Use package

edvraa · owen-mc · commit cba4f0448e1d · 2021-06-17T09:23:26.000+01:00
diff --git a/ql/src/experimental/CWE-1004/AuthCookie.qll b/ql/src/experimental/CWE-1004/AuthCookie.qll
@@ -42,7 +42,7 @@ private predicate isAuthVariable(Expr expr) {
 private class SetCookieSink extends DataFlow::Node {
   SetCookieSink() {
     exists(CallExpr c |
-      c.getTarget().hasQualifiedName("net/http", "SetCookie") and
+      c.getTarget().hasQualifiedName(package("net/http", ""), "SetCookie") and
       this.asExpr() = c.getArgument(1)
     )
   }
@@ -57,7 +57,7 @@ class NetHttpCookieTrackingConfiguration extends TaintTracking::Configuration {
   override predicate isSource(DataFlow::Node source) {
     exists(StructLit sl |
       source.asExpr() = sl and
-      sl.getType().hasQualifiedName("net/http", "Cookie")
+      sl.getType().hasQualifiedName(package("net/http", ""), "Cookie")
     )
   }
 
@@ -82,7 +82,7 @@ private class NameToNetHttpCookieTrackingConfiguration extends TaintTracking2::C
 
   override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
     exists(StructLit sl |
-      sl.getType().hasQualifiedName("net/http", "Cookie") and
+      sl.getType().hasQualifiedName(package("net/http", ""), "Cookie") and
       getValueForFieldWrite(sl, "Name") = pred and
       sl = succ.asExpr()
     )
@@ -101,7 +101,7 @@ class BoolToNetHttpCookieTrackingConfiguration extends TaintTracking::Configurat
 
   override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
     exists(StructLit sl |
-      sl.getType().hasQualifiedName("net/http", "Cookie") and
+      sl.getType().hasQualifiedName(package("net/http", ""), "Cookie") and
       getValueForFieldWrite(sl, "HttpOnly") = pred and
       sl = succ.asExpr()
     )
@@ -171,7 +171,7 @@ class GorillaCookieStoreSaveTrackingConfiguration extends DataFlow::Configuratio
     source
         .(DataFlow::CallNode)
         .getTarget()
-        .hasQualifiedName("github.com/gorilla/sessions", "NewCookieStore")
+        .hasQualifiedName(package("github.com/gorilla/sessions", ""), "NewCookieStore")
   }
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink }
@@ -196,7 +196,7 @@ class GorillaSessionOptionsTrackingConfiguration extends TaintTracking::Configur
 
   override predicate isSource(DataFlow::Node source) {
     exists(StructLit sl |
-      sl.getType().hasQualifiedName("github.com/gorilla/sessions", "Options") and
+      sl.getType().hasQualifiedName(package("github.com/gorilla/sessions", ""), "Options") and
       source.asExpr() = sl
     )
   }

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ private predicate isAuthVariable(Expr expr) {`
`42`	`42`	`private class SetCookieSink extends DataFlow::Node {`
`43`	`43`	`SetCookieSink() {`
`44`	`44`	`exists(CallExpr c \|`
`45`		`- c.getTarget().hasQualifiedName("net/http", "SetCookie") and`
	`45`	`+ c.getTarget().hasQualifiedName(package("net/http", ""), "SetCookie") and`
`46`	`46`	`this.asExpr() = c.getArgument(1)`
`47`	`47`	`)`
`48`	`48`	`}`
`@@ -57,7 +57,7 @@ class NetHttpCookieTrackingConfiguration extends TaintTracking::Configuration {`
`57`	`57`	`override predicate isSource(DataFlow::Node source) {`
`58`	`58`	`exists(StructLit sl \|`
`59`	`59`	`source.asExpr() = sl and`
`60`		`- sl.getType().hasQualifiedName("net/http", "Cookie")`
	`60`	`+ sl.getType().hasQualifiedName(package("net/http", ""), "Cookie")`
`61`	`61`	`)`
`62`	`62`	`}`
`63`	`63`
`@@ -82,7 +82,7 @@ private class NameToNetHttpCookieTrackingConfiguration extends TaintTracking2::C`
`82`	`82`
`83`	`83`	`override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {`
`84`	`84`	`exists(StructLit sl \|`
`85`		`- sl.getType().hasQualifiedName("net/http", "Cookie") and`
	`85`	`+ sl.getType().hasQualifiedName(package("net/http", ""), "Cookie") and`
`86`	`86`	`getValueForFieldWrite(sl, "Name") = pred and`
`87`	`87`	`sl = succ.asExpr()`
`88`	`88`	`)`
`@@ -101,7 +101,7 @@ class BoolToNetHttpCookieTrackingConfiguration extends TaintTracking::Configurat`
`101`	`101`
`102`	`102`	`override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {`
`103`	`103`	`exists(StructLit sl \|`
`104`		`- sl.getType().hasQualifiedName("net/http", "Cookie") and`
	`104`	`+ sl.getType().hasQualifiedName(package("net/http", ""), "Cookie") and`
`105`	`105`	`getValueForFieldWrite(sl, "HttpOnly") = pred and`
`106`	`106`	`sl = succ.asExpr()`
`107`	`107`	`)`
`@@ -171,7 +171,7 @@ class GorillaCookieStoreSaveTrackingConfiguration extends DataFlow::Configuratio`
`171`	`171`	`source`
`172`	`172`	`.(DataFlow::CallNode)`
`173`	`173`	`.getTarget()`
`174`		`- .hasQualifiedName("github.com/gorilla/sessions", "NewCookieStore")`
	`174`	`+ .hasQualifiedName(package("github.com/gorilla/sessions", ""), "NewCookieStore")`
`175`	`175`	`}`
`176`	`176`
`177`	`177`	`override predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink }`
`@@ -196,7 +196,7 @@ class GorillaSessionOptionsTrackingConfiguration extends TaintTracking::Configur`
`196`	`196`
`197`	`197`	`override predicate isSource(DataFlow::Node source) {`
`198`	`198`	`exists(StructLit sl \|`
`199`		`- sl.getType().hasQualifiedName("github.com/gorilla/sessions", "Options") and`
	`199`	`+ sl.getType().hasQualifiedName(package("github.com/gorilla/sessions", ""), "Options") and`
`200`	`200`	`source.asExpr() = sl`
`201`	`201`	`)`
`202`	`202`	`}`