Update java/ql/src/Security/CWE/CWE-652/XQueryInjectionLib.qll

haby0 · smowton · web-flow · commit 16308fe557ba · 2021-01-25T19:16:18.000+08:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/src/Security/CWE/CWE-652/XQueryInjectionLib.qll b/java/ql/src/Security/CWE/CWE-652/XQueryInjectionLib.qll
@@ -29,8 +29,8 @@ class XQueryBindStringCall extends MethodAccess {
       m.hasName("bindString")
     )
   }
-  // return the second parameter of the `bindString` method and use it as a sink
-  Expr getSink() { result = this.getArgument(1) }
+  /** Returns the second parameter of the `bindString` method. */
+  Expr getInput() { result = this.getArgument(1) }
 }
 
 /** Used to determine whether to call the `prepareExpression` method, and the first parameter value can be remotely controlled. */

Original file line number	Diff line number	Diff line change
`@@ -29,8 +29,8 @@ class XQueryBindStringCall extends MethodAccess {`
`29`	`29`	`m.hasName("bindString")`
`30`	`30`	`)`
`31`	`31`	`}`
`32`		- // return the second parameter of the `bindString` method and use it as a sink
`33`		`- Expr getSink() { result = this.getArgument(1) }`
	`32`	+ /** Returns the second parameter of the `bindString` method. */
	`33`	`+ Expr getInput() { result = this.getArgument(1) }`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	/** Used to determine whether to call the `prepareExpression` method, and the first parameter value can be remotely controlled. */