Skip to content

Commit 837daaa

Browse files
RasmusWLRasmusWL
committed
Python: Remove XMLParser concept
1 parent df8e0fc commit 837daaa

File tree

2 files changed

+0
-52
lines changed

2 files changed

+0
-52
lines changed

python/ql/src/experimental/semmle/python/Concepts.qll

Lines changed: 0 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -76,45 +76,6 @@ module XML {
7676
abstract predicate vulnerable(XMLVulnerabilityKind kind);
7777
}
7878
}
79-
80-
/**
81-
* A data-flow node that constructs an XML parser.
82-
*
83-
* Extend this class to model new APIs. If you want to refine existing API models,
84-
* extend `XMLParser` instead.
85-
*/
86-
class XMLParser extends DataFlow::Node instanceof XMLParser::Range {
87-
/**
88-
* Gets the argument containing the content to parse.
89-
*/
90-
DataFlow::Node getAnInput() { result = super.getAnInput() }
91-
92-
/**
93-
* Holds if the parser is vulnerable to `kind`.
94-
*/
95-
predicate vulnerable(XMLVulnerabilityKind kind) { super.vulnerable(kind) }
96-
}
97-
98-
/** Provides classes for modeling XML parsers. */
99-
module XMLParser {
100-
/**
101-
* A data-flow node that constructs an XML parser.
102-
*
103-
* Extend this class to model new APIs. If you want to refine existing API models,
104-
* extend `XMLParser` instead.
105-
*/
106-
abstract class Range extends DataFlow::Node {
107-
/**
108-
* Gets the argument containing the content to parse.
109-
*/
110-
abstract DataFlow::Node getAnInput();
111-
112-
/**
113-
* Holds if the parser is vulnerable to `kind`.
114-
*/
115-
abstract predicate vulnerable(XMLVulnerabilityKind kind);
116-
}
117-
}
11879
}
11980

12081
/** Provides classes for modeling LDAP query execution-related APIs. */

python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjectionCustomizations.qll

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -61,19 +61,6 @@ module XmlEntityInjection {
6161
override string getVulnerableKind() { xmlParsing.vulnerable(result) }
6262
}
6363

64-
/**
65-
* An input to an XML parser, considered as a flow sink.
66-
*
67-
* See `XML::XMLParser`
68-
*/
69-
class XMLParserInputAsSink extends Sink {
70-
XML::XMLParser xmlParser;
71-
72-
XMLParserInputAsSink() { this = xmlParser.getAnInput() }
73-
74-
override string getVulnerableKind() { xmlParser.vulnerable(result) }
75-
}
76-
7764
/**
7865
* A source of remote user input, considered as a flow source.
7966
*/

0 commit comments

Comments
 (0)