Merge branch 'main' into msgConsis

2025-12-17 01:03:14 +01:00 · 2022-08-24 14:38:57 +02:00
parent 27fcc90a97 20ac15d549
commit 1c0f2251e2
233 changed files with 74494 additions and 1504 deletions
--- a/cpp/ql/lib/change-notes/2022-08-22-xml-rename.md
+++ b/cpp/ql/lib/change-notes/2022-08-22-xml-rename.md
@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
  The old name still exists as a deprecated alias.
--- a/cpp/ql/lib/semmle/code/cpp/XML.qll
+++ b/cpp/ql/lib/semmle/code/cpp/XML.qll
@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
  XmlElement getARootElement() { result = this.getAChild() }

  /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }

 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
 * <!ELEMENT lastName (#PCDATA)>
 * ```
 */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
  /** Gets the name of the root element of this DTD. */
  string getRoot() { xmlDTDs(this, result, _, _, _) }

@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
  }
 }

-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;

 /**
 * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
  string getPrefix() { xmlNs(this, result, _, _) }

  /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }

  /** Holds if this namespace has no prefix. */
  predicate isDefault() { this.getPrefix() = "" }

  override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
    or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
  }
 }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll
@@ -3,7 +3,7 @@ import semmle.code.cpp.ir.internal.Overlap
 private import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 private import semmle.code.cpp.Print
 private import semmle.code.cpp.ir.implementation.unaliased_ssa.IR
-private import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as OldSSA
+private import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as OldSsa
 private import semmle.code.cpp.ir.internal.IntegerConstant as Ints
 private import semmle.code.cpp.ir.internal.IntegerInterval as Interval
 private import semmle.code.cpp.ir.implementation.internal.OperandTag
@@ -572,7 +572,7 @@ private Overlap getVariableMemoryLocationOverlap(
 * Holds if the def/use information for the result of `instr` can be reused from the previous
 * iteration of the IR.
 */
-predicate canReuseSsaForOldResult(Instruction instr) { OldSSA::canReuseSsaForMemoryResult(instr) }
+predicate canReuseSsaForOldResult(Instruction instr) { OldSsa::canReuseSsaForMemoryResult(instr) }

 /** DEPRECATED: Alias for canReuseSsaForOldResult */
 deprecated predicate canReuseSSAForOldResult = canReuseSsaForOldResult/1;
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll
@@ -5,8 +5,8 @@ private import Imports::OperandTag
 private import Imports::Overlap
 private import Imports::TInstruction
 private import Imports::RawIR as RawIR
-private import SSAInstructions
-private import SSAOperands
+private import SsaInstructions
+private import SsaOperands
 private import NewIR

 private class OldBlock = Reachability::ReachableBlock;
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionInternal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionInternal.qll
@@ -2,7 +2,14 @@ import semmle.code.cpp.ir.implementation.unaliased_ssa.IR as OldIR
 import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.reachability.ReachableBlock as Reachability
 import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.reachability.Dominance as Dominance
 import semmle.code.cpp.ir.implementation.aliased_ssa.IR as NewIR
-import semmle.code.cpp.ir.implementation.internal.TInstruction::AliasedSsaInstructions as SSAInstructions
+import semmle.code.cpp.ir.implementation.internal.TInstruction::AliasedSsaInstructions as SsaInstructions
+
+/** DEPRECATED: Alias for SsaInstructions */
+deprecated module SSAInstructions = SsaInstructions;
+
 import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 import AliasedSSA as Alias
-import semmle.code.cpp.ir.implementation.internal.TOperand::AliasedSsaOperands as SSAOperands
+import semmle.code.cpp.ir.implementation.internal.TOperand::AliasedSsaOperands as SsaOperands
+
+/** DEPRECATED: Alias for SsaOperands */
+deprecated module SSAOperands = SsaOperands;
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll
@@ -29,15 +29,15 @@ newtype TInstruction =
    UnaliasedSsa::SSA::hasUnreachedInstruction(irFunc)
  } or
  TAliasedSsaPhiInstruction(
-    TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation
+    TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation
  ) {
-    AliasedSSA::SSA::hasPhiInstruction(blockStartInstr, memoryLocation)
