Merge pull request #10096 from erik-krogh/acronyms-part1

make acronyms camelcase
2026-04-27 09:45:15 +02:00 · 2022-08-24 09:33:53 +02:00
parent 18ed9ed2ee 82a5b7838c
commit 4df2e5d937
108 changed files with 779 additions and 491 deletions
--- a/javascript/ql/lib/change-notes/2022-08-22-xml-rename.md
+++ b/javascript/ql/lib/change-notes/2022-08-22-xml-rename.md
@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
  The old name still exists as a deprecated alias.
--- a/javascript/ql/lib/semmle/javascript/XML.qll
+++ b/javascript/ql/lib/semmle/javascript/XML.qll
@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
  XmlElement getARootElement() { result = this.getAChild() }

  /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }

 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
 * <!ELEMENT lastName (#PCDATA)>
 * ```
 */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
  /** Gets the name of the root element of this DTD. */
  string getRoot() { xmlDTDs(this, result, _, _, _) }

@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
  }
 }

-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;

 /**
 * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
  string getPrefix() { xmlNs(this, result, _, _) }

  /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }

  /** Holds if this namespace has no prefix. */
  predicate isDefault() { this.getPrefix() = "" }

  override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
    or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
  }
 }

--- a/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll
@@ -4,9 +4,9 @@

 import javascript

-/** Provides classes for modeling NoSQL query sinks. */
+/** Provides classes for modeling NoSql query sinks. */
 module NoSql {
-  /** An expression that is interpreted as a NoSQL query. */
+  /** An expression that is interpreted as a NoSql query. */
  abstract class Query extends Expr {
    /** Gets an expression that is interpreted as a code operator in this query. */
    DataFlow::Node getACodeOperator() { none() }
--- a/javascript/ql/lib/semmle/javascript/frameworks/ServerLess.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/ServerLess.qll
@@ -14,15 +14,15 @@ private module ServerLess {
   * Holds if the `.yml` file `ymlFile` contains a serverless configuration with `handler` and `codeURI` properties.
   * `codeURI` defaults to the empty string if no explicit value is set in the configuration.
   */
-  private predicate hasServerlessHandler(File ymlFile, string handler, string codeURI) {
+  private predicate hasServerlessHandler(File ymlFile, string handler, string codeUri) {
    exists(YAMLMapping resource | ymlFile = resource.getFile() |
      // There exists at least "AWS::Serverless::Function" and "Aliyun::Serverless::Function"
      resource.lookup("Type").(YAMLScalar).getValue().regexpMatch(".*::Serverless::Function") and
      exists(YAMLMapping properties | properties = resource.lookup("Properties") |
        handler = properties.lookup("Handler").(YAMLScalar).getValue() and
        if exists(properties.lookup("CodeUri"))
-        then codeURI = properties.lookup("CodeUri").(YAMLScalar).getValue()
-        else codeURI = ""
+        then codeUri = properties.lookup("CodeUri").(YAMLScalar).getValue()
+        else codeUri = ""
      )
      or
      // The `serverless` library, which specifies a top-level `functions` property
@@ -30,7 +30,7 @@ private module ServerLess {
        functions = resource.lookup("functions") and
        not exists(resource.getParentNode()) and
        handler = functions.getValue(_).(YAMLMapping).lookup("handler").(YAMLScalar).getValue() and
-        codeURI = ""
+        codeUri = ""
      )
    )
  }
@@ -58,9 +58,9 @@ private module ServerLess {
   *
   * For example if `codeURI` is "function/." and `file` is "index", then the result becomes "function/index.js".
   */
-  bindingset[codeURI, file]
-  private string getPathFromHandlerProperties(string codeURI, string file) {
-    exists(string folder | folder = removeLeadingDotSlash(removeTrailingDot(codeURI)) |
+  bindingset[codeUri, file]
+  private string getPathFromHandlerProperties(string codeUri, string file) {
+    exists(string folder | folder = removeLeadingDotSlash(removeTrailingDot(codeUri)) |
      result = folder + file + ".js"
    )
  }
@@ -69,8 +69,8 @@ private module ServerLess {
   * Holds if `file` has a serverless handler function with name `func`.
   */
  private predicate hasServerlessHandler(File file, string func) {
-    exists(File ymlFile, string handler, string codeURI, string fileName |
-      hasServerlessHandler(ymlFile, handler, codeURI) and
+    exists(File ymlFile, string handler, string codeUri, string fileName |
+      hasServerlessHandler(ymlFile, handler, codeUri) and
