Merge pull request #10096 from erik-krogh/acronyms-part1

make acronyms camelcase

cpp/ql/lib/change-notes/2022-08-22-xml-rename.md

@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
   The old name still exists as a deprecated alias.

cpp/ql/lib/semmle/code/cpp/XML.qll

@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
   XmlElement getARootElement() { result = this.getAChild() }
 
   /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }
 
 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
  * <!ELEMENT lastName (#PCDATA)>
  * ```
  */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
   /** Gets the name of the root element of this DTD. */
   string getRoot() { xmlDTDs(this, result, _, _, _) }
 
@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
   }
 }
 
-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;
 
 /**
  * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
   string getPrefix() { xmlNs(this, result, _, _) }
 
   /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }
 
   /** Holds if this namespace has no prefix. */
   predicate isDefault() { this.getPrefix() = "" }
 
   override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
     or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
   }
 }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll

@@ -3,7 +3,7 @@ import semmle.code.cpp.ir.internal.Overlap
 private import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 private import semmle.code.cpp.Print
 private import semmle.code.cpp.ir.implementation.unaliased_ssa.IR
-private import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as OldSSA
+private import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as OldSsa
 private import semmle.code.cpp.ir.internal.IntegerConstant as Ints
 private import semmle.code.cpp.ir.internal.IntegerInterval as Interval
 private import semmle.code.cpp.ir.implementation.internal.OperandTag
@@ -572,7 +572,7 @@ private Overlap getVariableMemoryLocationOverlap(
  * Holds if the def/use information for the result of `instr` can be reused from the previous
  * iteration of the IR.
  */
-predicate canReuseSsaForOldResult(Instruction instr) { OldSSA::canReuseSsaForMemoryResult(instr) }
+predicate canReuseSsaForOldResult(Instruction instr) { OldSsa::canReuseSsaForMemoryResult(instr) }
 
 /** DEPRECATED: Alias for canReuseSsaForOldResult */
 deprecated predicate canReuseSSAForOldResult = canReuseSsaForOldResult/1;

cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll

@@ -5,8 +5,8 @@ private import Imports::OperandTag
 private import Imports::Overlap
 private import Imports::TInstruction
 private import Imports::RawIR as RawIR
-private import SSAInstructions
-private import SSAOperands
+private import SsaInstructions
+private import SsaOperands
 private import NewIR
 
 private class OldBlock = Reachability::ReachableBlock;

cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionInternal.qll

@@ -2,7 +2,14 @@ import semmle.code.cpp.ir.implementation.unaliased_ssa.IR as OldIR
 import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.reachability.ReachableBlock as Reachability
 import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.reachability.Dominance as Dominance
 import semmle.code.cpp.ir.implementation.aliased_ssa.IR as NewIR
-import semmle.code.cpp.ir.implementation.internal.TInstruction::AliasedSsaInstructions as SSAInstructions
+import semmle.code.cpp.ir.implementation.internal.TInstruction::AliasedSsaInstructions as SsaInstructions
+
+/** DEPRECATED: Alias for SsaInstructions */
+deprecated module SSAInstructions = SsaInstructions;
+
 import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 import AliasedSSA as Alias
-import semmle.code.cpp.ir.implementation.internal.TOperand::AliasedSsaOperands as SSAOperands
