@@ -40,17 +40,20 @@ module SystemCommandExecution {
4040}
4141
4242/**
43- * A function that decodes data from a binary or textual format.
43+ * A data-flow node that decodes data from a binary or textual format. This
44+ * is intended to include deserialization, unmarshalling, decoding, unpickling,
45+ * unzipping, decrypting, parsing etc.
46+ *
4447 * Doing so should normally preserve taint, but it can also be a problem
45- * in itself, e.g. if it performs deserialization in a potentially unsafe way .
48+ * in itself, e.g. if it allows code execution or could result in deinal-of-service .
4649 *
4750 * Extend this class to refine existing API models. If you want to model new APIs,
48- * extend `UnmarshalingFunction ::Range` instead.
51+ * extend `Decoding ::Range` instead.
4952 */
50- class UnmarshalingFunction extends DataFlow:: Node {
51- UnmarshalingFunction :: Range self ;
53+ class Decoding extends DataFlow:: Node {
54+ Decoding :: Range self ;
5255
53- UnmarshalingFunction ( ) { this = self }
56+ Decoding ( ) { this = self }
5457
5558 /** Holds if this call is unsafe, e.g. if it may execute arbitrary code. */
5659 predicate unsafe ( ) { self .unsafe ( ) }
@@ -65,15 +68,18 @@ class UnmarshalingFunction extends DataFlow::Node {
6568 string getFormat ( ) { result = self .getFormat ( ) }
6669}
6770
68- /** Provides a class for modeling new unmarshaling/ decoding/deserialization functions . */
69- module UnmarshalingFunction {
71+ /** Provides a class for modeling new decoding mechanisms . */
72+ module Decoding {
7073 /**
71- * A function that decodes data from a binary or textual format.
72- * Doing so should normally preserve taint, but it can oalso be a problem
73- * in itself, e.g. if it performs deserialization in a potentially unsafe way.
74+ * A data-flow node that decodes data from a binary or textual format. This
75+ * is intended to include deserialization, unmarshalling, decoding, unpickling,
76+ * unzipping, decrypting, parsing etc.
77+ *
78+ * Doing so should normally preserve taint, but it can also be a problem
79+ * in itself, e.g. if it allows code execution or could result in deinal-of-service.
7480 *
7581 * Extend this class to model new APIs. If you want to refine existing API models,
76- * extend `UnmarshalingFunction ` instead.
82+ * extend `Decoding ` instead.
7783 */
7884 abstract class Range extends DataFlow:: Node {
7985 /** Holds if this call is unsafe, e.g. if it may execute arbitrary code. */
0 commit comments