From 3bcd445a3236456f9383da456a9e83a4446e8908 Mon Sep 17 00:00:00 2001
From: Mark Shannon <mark@hotpy.org>
Date: Thu, 4 Apr 2019 14:45:37 +0100
Subject: [PATCH] Python change 'SimpleHttpResponseTaintSink' to
 'HttpResponseTaintSink'.

---
 python/ql/src/Security/CWE-079/ReflectedXss.ql          | 2 +-
 python/ql/src/semmle/python/web/Http.qll                | 2 +-
 python/ql/src/semmle/python/web/bottle/Response.qll     | 4 ++--
 python/ql/src/semmle/python/web/cherrypy/Response.qll   | 2 +-
 python/ql/src/semmle/python/web/django/Response.qll     | 4 ++--
 python/ql/src/semmle/python/web/falcon/Response.qll     | 2 +-
 python/ql/src/semmle/python/web/flask/Response.qll      | 4 ++--
 python/ql/src/semmle/python/web/pyramid/Response.qll    | 2 +-
 python/ql/src/semmle/python/web/tornado/Response.qll    | 6 +++---
 python/ql/src/semmle/python/web/turbogears/Response.qll | 4 ++--
 python/ql/src/semmle/python/web/twisted/Response.qll    | 2 +-
 11 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/python/ql/src/Security/CWE-079/ReflectedXss.ql b/python/ql/src/Security/CWE-079/ReflectedXss.ql
index 48572518cef..2f270b17421 100644
--- a/python/ql/src/Security/CWE-079/ReflectedXss.ql
+++ b/python/ql/src/Security/CWE-079/ReflectedXss.ql
@@ -32,7 +32,7 @@ class RefectedXssConfiguration extends TaintTracking::Configuration {
 
     override predicate isSource(TaintTracking::Source source) { source instanceof HttpRequestTaintSource }
 
-    override predicate isSink(TaintTracking::Sink sink) { sink instanceof SimpleHttpResponseTaintSink }
+    override predicate isSink(TaintTracking::Sink sink) { sink instanceof HttpResponseTaintSink }
 
 }
 
diff --git a/python/ql/src/semmle/python/web/Http.qll b/python/ql/src/semmle/python/web/Http.qll
index 578d3904cf6..ce109258e87 100644
--- a/python/ql/src/semmle/python/web/Http.qll
+++ b/python/ql/src/semmle/python/web/Http.qll
@@ -86,7 +86,7 @@ class UntrustedCookie extends TaintKind {
 
 
 /** Generic taint sink in a http response */
-abstract class SimpleHttpResponseTaintSink extends TaintSink {
+abstract class HttpResponseTaintSink extends TaintSink {
 
     override predicate sinks(TaintKind kind) { 
         kind instanceof ExternalStringKind
diff --git a/python/ql/src/semmle/python/web/bottle/Response.qll b/python/ql/src/semmle/python/web/bottle/Response.qll
index adb44b423a9..2f0f37533b6 100644
--- a/python/ql/src/semmle/python/web/bottle/Response.qll
+++ b/python/ql/src/semmle/python/web/bottle/Response.qll
@@ -22,7 +22,7 @@ private Object theBottleResponseObject() {
     result = theBottleModule().attr("response")
 }
 
-class BottleResponseBodyAssignment extends SimpleHttpResponseTaintSink {
+class BottleResponseBodyAssignment extends HttpResponseTaintSink {
 
     BottleResponseBodyAssignment() {
         exists(DefinitionNode lhs |
@@ -37,7 +37,7 @@ class BottleResponseBodyAssignment extends SimpleHttpResponseTaintSink {
 
 }
 
-class BottleHandlerFunctionResult extends SimpleHttpResponseTaintSink {
+class BottleHandlerFunctionResult extends HttpResponseTaintSink {
 
     BottleHandlerFunctionResult() {
         exists(BottleRoute route, Return ret |
diff --git a/python/ql/src/semmle/python/web/cherrypy/Response.qll b/python/ql/src/semmle/python/web/cherrypy/Response.qll
index 19bcc3ec884..c194ededaac 100644
--- a/python/ql/src/semmle/python/web/cherrypy/Response.qll
+++ b/python/ql/src/semmle/python/web/cherrypy/Response.qll
@@ -7,7 +7,7 @@ import semmle.python.web.cherrypy.General
 
 
 
-class CherryPyExposedFunctionResult extends SimpleHttpResponseTaintSink {
+class CherryPyExposedFunctionResult extends HttpResponseTaintSink {
 
     CherryPyExposedFunctionResult() {
         exists(Return ret |
diff --git a/python/ql/src/semmle/python/web/django/Response.qll b/python/ql/src/semmle/python/web/django/Response.qll
index 582e06e87b1..d4a4e460ace 100644
--- a/python/ql/src/semmle/python/web/django/Response.qll
+++ b/python/ql/src/semmle/python/web/django/Response.qll
@@ -40,7 +40,7 @@ class DjangoResponseSource extends TaintSource {
 }
 
 /** A write to a django response, which is vulnerable to external data (xss) */
-class DjangoResponseWrite extends SimpleHttpResponseTaintSink {
+class DjangoResponseWrite extends HttpResponseTaintSink {
 
     DjangoResponseWrite() {
         exists(AttrNode meth, CallNode call |
@@ -61,7 +61,7 @@ class DjangoResponseWrite extends SimpleHttpResponseTaintSink {
 }
 
 /** An argument to initialization of a django response, which is vulnerable to external data (xss) */
-class DjangoResponseContent extends SimpleHttpResponseTaintSink {
+class DjangoResponseContent extends HttpResponseTaintSink {
 