+import semmle.code.cpp.ir.implementation.internal.TOperand::AliasedSsaOperands as SsaOperands
+
+/** DEPRECATED: Alias for SsaOperands */
+deprecated module SSAOperands = SsaOperands;

cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll

@@ -29,15 +29,15 @@ newtype TInstruction =
     UnaliasedSsa::SSA::hasUnreachedInstruction(irFunc)
   } or
   TAliasedSsaPhiInstruction(
-    TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation
+    TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation
   ) {
-    AliasedSSA::SSA::hasPhiInstruction(blockStartInstr, memoryLocation)
+    AliasedSsa::SSA::hasPhiInstruction(blockStartInstr, memoryLocation)
   } or
   TAliasedSsaChiInstruction(TRawInstruction primaryInstruction) {
-    AliasedSSA::SSA::hasChiInstruction(primaryInstruction)
+    AliasedSsa::SSA::hasChiInstruction(primaryInstruction)
   } or
   TAliasedSsaUnreachedInstruction(IRFunctionBase irFunc) {
-    AliasedSSA::SSA::hasUnreachedInstruction(irFunc)
+    AliasedSsa::SSA::hasUnreachedInstruction(irFunc)
   }
 
 /**
@@ -83,7 +83,7 @@ module AliasedSsaInstructions {
   class TPhiInstruction = TAliasedSsaPhiInstruction or TUnaliasedSsaPhiInstruction;
 
   TPhiInstruction phiInstruction(
-    TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation
+    TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation
   ) {
     result = TAliasedSsaPhiInstruction(blockStartInstr, memoryLocation)
   }

cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstructionInternal.qll

@@ -1,4 +1,7 @@
 import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as IRConstruction
 import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as UnaliasedSsa
-import semmle.code.cpp.ir.implementation.aliased_ssa.internal.SSAConstruction as AliasedSSA
+import semmle.code.cpp.ir.implementation.aliased_ssa.internal.SSAConstruction as AliasedSsa
+
+/** DEPRECATED: Alias for AliasedSsa */
+deprecated module AliasedSSA = AliasedSsa;

cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll

@@ -5,8 +5,8 @@ private import Imports::OperandTag
 private import Imports::Overlap
 private import Imports::TInstruction
 private import Imports::RawIR as RawIR
-private import SSAInstructions
-private import SSAOperands
+private import SsaInstructions
+private import SsaOperands
 private import NewIR
 
 private class OldBlock = Reachability::ReachableBlock;

cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll

@@ -3,7 +3,14 @@ import semmle.code.cpp.ir.implementation.raw.internal.reachability.ReachableBloc
 import semmle.code.cpp.ir.implementation.raw.internal.reachability.Dominance as Dominance
 import semmle.code.cpp.ir.implementation.unaliased_ssa.IR as NewIR
 import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as RawStage
-import semmle.code.cpp.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SSAInstructions
+import semmle.code.cpp.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SsaInstructions
+
+/** DEPRECATED: Alias for SsaInstructions */
+deprecated module SSAInstructions = SsaInstructions;
+
 import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 import SimpleSSA as Alias
-import semmle.code.cpp.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SSAOperands
+import semmle.code.cpp.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SsaOperands
+
+/** DEPRECATED: Alias for SsaOperands */
+deprecated module SSAOperands = SsaOperands;

cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll

@@ -21,7 +21,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
 
+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
   TExternalApiParameter(Function f, int index) {
     exists(UntrustedExternalApiDataNode n |
