Python revert .getNode() to .getSink()/.getSource() to keep expected test output the same.

markshannon · markshannon · commit 35e82dca68e9 · 2019-04-04T10:56:45.000+01:00
diff --git a/python/ql/src/Security/CWE-089/SqlInjection.ql b/python/ql/src/Security/CWE-089/SqlInjection.ql
@@ -26,12 +26,12 @@ class SQLInjectionConfiguration extends TaintTracking::Configuration {
 
     SQLInjectionConfiguration() { this = "SQL injection configuration" }
 
-    override predicate isSource(TaintTracking::Source source) { source.isSourceOf(any(UntrustedStringKind u)) }
+    override predicate isSource(TaintTracking::Source source) { source instanceof HttpRequestTaintSource }
 
     override predicate isSink(TaintTracking::Sink sink) { sink instanceof SqlInjectionSink }
 
 }
 
 from SQLInjectionConfiguration config, TaintedPathSource src, TaintedPathSink sink
 where config.hasFlowPath(src, sink)
-select sink.getNode(), src, sink, "This SQL query depends on $@.", src.getNode(), "a user-provided value"
+select sink.getSink(), src, sink, "This SQL query depends on $@.", src.getSource(), "a user-provided value"
