vulnerable to `kind`.
        */
-      abstract predicate vulnerableTo(XMLParsingVulnerabilityKind kind);
+      abstract predicate vulnerableTo(XmlParsingVulnerabilityKind kind);
 
       override string getFormat() { result = "XML" }
     }
diff --git a/python/ql/lib/semmle/python/frameworks/Lxml.qll b/python/ql/lib/semmle/python/frameworks/Lxml.qll
@@ -121,7 +121,7 @@ private module Lxml {
      */
     abstract class InstanceSource extends DataFlow::LocalSourceNode {
       /** Holds if this instance is vulnerable to `kind`. */
-      abstract predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind);
+      abstract predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind);
     }
 
     /**
@@ -135,7 +135,7 @@ private module Lxml {
       }
 
       // NOTE: it's not possible to change settings of a parser after constructing it
-      override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+      override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
         kind.isXxe() and
         (
           // resolve_entities has default True
@@ -165,7 +165,7 @@ private module Lxml {
           API::moduleImport("lxml").getMember("etree").getMember("get_default_parser").getACall()
       }
 
-      override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+      override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
         // as highlighted by
         // https://lxml.de/apidoc/lxml.etree.html?highlight=xmlparser#lxml.etree.XMLParser
         // by default XXE is allow. so as long as the default parser has not been
@@ -189,7 +189,7 @@ private module Lxml {
     }
 
     /** Gets a reference to an `lxml.etree` parser instance, that is vulnerable to `kind`. */
-    DataFlow::Node instanceVulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+    DataFlow::Node instanceVulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
       exists(InstanceSource origin | result = instance(origin) and origin.vulnerableTo(kind))
     }
 
@@ -201,7 +201,7 @@ private module Lxml {
 
       override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("data")] }
 
-      override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+      override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
         this.calls(instanceVulnerableTo(kind), "feed")
       }
 
@@ -256,7 +256,7 @@ private module Lxml {
 
     DataFlow::Node getParserArg() { result in [this.getArg(1), this.getArgByName("parser")] }
 
-    override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+    override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
       this.getParserArg() = XMLParser::instanceVulnerableTo(kind)
       or
       kind.isXxe() and
@@ -313,7 +313,7 @@ private module Lxml {
 
     override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("source")] }
 
-    override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+    override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
       // note that there is no `resolve_entities` argument, so it's not possible to turn off XXE :O
       kind.isXxe()
       or
diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll
@@ -3241,7 +3241,7 @@ private module StdlibPrivate {
 
       override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("data")] }
 
-      override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+      override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
         kind.isBillionLaughs() or kind.isQuadraticBlowup()
       }
 
@@ -3298,7 +3298,7 @@ private module StdlibPrivate {
         ]
     }
 
-    override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+    override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
       // note: it does not matter what `xml.etree` parser you are using, you cannot
       // change the security features anyway :|
       kind.isBillionLaughs() or kind.isQuadraticBlowup()
@@ -3459,7 +3459,7 @@ private module StdlibPrivate {
 
     override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("source")] }
 
-    override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+    override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
       // always vuln to these
       (kind.isBillionLaughs() or kind.isQuadraticBlowup())
       or
@@ -3512,7 +3512,7 @@ private module StdlibPrivate {
         ]
     }
 
-    override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+    override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
       // always vuln to these
       (kind.isBillionLaughs() or kind.isQuadraticBlowup())
     }
@@ -3586,7 +3586,7 @@ private module StdlibPrivate {
 
     DataFlow::Node getParserArg() { result in [this.getArg(1), this.getArgByName("parser")] }
 
-    override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+    override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
       this.getParserArg() = saxParserWithFeatureExternalGesTurnedOn() and
       (kind.isXxe() or kind.isDtdRetrieval())
       or
diff --git a/python/ql/lib/semmle/python/frameworks/Xmltodict.qll b/python/ql/lib/semmle/python/frameworks/Xmltodict.qll
@@ -27,7 +27,7 @@ private module Xmltodict {
       result in [this.getArg(0), this.getArgByName("xml_input")]
     }
 