       f = n.getExternalFunction() and

cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll

@@ -21,7 +21,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
 
+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
   TExternalApiParameter(Function f, int index) {
     exists(UntrustedExternalApiDataNode n |
       f = n.getExternalFunction() and

cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql

@@ -17,8 +17,8 @@ import semmle.code.cpp.dataflow.DataFlow
 /**
  * A call to `SSL_get_verify_result`.
  */
-class SSLGetVerifyResultCall extends FunctionCall {
-  SSLGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" }
+class SslGetVerifyResultCall extends FunctionCall {
+  SslGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" }
 }
 
 /**
@@ -29,7 +29,7 @@ class VerifyResultConfig extends DataFlow::Configuration {
   VerifyResultConfig() { this = "VerifyResultConfig" }
 
   override predicate isSource(DataFlow::Node source) {
-    source.asExpr() instanceof SSLGetVerifyResultCall
+    source.asExpr() instanceof SslGetVerifyResultCall
   }
 
   override predicate isSink(DataFlow::Node sink) {

cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql

@@ -17,33 +17,33 @@ import semmle.code.cpp.controlflow.IRGuards
 /**
  * A call to `SSL_get_peer_certificate`.
  */
-class SSLGetPeerCertificateCall extends FunctionCall {
-  SSLGetPeerCertificateCall() {
+class SslGetPeerCertificateCall extends FunctionCall {
+  SslGetPeerCertificateCall() {
     getTarget().getName() = "SSL_get_peer_certificate" // SSL_get_peer_certificate(ssl)
   }
 
-  Expr getSSLArgument() { result = getArgument(0) }
+  Expr getSslArgument() { result = getArgument(0) }
 }
 
 /**
  * A call to `SSL_get_verify_result`.
  */
-class SSLGetVerifyResultCall extends FunctionCall {
-  SSLGetVerifyResultCall() {
+class SslGetVerifyResultCall extends FunctionCall {
+  SslGetVerifyResultCall() {
     getTarget().getName() = "SSL_get_verify_result" // SSL_get_peer_certificate(ssl)
   }
 
-  Expr getSSLArgument() { result = getArgument(0) }
+  Expr getSslArgument() { result = getArgument(0) }
 }
 
 /**
  * Holds if the SSL object passed into `SSL_get_peer_certificate` is checked with
  * `SSL_get_verify_result` entering `node`.
  */
-predicate resultIsChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode node) {
-  exists(Expr ssl, SSLGetVerifyResultCall check |
-    ssl = globalValueNumber(getCertCall.getSSLArgument()).getAnExpr() and
-    ssl = check.getSSLArgument() and
+predicate resultIsChecked(SslGetPeerCertificateCall getCertCall, ControlFlowNode node) {
+  exists(Expr ssl, SslGetVerifyResultCall check |
+    ssl = globalValueNumber(getCertCall.getSslArgument()).getAnExpr() and
+    ssl = check.getSslArgument() and
     node = check
   )
 }
@@ -53,7 +53,7 @@ predicate resultIsChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode
  * `0` on the edge `node1` to `node2`.
  */
 predicate certIsZero(
-  SSLGetPeerCertificateCall getCertCall, ControlFlowNode node1, ControlFlowNode node2
+  SslGetPeerCertificateCall getCertCall, ControlFlowNode node1, ControlFlowNode node2
 ) {
   exists(Expr cert | cert = globalValueNumber(getCertCall).getAnExpr() |
     exists(GuardCondition guard, Expr zero |
@@ -87,7 +87,7 @@ predicate certIsZero(
  * `SSL_get_verify_result` at `node`. Note that this is only computed at the call to
  * `SSL_get_peer_certificate` and at the start and end of `BasicBlock`s.
  */
-predicate certNotChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode node) {
+predicate certNotChecked(SslGetPeerCertificateCall getCertCall, ControlFlowNode node) {
   // cert is not checked at the call to `SSL_get_peer_certificate`
   node = getCertCall
   or