      // Splits a `handler` into two components. The `fileName` to the left of the dot, and the `func` to the right.
      // E.g. if `handler` is "index.foo", then `fileName` is "index" and `func` is "foo".
      exists(string pattern | pattern = "(.*)\\.(.*)" |
@@ -80,7 +80,7 @@ private module ServerLess {
    |
      file.getAbsolutePath() =
        ymlFile.getParentContainer().getAbsolutePath() + "/" +
-          getPathFromHandlerProperties(codeURI, fileName)
+          getPathFromHandlerProperties(codeUri, fileName)
    )
  }

--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
@@ -177,7 +177,7 @@ module ClientSideUrlRedirect {
      )
      or
      // e.g. node.setAttribute("href", sink)
-      any(DomMethodCallExpr call).interpretsArgumentsAsURL(this.asExpr())
+      any(DomMethodCallExpr call).interpretsArgumentsAsUrl(this.asExpr())
    }

    override predicate isXssSink() { any() }
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
@@ -86,7 +86,7 @@ class DomMethodCallExpr extends MethodCallExpr {
  /**
   * Holds if `arg` is an argument that is used as an URL.
   */
-  predicate interpretsArgumentsAsURL(Expr arg) {
+  predicate interpretsArgumentsAsUrl(Expr arg) {
    exists(int argPos, string name |
      arg = this.getArgument(argPos) and
      name = this.getMethodName()
@@ -103,6 +103,9 @@ class DomMethodCallExpr extends MethodCallExpr {
    )
  }

+  /** DEPRECATED: Alias for interpretsArgumentsAsUrl */
+  deprecated predicate interpretsArgumentsAsURL(Expr arg) { this.interpretsArgumentsAsUrl(arg) }
+
  /** DEPRECATED: Alias for interpretsArgumentsAsHtml */
  deprecated predicate interpretsArgumentsAsHTML(Expr arg) { this.interpretsArgumentsAsHtml(arg) }
 }
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
@@ -23,13 +23,16 @@ deprecated class JQueryHtmlOrSelectorInjectionConfiguration = Configuration;
 * A sink that is not a URL write or a JQuery selector,
 * assumed to be a value that is interpreted as HTML.
 */
-class HTMLSink extends DataFlow::Node instanceof Sink {
-  HTMLSink() {
+class HtmlSink extends DataFlow::Node instanceof Sink {
+  HtmlSink() {
    not this instanceof WriteUrlSink and
    not this instanceof JQueryHtmlOrSelectorSink
  }
 }

+/** DEPRECATED: Alias for HtmlSink */
+deprecated class HTMLSink = HtmlSink;
+
 /**
 * A taint-tracking configuration for reasoning about XSS.
 * Both ordinary HTML sinks, URL sinks, and JQuery selector based sinks.
@@ -55,7 +58,7 @@ class Configuration extends TaintTracking::Configuration {
  }

  override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
-    sink instanceof HTMLSink and
+    sink instanceof HtmlSink and
    label = [TaintedUrlSuffix::label(), prefixLabel(), DataFlow::FlowLabel::taint()]
    or
    sink instanceof JQueryHtmlOrSelectorSink and
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll
@@ -1,10 +1,10 @@
-/** DEPRECATED. Import `ExternalAPIUsedWithUntrustedDataQuery` instead. */
+/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */

 import javascript
-private import ExternalAPIUsedWithUntrustedDataQuery as ExternalAPIUsedWithUntrustedDataQuery // ignore-query-import
+private import ExternalAPIUsedWithUntrustedDataQuery as ExternalApiUsedWithUntrustedDataQuery // ignore-query-import

-/** DEPRECATED. Import `ExternalAPIUsedWithUntrustedDataQuery` instead. */
-deprecated module ExternalApiUsedWithUntrustedData = ExternalAPIUsedWithUntrustedDataQuery;
+/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */
+deprecated module ExternalApiUsedWithUntrustedData = ExternalApiUsedWithUntrustedDataQuery;

 /** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
 deprecated module ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll
@@ -81,6 +81,7 @@ deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
 * Name of an external API sink, boxed in a newtype for consistency with other languages.
 */
 private newtype TExternalApi =
+  /** An external API sink with `name`. */
  MkExternalApiNode(string name) {
    exists(Sink sink |
      any(Configuration c).hasFlow(_, sink) and
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll
@@ -62,7 +62,7 @@ module Shared {
    }
  }

-  private import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHTML
+  private import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHtml

  /**
   * A guard that checks if a string can contain quotes, which is a guard for strings that are inside a HTML attribute.
@@ -72,7 +72,7 @@ module Shared {
      this.getSubstring().mayHaveStringValue("\"") and
      this.getBaseString()
          .getALocalSource()
-          .flowsTo(any(IncompleteHTML::HtmlAttributeConcatenation attributeConcat))
+          .flowsTo(any(IncompleteHtml::HtmlAttributeConcatenation attributeConcat))
    }

    override predicate sanitizes(boolean outcome, Expr e) {