-    override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+    override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
       (kind.isBillionLaughs() or kind.isQuadraticBlowup()) and
       this.getArgByName("disable_entities").getALocalSource().asExpr() = any(False f)
     }
diff --git a/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql b/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql
@@ -17,7 +17,7 @@ from DataFlow::CallCfgNode call, string kinds
 where
   call = API::moduleImport("xmlrpc").getMember("server").getMember("SimpleXMLRPCServer").getACall() and
   kinds =
-    strictconcat(XML::XMLParsingVulnerabilityKind kind |
+    strictconcat(XML::XmlParsingVulnerabilityKind kind |
       kind.isBillionLaughs() or kind.isQuadraticBlowup()
     |
       kind, ", "
diff --git a/python/ql/src/experimental/semmle/python/security/dataflow/XmlBombCustomizations.qll b/python/ql/src/experimental/semmle/python/security/dataflow/XmlBombCustomizations.qll
@@ -40,7 +40,7 @@ module XmlBomb {
    */
   class XmlParsingWithEntityResolution extends Sink {
     XmlParsingWithEntityResolution() {
-      exists(XML::XmlParsing parsing, XML::XMLParsingVulnerabilityKind kind |
+      exists(XML::XmlParsing parsing, XML::XmlParsingVulnerabilityKind kind |
         (kind.isBillionLaughs() or kind.isQuadraticBlowup()) and
         parsing.vulnerableTo(kind) and
         this = parsing.getAnInput()
diff --git a/python/ql/src/experimental/semmle/python/security/dataflow/XxeCustomizations.qll b/python/ql/src/experimental/semmle/python/security/dataflow/XxeCustomizations.qll
@@ -40,7 +40,7 @@ module Xxe {
    */
   class XmlParsingWithExternalEntityResolution extends Sink {
     XmlParsingWithExternalEntityResolution() {
-      exists(XML::XmlParsing parsing, XML::XMLParsingVulnerabilityKind kind |
+      exists(XML::XmlParsing parsing, XML::XmlParsingVulnerabilityKind kind |
         kind.isXxe() and
         parsing.vulnerableTo(kind) and
         this = parsing.getAnInput()
diff --git a/python/ql/test/experimental/meta/ConceptsTest.qll b/python/ql/test/experimental/meta/ConceptsTest.qll
@@ -547,7 +547,7 @@ class XmlParsingTest extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(location.getFile().getRelativePath()) and
-    exists(XML::XmlParsing parsing, XML::XMLParsingVulnerabilityKind kind |
+    exists(XML::XmlParsing parsing, XML::XmlParsingVulnerabilityKind kind |
       parsing.vulnerableTo(kind) and
       location = parsing.getLocation() and
       element = parsing.toString() and