@@ -112,7 +112,7 @@ predicate certNotChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode
   )
 }
 
-from SSLGetPeerCertificateCall getCertCall, ControlFlowNode node
+from SslGetPeerCertificateCall getCertCall, ControlFlowNode node
 where
   certNotChecked(getCertCall, node) and
   node instanceof Function // (function exit)

cpp/ql/src/Security/CWE/CWE-497/SystemData.qll

@@ -47,14 +47,17 @@ class EnvData extends SystemData {
 /**
  * Data originating from a call to `mysql_get_client_info()`.
  */
-class SQLClientInfo extends SystemData {
-  SQLClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") }
+class SqlClientInfo extends SystemData {
+  SqlClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") }
 
   override DataFlow::Node getAnExpr() { result.asConvertedExpr() = this }
 
   override predicate isSensitive() { any() }
 }
 
+/** DEPRECATED: Alias for SqlClientInfo */
+deprecated class SQLClientInfo = SqlClientInfo;
+
 private predicate sqlConnectInfo(FunctionCall source, Expr use) {
   (
     source.getTarget().hasName("mysql_connect") or
@@ -66,14 +69,17 @@ private predicate sqlConnectInfo(FunctionCall source, Expr use) {
 /**
  * Data passed into an SQL connect function.
  */
-class SQLConnectInfo extends SystemData {
-  SQLConnectInfo() { sqlConnectInfo(this, _) }
+class SqlConnectInfo extends SystemData {
+  SqlConnectInfo() { sqlConnectInfo(this, _) }
 
   override DataFlow::Node getAnExpr() { sqlConnectInfo(this, result.asConvertedExpr()) }
 
   override predicate isSensitive() { any() }
 }
 
+/** DEPRECATED: Alias for SqlConnectInfo */
+deprecated class SQLConnectInfo = SqlConnectInfo;
+
 private predicate posixSystemInfo(FunctionCall source, DataFlow::Node use) {
   // size_t confstr(int name, char *buf, size_t len)
   //  - various OS / system strings, such as the libc version

cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll

@@ -13,7 +13,7 @@
 
 import cpp
 private import semmle.code.cpp.ir.dataflow.DataFlow::DataFlow as IRDataFlow
-private import semmle.code.cpp.dataflow.DataFlow::DataFlow as ASTDataFlow
+private import semmle.code.cpp.dataflow.DataFlow::DataFlow as AstDataFlow
 import TestUtilities.InlineExpectationsTest
 
 class IRFlowTest extends InlineExpectationsTest {
@@ -49,11 +49,11 @@ class AstFlowTest extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(
-      ASTDataFlow::Node source, ASTDataFlow::Node sink, ASTDataFlow::Configuration conf, int n
+      AstDataFlow::Node source, AstDataFlow::Node sink, AstDataFlow::Configuration conf, int n
     |
       tag = "ast" and
       conf.hasFlow(source, sink) and
-      n = strictcount(ASTDataFlow::Node otherSource | conf.hasFlow(otherSource, sink)) and
+      n = strictcount(AstDataFlow::Node otherSource | conf.hasFlow(otherSource, sink)) and
       (
         n = 1 and value = ""
         or

cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql

@@ -4,7 +4,7 @@
  */
 
 import cpp
-import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking
+import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking
 import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking
 import IRDefaultTaintTracking::TaintedWithPath as TaintedWithPath
 import TaintedWithPath::Private
@@ -17,7 +17,7 @@ predicate isSinkArgument(Element sink) {
   )
 }
 
-predicate astTaint(Expr source, Element sink) { ASTTaintTracking::tainted(source, sink) }
+predicate astTaint(Expr source, Element sink) { AstTaintTracking::tainted(source, sink) }
 
 class SourceConfiguration extends TaintedWithPath::TaintTrackingConfiguration {
   override predicate isSink(Element e) { isSinkArgument(e) }

cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql

@@ -5,7 +5,7 @@
  */
 
 import cpp
-import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking
+import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking
 import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking
 import IRDefaultTaintTracking::TaintedWithPath as TaintedWithPath
 import TestUtilities.InlineExpectationsTest
@@ -18,7 +18,7 @@ predicate argToSinkCall(Element sink) {
 }
 
 predicate astTaint(Expr source, Element sink) {
-  ASTTaintTracking::tainted(source, sink) and argToSinkCall(sink)
+  AstTaintTracking::tainted(source, sink) and argToSinkCall(sink)
 }
 
 class SourceConfiguration extends TaintedWithPath::TaintTrackingConfiguration {

cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql

@@ -1,11 +1,11 @@
 import cpp
 import semmle.code.cpp.security.Security
-import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking
+import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking
 import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking
 import TestUtilities.InlineExpectationsTest
 
 predicate astTaint(Expr source, Element sink, string globalVar) {
-  ASTTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != ""
+  AstTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != ""
 }
 
 predicate irTaint(Expr source, Element sink, string globalVar) {

csharp/ql/lib/change-notes/2022-08-22-xml-rename.md

@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
   The old name still exists as a deprecated alias.

csharp/ql/lib/semmle/code/asp/WebConfig.qll

@@ -94,14 +94,20 @@ class FormsElement extends XmlElement {
   /**
    * Gets attribute's `requireSSL` value.
    */
-  string getRequireSSL() {
+  string getRequireSsl() {
     result = this.getAttribute("requireSSL").getValue().trim().toLowerCase()
   }
 
+  /** DEPRECATED: Alias for getRequireSsl */
+  deprecated string getRequireSSL() { result = this.getRequireSsl() }
+
   /**
    * Holds if `requireSSL` value is true.
    */
-  predicate isRequireSSL() { this.getRequireSSL() = "true" }
+  predicate isRequireSsl() { this.getRequireSsl() = "true" }
+
+  /** DEPRECATED: Alias for isRequireSsl */
+  deprecated predicate isRequireSSL() { this.isRequireSsl() }
 }
 
 /** A `<httpCookies>` tag in an ASP.NET configuration file. */
@@ -123,17 +129,23 @@ class HttpCookiesElement extends XmlElement {
   /**
    * Gets attribute's `requireSSL` value.
    */
-  string getRequireSSL() {
+  string getRequireSsl() {
     result = this.getAttribute("requireSSL").getValue().trim().toLowerCase()
   }
 
+  /** DEPRECATED: Alias for getRequireSsl */
+  deprecated string getRequireSSL() { result = this.getRequireSsl() }
+
   /**
    * Holds if there is any chance that `requireSSL` is set to `true` either globally or for Forms.
    */
-  predicate isRequireSSL() {
-    this.getRequireSSL() = "true"
+  predicate isRequireSsl() {
+    this.getRequireSsl() = "true"
     or
-    not this.getRequireSSL() = "false" and // not set all, i.e. default
-    exists(FormsElement forms | forms.getFile() = this.getFile() | forms.isRequireSSL())
+    not this.getRequireSsl() = "false" and // not set all, i.e. default
+    exists(FormsElement forms | forms.getFile() = this.getFile() | forms.isRequireSsl())
   }
+
+  /** DEPRECATED: Alias for isRequireSsl */
+  deprecated predicate isRequireSSL() { this.isRequireSsl() }
 }

csharp/ql/lib/semmle/code/csharp/XML.qll

@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
   XmlElement getARootElement() { result = this.getAChild() }
 
   /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }
 
 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
  * <!ELEMENT lastName (#PCDATA)>
  * ```
  */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
   /** Gets the name of the root element of this DTD. */
   string getRoot() { xmlDTDs(this, result, _, _, _) }
 
