Python: Change all remaining occurrences of StrConst

Done using
```
git grep StrConst | xargs sed -i 's/StrConst/StringLiteral/g'
```

python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyFlask.qll

@@ -121,7 +121,7 @@ module FlaskConstantSecretKeyConfig {
           .getACall() and
     result =
       [
-        cn.getParameter(0).getAValueReachingSink().asExpr().(StrConst).getText(),
+        cn.getParameter(0).getAValueReachingSink().asExpr().(StringLiteral).getText(),
         cn.getParameter(0).asSink().asExpr().(Name).getId()
       ]
   }
@@ -134,6 +134,6 @@ module FlaskConstantSecretKeyConfig {
           .getASuccessor*()
           .getMember("from_object")
           .getACall() and
-    result = cn.getParameter(0).asSink().asExpr().(StrConst).getText()
+    result = cn.getParameter(0).asSink().asExpr().(StringLiteral).getText()
   }
 }

python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeySource.qll

@@ -11,12 +11,12 @@ class WebAppConstantSecretKeySource extends DataFlow::Node {
         env = API::moduleImport("environ").getMember("Env") and
         // has default value
         exists(API::Node param | param = env.getKeywordParameter("SECRET_KEY") |
-          param.asSink().asExpr().getASubExpression*() instanceof StrConst
+          param.asSink().asExpr().getASubExpression*() instanceof StringLiteral
         ) and
         this = env.getReturn().getReturn().asSource()
       )
       or
-      this.asExpr() instanceof StrConst
+      this.asExpr() instanceof StringLiteral
       or
       exists(API::CallNode cn |
         cn =
@@ -25,7 +25,7 @@ class WebAppConstantSecretKeySource extends DataFlow::Node {
             API::moduleImport("os").getMember("environ").getMember("get").getACall()
           ] and
         cn.getNumArgument() = 2 and
-        DataFlow::localFlow(any(DataFlow::Node n | n.asExpr() instanceof StrConst), cn.getArg(1)) and
+        DataFlow::localFlow(any(DataFlow::Node n | n.asExpr() instanceof StringLiteral), cn.getArg(1)) and
         this.asExpr() = cn.asExpr()
       )
     ) and

python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql

@@ -20,7 +20,7 @@ predicate authenticatesImproperly(LdapBind ldapBind) {
     not exists(ldapBind.getPassword())
   )
   or
-  exists(StrConst emptyString |
+  exists(StringLiteral emptyString |
     emptyString.getText() = "" and
     DataFlow::localFlow(DataFlow::exprNode(emptyString), ldapBind.getPassword())
   )

python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql

@@ -109,7 +109,7 @@ private module AzureBlobClientConfig implements DataFlow::StateConfigSig {
     exists(DataFlow::AttrWrite attr |
       node = anyClient(_).getAValueReachableFromSource() and
       attr.accesses(node, "encryption_version") and
-      attr.getValue().asExpr().(StrConst).getText() in ["'2.0'", "2.0"]
+      attr.getValue().asExpr().(StringLiteral).getText() in ["'2.0'", "2.0"]
     )
     or
     // small optimization to block flow with no encryption out of the post-update node

python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql

@@ -41,7 +41,7 @@ private module ClientSuppliedIpUsedInSecurityCheckConfig implements DataFlow::Co
     exists(Subscript ss |
       not ss.getIndex().(IntegerLiteral).getText() = "0" and
       ss.getObject().(Call).getFunc().(Attribute).getName() = "split" and
-      ss.getObject().(Call).getAnArg().(StrConst).getText() = "," and
+      ss.getObject().(Call).getAnArg().(StringLiteral).getText() = "," and
       ss = node.asExpr()
     )
   }

python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll

@@ -20,7 +20,7 @@ private class FlaskClientSuppliedIpUsedInSecurityCheck extends ClientSuppliedIpU
 {
   FlaskClientSuppliedIpUsedInSecurityCheck() {
     this = Flask::request().getMember("headers").getMember(["get", "get_all", "getlist"]).getACall() and
-    this.getArg(0).asExpr().(StrConst).getText().toLowerCase() = clientIpParameterName()
+    this.getArg(0).asExpr().(StringLiteral).getText().toLowerCase() = clientIpParameterName()
   }
 }
 