     DjangoResponseContent() {
         exists(CallNode call, ClassObject cls |
diff --git a/python/ql/src/semmle/python/web/falcon/Response.qll b/python/ql/src/semmle/python/web/falcon/Response.qll
index bac0edc5727..acdea6551d4 100644
--- a/python/ql/src/semmle/python/web/falcon/Response.qll
+++ b/python/ql/src/semmle/python/web/falcon/Response.qll
@@ -30,7 +30,7 @@ class FalconResponseParameter extends TaintSource {
 
 }
 
-class FalconResponseBodySink extends SimpleHttpResponseTaintSink {
+class FalconResponseBodySink extends HttpResponseTaintSink {
 
     FalconResponseBodySink() {
         exists(AttrNode attr |
diff --git a/python/ql/src/semmle/python/web/flask/Response.qll b/python/ql/src/semmle/python/web/flask/Response.qll
index 1a3a6d24ec9..71228c197ba 100644
--- a/python/ql/src/semmle/python/web/flask/Response.qll
+++ b/python/ql/src/semmle/python/web/flask/Response.qll
@@ -8,7 +8,7 @@ import semmle.python.web.flask.General
 
 /** A flask response, which is vulnerable to any sort of 
  * http response malice. */
-class FlaskRoutedResponse extends SimpleHttpResponseTaintSink {
+class FlaskRoutedResponse extends HttpResponseTaintSink {
 
     FlaskRoutedResponse() {
         exists(PyFunctionObject response |
@@ -28,7 +28,7 @@ class FlaskRoutedResponse extends SimpleHttpResponseTaintSink {
 }
 
 
-class FlaskResponseArgument extends SimpleHttpResponseTaintSink {
+class FlaskResponseArgument extends HttpResponseTaintSink {
 
     FlaskResponseArgument() {
         exists(CallNode call |
diff --git a/python/ql/src/semmle/python/web/pyramid/Response.qll b/python/ql/src/semmle/python/web/pyramid/Response.qll
index 5707bb733b8..67de1cdca4b 100644
--- a/python/ql/src/semmle/python/web/pyramid/Response.qll
+++ b/python/ql/src/semmle/python/web/pyramid/Response.qll
@@ -9,7 +9,7 @@ private import semmle.python.web.Http
 
 /** A pyramid response, which is vulnerable to any sort of 
  * http response malice. */
-class PyramidRoutedResponse extends SimpleHttpResponseTaintSink {
+class PyramidRoutedResponse extends HttpResponseTaintSink {
 
     PyramidRoutedResponse() {
         exists(PyFunctionObject view |
diff --git a/python/ql/src/semmle/python/web/tornado/Response.qll b/python/ql/src/semmle/python/web/tornado/Response.qll
index b9790811a30..ebaae1414ea 100644
--- a/python/ql/src/semmle/python/web/tornado/Response.qll
+++ b/python/ql/src/semmle/python/web/tornado/Response.qll
@@ -31,7 +31,7 @@ class TornadoConnectionSource extends TaintSource {
 
 }
 
-class TornadoConnectionWrite extends SimpleHttpResponseTaintSink {
+class TornadoConnectionWrite extends HttpResponseTaintSink {
 
     override string toString() {
         result = "tornado.connection.write"
@@ -53,7 +53,7 @@ class TornadoConnectionWrite extends SimpleHttpResponseTaintSink {
 
 }
 
-class TornadoHttpRequestHandlerWrite extends SimpleHttpResponseTaintSink {
+class TornadoHttpRequestHandlerWrite extends HttpResponseTaintSink {
 
     override string toString() {
         result = "tornado.HttpRequesHandler.write"
@@ -73,7 +73,7 @@ class TornadoHttpRequestHandlerWrite extends SimpleHttpResponseTaintSink {
 
 }
 
-class TornadoHttpRequestHandlerRedirect extends SimpleHttpResponseTaintSink {
+class TornadoHttpRequestHandlerRedirect extends HttpResponseTaintSink {
 
     override string toString() {
         result = "tornado.HttpRequesHandler.redirect"
diff --git a/python/ql/src/semmle/python/web/turbogears/Response.qll b/python/ql/src/semmle/python/web/turbogears/Response.qll
index 4f109fcf992..b8640a6fcdd 100644
--- a/python/ql/src/semmle/python/web/turbogears/Response.qll
+++ b/python/ql/src/semmle/python/web/turbogears/Response.qll
@@ -7,7 +7,7 @@ import TurboGears
 
 
 
-class ControllerMethodReturnValue extends SimpleHttpResponseTaintSink {
+class ControllerMethodReturnValue extends HttpResponseTaintSink {
 
     ControllerMethodReturnValue() {
         exists(TurboGearsControllerMethod m |
@@ -22,7 +22,7 @@ class ControllerMethodReturnValue extends SimpleHttpResponseTaintSink {
 
 }
 
-class ControllerMethodTemplatedReturnValue extends SimpleHttpResponseTaintSink {
+class ControllerMethodTemplatedReturnValue extends HttpResponseTaintSink {
 
     ControllerMethodTemplatedReturnValue() {
         exists(TurboGearsControllerMethod m |
diff --git a/python/ql/src/semmle/python/web/twisted/Response.qll b/python/ql/src/semmle/python/web/twisted/Response.qll
index bf8ef778a95..cdf35933e61 100644
--- a/python/ql/src/semmle/python/web/twisted/Response.qll
+++ b/python/ql/src/semmle/python/web/twisted/Response.qll
@@ -30,7 +30,7 @@ class TwistedResponse extends TaintSink {
  * object, which affects the properties of the subsequent response sent to this
  * request.
  */
- class TwistedRequestSetter extends SimpleHttpResponseTaintSink {
+ class TwistedRequestSetter extends HttpResponseTaintSink {
     TwistedRequestSetter() {
         exists(CallNode call, ControlFlowNode node, string name |
             (