+    AliasedSsa::SSA::hasPhiInstruction(blockStartInstr, memoryLocation)
  } or
  TAliasedSsaChiInstruction(TRawInstruction primaryInstruction) {
-    AliasedSSA::SSA::hasChiInstruction(primaryInstruction)
+    AliasedSsa::SSA::hasChiInstruction(primaryInstruction)
  } or
  TAliasedSsaUnreachedInstruction(IRFunctionBase irFunc) {
-    AliasedSSA::SSA::hasUnreachedInstruction(irFunc)
+    AliasedSsa::SSA::hasUnreachedInstruction(irFunc)
  }

 /**
@@ -83,7 +83,7 @@ module AliasedSsaInstructions {
  class TPhiInstruction = TAliasedSsaPhiInstruction or TUnaliasedSsaPhiInstruction;

  TPhiInstruction phiInstruction(
-    TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation
+    TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation
  ) {
    result = TAliasedSsaPhiInstruction(blockStartInstr, memoryLocation)
  }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstructionInternal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstructionInternal.qll
@@ -1,4 +1,7 @@
 import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as IRConstruction
 import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as UnaliasedSsa
-import semmle.code.cpp.ir.implementation.aliased_ssa.internal.SSAConstruction as AliasedSSA
+import semmle.code.cpp.ir.implementation.aliased_ssa.internal.SSAConstruction as AliasedSsa
+
+/** DEPRECATED: Alias for AliasedSsa */
+deprecated module AliasedSSA = AliasedSsa;
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
@@ -5,8 +5,8 @@ private import Imports::OperandTag
 private import Imports::Overlap
 private import Imports::TInstruction
 private import Imports::RawIR as RawIR
-private import SSAInstructions
-private import SSAOperands
+private import SsaInstructions
+private import SsaOperands
 private import NewIR

 private class OldBlock = Reachability::ReachableBlock;
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll
@@ -3,7 +3,14 @@ import semmle.code.cpp.ir.implementation.raw.internal.reachability.ReachableBloc
 import semmle.code.cpp.ir.implementation.raw.internal.reachability.Dominance as Dominance
 import semmle.code.cpp.ir.implementation.unaliased_ssa.IR as NewIR
 import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as RawStage
-import semmle.code.cpp.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SSAInstructions
+import semmle.code.cpp.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SsaInstructions
+
+/** DEPRECATED: Alias for SsaInstructions */
+deprecated module SSAInstructions = SsaInstructions;
+
 import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 import SimpleSSA as Alias
-import semmle.code.cpp.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SSAOperands
+import semmle.code.cpp.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SsaOperands
+
+/** DEPRECATED: Alias for SsaOperands */
+deprecated module SSAOperands = SsaOperands;
--- a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll
+++ b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll
@@ -21,7 +21,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;

+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
  TExternalApiParameter(Function f, int index) {
    exists(UntrustedExternalApiDataNode n |
      f = n.getExternalFunction() and
--- a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll
+++ b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll
@@ -21,7 +21,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;

+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
  TExternalApiParameter(Function f, int index) {
    exists(UntrustedExternalApiDataNode n |
      f = n.getExternalFunction() and
--- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql
@@ -17,8 +17,8 @@ import semmle.code.cpp.dataflow.DataFlow
 /**
 * A call to `SSL_get_verify_result`.
 */
-class SSLGetVerifyResultCall extends FunctionCall {
-  SSLGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" }
+class SslGetVerifyResultCall extends FunctionCall {
+  SslGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" }
 }

 /**
@@ -29,7 +29,7 @@ class VerifyResultConfig extends DataFlow::Configuration {
  VerifyResultConfig() { this = "VerifyResultConfig" }

  override predicate isSource(DataFlow::Node source) {
-    source.asExpr() instanceof SSLGetVerifyResultCall
+    source.asExpr() instanceof SslGetVerifyResultCall
  }

  override predicate isSink(DataFlow::Node sink) {
--- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
+++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
@@ -17,33 +17,33 @@ import semmle.code.cpp.controlflow.IRGuards
 /**
 * A call to `SSL_get_peer_certificate`.