@@ -35,7 +35,7 @@ private class DjangoClientSuppliedIpUsedInSecurityCheck extends ClientSuppliedIp
       headers.getAttributeName() in ["headers", "META"] and
       this.calls(headers, "get")
     ) and
-    this.getArg(0).asExpr().(StrConst).getText().toLowerCase() = clientIpParameterName()
+    this.getArg(0).asExpr().(StringLiteral).getText().toLowerCase() = clientIpParameterName()
   }
 }
 
@@ -54,7 +54,7 @@ private class TornadoClientSuppliedIpUsedInSecurityCheck extends ClientSuppliedI
       headers.getAttributeName() = "headers" and
       this.calls(headers, ["get", "get_list"])
     ) and
-    this.getArg(0).asExpr().(StrConst).getText().toLowerCase() = clientIpParameterName()
+    this.getArg(0).asExpr().(StringLiteral).getText().toLowerCase() = clientIpParameterName()
   }
 }
 
@@ -85,8 +85,8 @@ private class CompareSink extends PossibleSecurityCheck {
   CompareSink() {
     exists(Call call |
       call.getFunc().(Attribute).getName() = "startswith" and
-      call.getArg(0).(StrConst).getText().regexpMatch(getIpAddressRegex()) and
-      not call.getArg(0).(StrConst).getText() = "0:0:0:0:0:0:0:1" and
+      call.getArg(0).(StringLiteral).getText().regexpMatch(getIpAddressRegex()) and
+      not call.getArg(0).(StringLiteral).getText() = "0:0:0:0:0:0:0:1" and
       call.getFunc().(Attribute).getObject() = this.asExpr()
     )
     or
@@ -97,12 +97,12 @@ private class CompareSink extends PossibleSecurityCheck {
       ) and
       (
         compare.getLeft() = this.asExpr() and
-        compare.getComparator(0).(StrConst).getText() instanceof PrivateHostName and
-        not compare.getComparator(0).(StrConst).getText() = "0:0:0:0:0:0:0:1"
+        compare.getComparator(0).(StringLiteral).getText() instanceof PrivateHostName and
+        not compare.getComparator(0).(StringLiteral).getText() = "0:0:0:0:0:0:0:1"
         or
         compare.getComparator(0) = this.asExpr() and
-        compare.getLeft().(StrConst).getText() instanceof PrivateHostName and
-        not compare.getLeft().(StrConst).getText() = "0:0:0:0:0:0:0:1"
+        compare.getLeft().(StringLiteral).getText() instanceof PrivateHostName and
+        not compare.getLeft().(StringLiteral).getText() = "0:0:0:0:0:0:0:1"
       )
     )
     or
@@ -115,7 +115,7 @@ private class CompareSink extends PossibleSecurityCheck {
         compare.getLeft() = this.asExpr()
         or
         compare.getComparator(0) = this.asExpr() and
-        not compare.getLeft().(StrConst).getText() in ["%", ",", "."]
+        not compare.getLeft().(StringLiteral).getText() in ["%", ",", "."]
       )
     )
   }

python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql

@@ -25,16 +25,16 @@ class UnicodeCompatibilityNormalize extends API::CallNode {
   UnicodeCompatibilityNormalize() {
     (
       this = API::moduleImport("unicodedata").getMember("normalize").getACall() and
-      this.getParameter(0).getAValueReachingSink().asExpr().(StrConst).getText() in ["NFKC", "NFKD"]
+      this.getParameter(0).getAValueReachingSink().asExpr().(StringLiteral).getText() in ["NFKC", "NFKD"]
       or
       this = API::moduleImport("pyunormalize").getMember("normalize").getACall() and
-      this.getParameter(0).getAValueReachingSink().asExpr().(StrConst).getText() in ["NFKC", "NFKD"]
+      this.getParameter(0).getAValueReachingSink().asExpr().(StringLiteral).getText() in ["NFKC", "NFKD"]
     ) and
     argIdx = 1
     or
     (
       this = API::moduleImport("textnorm").getMember("normalize_unicode").getACall() and
-      this.getParameter(1).getAValueReachingSink().asExpr().(StrConst).getText() in ["NFKC", "NFKD"]
+      this.getParameter(1).getAValueReachingSink().asExpr().(StringLiteral).getText() in ["NFKC", "NFKD"]
       or
       this = API::moduleImport("unidecode").getMember("unidecode").getACall()
       or