Original file line number	Diff line number	Diff line change
`@@ -558,8 +558,8 @@ module XML {`
`558`	`558`	`*`
`559`	`559`	* See PoC at `python/PoCs/XmlParsing/PoC.py` for some tests of vulnerable XML parsing.
`560`	`560`	`*/`
`561`		`- class XMLParsingVulnerabilityKind extends string {`
`562`		`- XMLParsingVulnerabilityKind() {`
	`561`	`+ class XmlParsingVulnerabilityKind extends string {`
	`562`	`+ XmlParsingVulnerabilityKind() {`
`563`	`563`	`this in ["Billion Laughs", "Quadratic Blowup", "XXE", "DTD retrieval"]`
`564`	`564`	`}`
`565`	`565`
`@@ -586,7 +586,7 @@ module XML {`
`586`	`586`	`/**`
`587`	`587`	* Holds if this XML parsing is vulnerable to `kind`.
`588`	`588`	`*/`
`589`		`- predicate vulnerableTo(XMLParsingVulnerabilityKind kind) { super.vulnerableTo(kind) }`
	`589`	`+ predicate vulnerableTo(XmlParsingVulnerabilityKind kind) { super.vulnerableTo(kind) }`
`590`	`590`	`}`
`591`	`591`
`592`	`592`	`/** Provides classes for modeling XML parsing APIs. */`
`@@ -601,7 +601,7 @@ module XML {`
`601`	`601`	`/**`
`602`	`602`	* Holds if this XML parsing is vulnerable to `kind`.
`603`	`603`	`*/`
`604`		`- abstract predicate vulnerableTo(XMLParsingVulnerabilityKind kind);`
	`604`	`+ abstract predicate vulnerableTo(XmlParsingVulnerabilityKind kind);`
`605`	`605`
`606`	`606`	`override string getFormat() { result = "XML" }`
`607`	`607`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3241,7 +3241,7 @@ private module StdlibPrivate {`
`3241`	`3241`
`3242`	`3242`	`override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("data")] }`
`3243`	`3243`
`3244`		`- override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {`
	`3244`	`+ override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {`
`3245`	`3245`	`kind.isBillionLaughs() or kind.isQuadraticBlowup()`
`3246`	`3246`	`}`
`3247`	`3247`
`@@ -3298,7 +3298,7 @@ private module StdlibPrivate {`
`3298`	`3298`	`]`
`3299`	`3299`	`}`
`3300`	`3300`
`3301`		`- override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {`
	`3301`	`+ override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {`
`3302`	`3302`	// note: it does not matter what `xml.etree` parser you are using, you cannot
`3303`	`3303`	`// change the security features anyway :\|`
`3304`	`3304`	`kind.isBillionLaughs() or kind.isQuadraticBlowup()`
`@@ -3459,7 +3459,7 @@ private module StdlibPrivate {`
`3459`	`3459`
`3460`	`3460`	`override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("source")] }`
`3461`	`3461`
`3462`		`- override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {`
	`3462`	`+ override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {`
`3463`	`3463`	`// always vuln to these`
`3464`	`3464`	`(kind.isBillionLaughs() or kind.isQuadraticBlowup())`
`3465`	`3465`	`or`
`@@ -3512,7 +3512,7 @@ private module StdlibPrivate {`
`3512`	`3512`	`]`
`3513`	`3513`	`}`
`3514`	`3514`
`3515`		`- override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {`
	`3515`	`+ override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {`
`3516`	`3516`	`// always vuln to these`
`3517`	`3517`	`(kind.isBillionLaughs() or kind.isQuadraticBlowup())`
`3518`	`3518`	`}`
`@@ -3586,7 +3586,7 @@ private module StdlibPrivate {`
`3586`	`3586`
`3587`	`3587`	`DataFlow::Node getParserArg() { result in [this.getArg(1), this.getArgByName("parser")] }`
`3588`	`3588`
`3589`		`- override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {`
	`3589`	`+ override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {`
`3590`	`3590`	`this.getParserArg() = saxParserWithFeatureExternalGesTurnedOn() and`
`3591`	`3591`	`(kind.isXxe() or kind.isDtdRetrieval())`
`3592`	`3592`	`or`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ private module Xmltodict {`
`27`	`27`	`result in [this.getArg(0), this.getArgByName("xml_input")]`
`28`	`28`	`}`
`29`	`29`
`30`		`- override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {`
	`30`	`+ override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {`
`31`	`31`	`(kind.isBillionLaughs() or kind.isQuadraticBlowup()) and`
`32`	`32`	`this.getArgByName("disable_entities").getALocalSource().asExpr() = any(False f)`
`33`	`33`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ from DataFlow::CallCfgNode call, string kinds`
`17`	`17`	`where`
`18`	`18`	`call = API::moduleImport("xmlrpc").getMember("server").getMember("SimpleXMLRPCServer").getACall() and`
`19`	`19`	`kinds =`
`20`		`- strictconcat(XML::XMLParsingVulnerabilityKind kind \|`
	`20`	`+ strictconcat(XML::XmlParsingVulnerabilityKind kind \|`
`21`	`21`	`kind.isBillionLaughs() or kind.isQuadraticBlowup()`
`22`	`22`	`\|`
`23`	`23`	`kind, ", "`