@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
   }
 }
 
-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;
 
 /**
  * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
   string getPrefix() { xmlNs(this, result, _, _) }
 
   /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }
 
   /** Holds if this namespace has no prefix. */
   predicate isDefault() { this.getPrefix() = "" }
 
   override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
     or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
   }
 }
 

csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll

@@ -119,10 +119,13 @@ class MicrosoftOwinIOwinRequestClass extends Class {
   }
 
   /** Gets the `URI` property. */
-  Property getURIProperty() {
+  Property getUriProperty() {
     result = this.getAProperty() and
     result.hasName("URI")
   }
+
+  /** DEPRECATED: Alias for getUriProperty */
+  deprecated Property getURIProperty() { result = this.getUriProperty() }
 }
 
 /** A `Microsoft.Owin.*String` class. */

csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll

@@ -102,7 +102,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
 
+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
   TExternalApiParameter(Callable m, int index) {
     exists(UntrustedExternalApiDataNode n |
       m = n.getCallable().getUnboundDeclaration() and

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll

@@ -146,7 +146,7 @@ class MicrosoftOwinRequestRemoteFlowSource extends RemoteFlowSource, DataFlow::E
       p = owinRequest.getQueryStringProperty() or
       p = owinRequest.getRemoteIpAddressProperty() or
       p = owinRequest.getSchemeProperty() or
-      p = owinRequest.getURIProperty()
+      p = owinRequest.getUriProperty()
     )
   }
 

csharp/ql/src/Security Features/CWE-614/RequireSSL.ql

@@ -22,9 +22,9 @@ import semmle.code.csharp.frameworks.system.Web
 from XmlElement element
 where
   element instanceof FormsElement and
-  not element.(FormsElement).isRequireSSL()
+  not element.(FormsElement).isRequireSsl()
   or
   element instanceof HttpCookiesElement and
-  not element.(HttpCookiesElement).isRequireSSL() and
+  not element.(HttpCookiesElement).isRequireSsl() and
   not any(SystemWebHttpCookie c).getSecureProperty().getAnAssignedValue().getValue() = "true"
 select element, "The 'requireSSL' attribute is not set to 'true'."

csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql

@@ -66,10 +66,10 @@ where
         // the `exists` below covers the `cs/web/requiressl-not-set`
         not exists(XmlElement element |
           element instanceof FormsElement and
-          element.(FormsElement).isRequireSSL()
+          element.(FormsElement).isRequireSsl()
           or
           element instanceof HttpCookiesElement and
-          element.(HttpCookiesElement).isRequireSSL()
+          element.(HttpCookiesElement).isRequireSsl()
         )
       )
     )

csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll

@@ -29,15 +29,15 @@ newtype TInstruction =
     UnaliasedSsa::SSA::hasUnreachedInstruction(irFunc)
   } or
   TAliasedSsaPhiInstruction(
-    TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation
+    TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation
   ) {
-    AliasedSSA::SSA::hasPhiInstruction(blockStartInstr, memoryLocation)
+    AliasedSsa::SSA::hasPhiInstruction(blockStartInstr, memoryLocation)
   } or
   TAliasedSsaChiInstruction(TRawInstruction primaryInstruction) {
-    AliasedSSA::SSA::hasChiInstruction(primaryInstruction)
+    AliasedSsa::SSA::hasChiInstruction(primaryInstruction)
   } or
   TAliasedSsaUnreachedInstruction(IRFunctionBase irFunc) {
-    AliasedSSA::SSA::hasUnreachedInstruction(irFunc)
+    AliasedSsa::SSA::hasUnreachedInstruction(irFunc)
   }
 
 /**
@@ -83,7 +83,7 @@ module AliasedSsaInstructions {
   class TPhiInstruction = TAliasedSsaPhiInstruction or TUnaliasedSsaPhiInstruction;
 
   TPhiInstruction phiInstruction(
-    TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation
+    TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation
   ) {
     result = TAliasedSsaPhiInstruction(blockStartInstr, memoryLocation)
   }

csharp/ql/src/experimental/ir/implementation/internal/TInstructionInternal.qll

@@ -1,4 +1,7 @@
 import experimental.ir.internal.IRCSharpLanguage as Language
 import experimental.ir.implementation.raw.internal.IRConstruction as IRConstruction
 import experimental.ir.implementation.unaliased_ssa.internal.SSAConstruction as UnaliasedSsa
-import AliasedSSAStub as AliasedSSA
+import AliasedSSAStub as AliasedSsa
+
+/** DEPRECATED: Alias for AliasedSsa */
+deprecated module AliasedSSA = AliasedSsa;

csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll

@@ -5,8 +5,8 @@ private import Imports::OperandTag
 private import Imports::Overlap
 private import Imports::TInstruction
 private import Imports::RawIR as RawIR
-private import SSAInstructions
-private import SSAOperands
+private import SsaInstructions
+private import SsaOperands
 private import NewIR
 
 private class OldBlock = Reachability::ReachableBlock;

csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll

@@ -3,7 +3,14 @@ import experimental.ir.implementation.raw.internal.reachability.ReachableBlock a
 import experimental.ir.implementation.raw.internal.reachability.Dominance as Dominance
 import experimental.ir.implementation.unaliased_ssa.IR as NewIR
 import experimental.ir.implementation.raw.internal.IRConstruction as RawStage
-import experimental.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SSAInstructions
+import experimental.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SsaInstructions
+
+/** DEPRECATED: Alias for SsaInstructions */
+deprecated module SSAInstructions = SsaInstructions;
+
 import experimental.ir.internal.IRCSharpLanguage as Language
 import SimpleSSA as Alias
-import experimental.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SSAOperands
+import experimental.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SsaOperands
+
+/** DEPRECATED: Alias for SsaOperands */
+deprecated module SSAOperands = SsaOperands;

go/ql/lib/semmle/go/frameworks/Couchbase.qll

@@ -62,7 +62,7 @@ module Couchbase {
    * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
    * the official Couchbase Go library, gocb.
    */
-  private class CouchbaseV1Query extends NoSQL::Query::Range {
+  private class CouchbaseV1Query extends NoSql::Query::Range {
     CouchbaseV1Query() {
       // func (b *Bucket) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
       // func (b *Bucket) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
@@ -81,7 +81,7 @@ module Couchbase {
    * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
    * the official Couchbase Go library, gocb.
    */
-  private class CouchbaseV2Query extends NoSQL::Query::Range {
+  private class CouchbaseV2Query extends NoSql::Query::Range {
     CouchbaseV2Query() {
       // func (c *Cluster) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
       // func (c *Cluster) Query(statement string, opts *QueryOptions) (*QueryResult, error)

go/ql/lib/semmle/go/frameworks/K8sIoApimachineryPkgRuntime.qll

@@ -43,8 +43,8 @@ module K8sIoApimachineryPkgRuntime {
     }
   }
 
-  private class DeepCopyJSON extends TaintTracking::FunctionModel {
-    DeepCopyJSON() { this.hasQualifiedName(packagePath(), ["DeepCopyJSON", "DeepCopyJSONValue"]) }
+  private class DeepCopyJson extends TaintTracking::FunctionModel {
+    DeepCopyJson() { this.hasQualifiedName(packagePath(), ["DeepCopyJSON", "DeepCopyJSONValue"]) }
 
     override predicate hasTaintFlow(DataFlow::FunctionInput inp, DataFlow::FunctionOutput outp) {
       inp.isParameter(0) and outp.isResult()

go/ql/lib/semmle/go/frameworks/NoSQL.qll

@@ -4,8 +4,8 @@
 
 import go
 
-/** Provides classes for working with NoSQL-related APIs. */
-module NoSQL {
+/** Provides classes for working with NoSql-related APIs. */
+module NoSql {
   /**
    * A data-flow node whose value is interpreted as (part of) a NoSQL query.
    *
@@ -18,7 +18,7 @@ module NoSQL {
     Query() { this = self }
   }
 
-  /** Provides classes for working with NoSQL queries. */
+  /** Provides classes for working with NoSql queries. */
   module Query {
     /**
      * A data-flow node whose value is interpreted as (part of) a NoSQL query.
@@ -119,3 +119,6 @@ module NoSQL {
     )
   }
 }
+
+/** DEPRECATED: Alias for NoSql */
+deprecated module NoSQL = NoSql;

go/ql/lib/semmle/go/frameworks/Stdlib.qll

@@ -69,9 +69,9 @@ import semmle.go.frameworks.stdlib.TextTemplate
 /** A `String()` method. */
 class StringMethod extends TaintTracking::FunctionModel, Method {
   StringMethod() {
-    getName() = "String" and
-    getNumParameter() = 0 and
-    getResultType(0) = Builtin::string_().getType()
+    this.getName() = "String" and
+    this.getNumParameter() = 0 and
+    this.getResultType(0) = Builtin::string_().getType()
   }
 