 */
-class SSLGetPeerCertificateCall extends FunctionCall {
-  SSLGetPeerCertificateCall() {
+class SslGetPeerCertificateCall extends FunctionCall {
+  SslGetPeerCertificateCall() {
    getTarget().getName() = "SSL_get_peer_certificate" // SSL_get_peer_certificate(ssl)
  }

-  Expr getSSLArgument() { result = getArgument(0) }
+  Expr getSslArgument() { result = getArgument(0) }
 }

 /**
 * A call to `SSL_get_verify_result`.
 */
-class SSLGetVerifyResultCall extends FunctionCall {
-  SSLGetVerifyResultCall() {
+class SslGetVerifyResultCall extends FunctionCall {
+  SslGetVerifyResultCall() {
    getTarget().getName() = "SSL_get_verify_result" // SSL_get_peer_certificate(ssl)
  }

-  Expr getSSLArgument() { result = getArgument(0) }
+  Expr getSslArgument() { result = getArgument(0) }
 }

 /**
 * Holds if the SSL object passed into `SSL_get_peer_certificate` is checked with
 * `SSL_get_verify_result` entering `node`.
 */
-predicate resultIsChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode node) {
-  exists(Expr ssl, SSLGetVerifyResultCall check |
-    ssl = globalValueNumber(getCertCall.getSSLArgument()).getAnExpr() and
-    ssl = check.getSSLArgument() and
+predicate resultIsChecked(SslGetPeerCertificateCall getCertCall, ControlFlowNode node) {
+  exists(Expr ssl, SslGetVerifyResultCall check |
+    ssl = globalValueNumber(getCertCall.getSslArgument()).getAnExpr() and
+    ssl = check.getSslArgument() and
    node = check
  )
 }
@@ -53,7 +53,7 @@ predicate resultIsChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode
 * `0` on the edge `node1` to `node2`.
 */
 predicate certIsZero(
-  SSLGetPeerCertificateCall getCertCall, ControlFlowNode node1, ControlFlowNode node2
+  SslGetPeerCertificateCall getCertCall, ControlFlowNode node1, ControlFlowNode node2
 ) {
  exists(Expr cert | cert = globalValueNumber(getCertCall).getAnExpr() |
    exists(GuardCondition guard, Expr zero |
@@ -87,7 +87,7 @@ predicate certIsZero(
 * `SSL_get_verify_result` at `node`. Note that this is only computed at the call to
 * `SSL_get_peer_certificate` and at the start and end of `BasicBlock`s.
 */
-predicate certNotChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode node) {
+predicate certNotChecked(SslGetPeerCertificateCall getCertCall, ControlFlowNode node) {
  // cert is not checked at the call to `SSL_get_peer_certificate`
  node = getCertCall
  or
@@ -112,7 +112,7 @@ predicate certNotChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode
  )
 }

-from SSLGetPeerCertificateCall getCertCall, ControlFlowNode node
+from SslGetPeerCertificateCall getCertCall, ControlFlowNode node
 where
  certNotChecked(getCertCall, node) and
  node instanceof Function // (function exit)
--- a/cpp/ql/src/Security/CWE/CWE-497/SystemData.qll
+++ b/cpp/ql/src/Security/CWE/CWE-497/SystemData.qll
@@ -47,14 +47,17 @@ class EnvData extends SystemData {
 /**
 * Data originating from a call to `mysql_get_client_info()`.
 */
-class SQLClientInfo extends SystemData {
-  SQLClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") }
+class SqlClientInfo extends SystemData {
+  SqlClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") }

  override DataFlow::Node getAnExpr() { result.asConvertedExpr() = this }

  override predicate isSensitive() { any() }
 }

+/** DEPRECATED: Alias for SqlClientInfo */
+deprecated class SQLClientInfo = SqlClientInfo;
+
 private predicate sqlConnectInfo(FunctionCall source, Expr use) {
  (
    source.getTarget().hasName("mysql_connect") or
@@ -66,14 +69,17 @@ private predicate sqlConnectInfo(FunctionCall source, Expr use) {
 /**
 * Data passed into an SQL connect function.
