Still erroring out on predicate for line 48

Keith Hoodlet · Keith Hoodlet · commit dd491d2f6ebd · 2023-08-25T10:26:11.000-04:00
diff --git a/java/CWE-611/XXELocal.ql b/java/CWE-611/XXELocal.ql
@@ -20,8 +20,18 @@ import semmle.code.java.dataflow.TaintTracking2
 //import DataFlow::PathGraph
 import github.LocalSources
 
+module XXELocalConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { 
+    source instanceof LocalUserInput and
+    not exists(DataFlow::Node src | src.asExpr() instanceof SafeSaxSource)}
 
-module SafeSAXSourceFlowConfig implements DataFlow::ConfigSig{
+  predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeXxeSink }
+}
+
+module XXELocalFlow = TaintTracking::Global<XXELocalConfig>;
+import XXELocalFlow::PathGraph
+
+module SafeSAXSourceFlowConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxSource }
 
   predicate isSink(DataFlow::Node sink) {
@@ -42,18 +52,6 @@ class UnsafeXxeSink extends DataFlow::ExprNode {
     )
   }
 }
-
-module XXELocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { 
-    source instanceof LocalUserInput and
-    not exists(DataFlow::Node src | src.asExpr() instanceof SafeSaxSource)}
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeXxeSink }
-}
-
-module XXELocalFlow = TaintTracking::Global<XXELocalConfig>;
-import XXELocalFlow::PathGraph
-
 from XXELocalFlow::PathNode source, XXELocalFlow::PathNode sink
 where XXELocalFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Unsafe parsing of XML file from $@.", source.getNode(),