 */
-class SQLConnectInfo extends SystemData {
-  SQLConnectInfo() { sqlConnectInfo(this, _) }
+class SqlConnectInfo extends SystemData {
+  SqlConnectInfo() { sqlConnectInfo(this, _) }

  override DataFlow::Node getAnExpr() { sqlConnectInfo(this, result.asConvertedExpr()) }

  override predicate isSensitive() { any() }
 }

+/** DEPRECATED: Alias for SqlConnectInfo */
+deprecated class SQLConnectInfo = SqlConnectInfo;
+
 private predicate posixSystemInfo(FunctionCall source, DataFlow::Node use) {
  // size_t confstr(int name, char *buf, size_t len)
  //  - various OS / system strings, such as the libc version
--- a/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll
+++ b/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll
@@ -13,7 +13,7 @@

 import cpp
 private import semmle.code.cpp.ir.dataflow.DataFlow::DataFlow as IRDataFlow
-private import semmle.code.cpp.dataflow.DataFlow::DataFlow as ASTDataFlow
+private import semmle.code.cpp.dataflow.DataFlow::DataFlow as AstDataFlow
 import TestUtilities.InlineExpectationsTest

 class IRFlowTest extends InlineExpectationsTest {
@@ -49,11 +49,11 @@ class AstFlowTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    exists(
-      ASTDataFlow::Node source, ASTDataFlow::Node sink, ASTDataFlow::Configuration conf, int n
+      AstDataFlow::Node source, AstDataFlow::Node sink, AstDataFlow::Configuration conf, int n
    |
      tag = "ast" and
      conf.hasFlow(source, sink) and
-      n = strictcount(ASTDataFlow::Node otherSource | conf.hasFlow(otherSource, sink)) and
+      n = strictcount(AstDataFlow::Node otherSource | conf.hasFlow(otherSource, sink)) and
      (
        n = 1 and value = ""
        or
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql
+++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql
@@ -4,7 +4,7 @@
 */

 import cpp
-import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking
+import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking
 import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking
 import IRDefaultTaintTracking::TaintedWithPath as TaintedWithPath
 import TaintedWithPath::Private
@@ -17,7 +17,7 @@ predicate isSinkArgument(Element sink) {
  )
 }

-predicate astTaint(Expr source, Element sink) { ASTTaintTracking::tainted(source, sink) }
+predicate astTaint(Expr source, Element sink) { AstTaintTracking::tainted(source, sink) }

 class SourceConfiguration extends TaintedWithPath::TaintTrackingConfiguration {
  override predicate isSink(Element e) { isSinkArgument(e) }
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql
+++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql
@@ -5,7 +5,7 @@
 */

 import cpp
-import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking
+import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking
 import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking
 import IRDefaultTaintTracking::TaintedWithPath as TaintedWithPath
 import TestUtilities.InlineExpectationsTest
@@ -18,7 +18,7 @@ predicate argToSinkCall(Element sink) {
 }

 predicate astTaint(Expr source, Element sink) {
-  ASTTaintTracking::tainted(source, sink) and argToSinkCall(sink)
+  AstTaintTracking::tainted(source, sink) and argToSinkCall(sink)
 }

 class SourceConfiguration extends TaintedWithPath::TaintTrackingConfiguration {
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql
+++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql
@@ -1,11 +1,11 @@
 import cpp
 import semmle.code.cpp.security.Security
-import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking
+import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking
 import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking
 import TestUtilities.InlineExpectationsTest

 predicate astTaint(Expr source, Element sink, string globalVar) {
-  ASTTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != ""
+  AstTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != ""
 }

 predicate irTaint(Expr source, Element sink, string globalVar) {