   override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
@@ -132,7 +132,8 @@ module URL {
   /** The `PathEscape` or `QueryEscape` function. */
   class Escaper extends TaintTracking::FunctionModel {
     Escaper() {
-      hasQualifiedName("net/url", "PathEscape") or hasQualifiedName("net/url", "QueryEscape")
+      this.hasQualifiedName("net/url", "PathEscape") or
+      this.hasQualifiedName("net/url", "QueryEscape")
     }
 
     override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
@@ -143,7 +144,8 @@ module URL {
   /** The `PathUnescape` or `QueryUnescape` function. */
   class Unescaper extends TaintTracking::FunctionModel {
     Unescaper() {
-      hasQualifiedName("net/url", "PathUnescape") or hasQualifiedName("net/url", "QueryUnescape")
+      this.hasQualifiedName("net/url", "PathUnescape") or
+      this.hasQualifiedName("net/url", "QueryUnescape")
     }
 
     override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
@@ -154,10 +156,10 @@ module URL {
   /** The `Parse`, `ParseQuery` or `ParseRequestURI` function, or the `URL.Parse` method. */
   class Parser extends TaintTracking::FunctionModel {
     Parser() {
-      hasQualifiedName("net/url", "Parse") or
+      this.hasQualifiedName("net/url", "Parse") or
       this.(Method).hasQualifiedName("net/url", "URL", "Parse") or
-      hasQualifiedName("net/url", "ParseQuery") or
-      hasQualifiedName("net/url", "ParseRequestURI")
+      this.hasQualifiedName("net/url", "ParseQuery") or
+      this.hasQualifiedName("net/url", "ParseRequestURI")
     }
 
     override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
@@ -192,7 +194,7 @@ module URL {
   /** A method that returns a part of a URL. */
   class UrlGetter extends TaintTracking::FunctionModel, Method {
     UrlGetter() {
-      exists(string m | hasQualifiedName("net/url", "URL", m) |
+      exists(string m | this.hasQualifiedName("net/url", "URL", m) |
         m = ["EscapedPath", "Hostname", "Port", "Query", "RequestURI"]
       )
     }
@@ -204,7 +206,7 @@ module URL {
 
   /** The method `URL.MarshalBinary`. */
   class UrlMarshalBinary extends TaintTracking::FunctionModel, Method {
-    UrlMarshalBinary() { hasQualifiedName("net/url", "URL", "MarshalBinary") }
+    UrlMarshalBinary() { this.hasQualifiedName("net/url", "URL", "MarshalBinary") }
 
     override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
       inp.isReceiver() and outp.isResult(0)
@@ -213,7 +215,7 @@ module URL {
 
   /** The method `URL.ResolveReference`. */
   class UrlResolveReference extends TaintTracking::FunctionModel, Method {
-    UrlResolveReference() { hasQualifiedName("net/url", "URL", "ResolveReference") }
+    UrlResolveReference() { this.hasQualifiedName("net/url", "URL", "ResolveReference") }
 
     override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
       (inp.isReceiver() or inp.isParameter(0)) and
@@ -224,8 +226,8 @@ module URL {
   /** The function `User` or `UserPassword`. */
   class UserinfoConstructor extends TaintTracking::FunctionModel {
     UserinfoConstructor() {
-      hasQualifiedName("net/url", "User") or
-      hasQualifiedName("net/url", "UserPassword")
+      this.hasQualifiedName("net/url", "User") or
+      this.hasQualifiedName("net/url", "UserPassword")
     }
 
     override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
@@ -236,7 +238,7 @@ module URL {
   /** A method that returns a part of a Userinfo struct. */
   class UserinfoGetter extends TaintTracking::FunctionModel, Method {
     UserinfoGetter() {
-      exists(string m | hasQualifiedName("net/url", "Userinfo", m) |
+      exists(string m | this.hasQualifiedName("net/url", "Userinfo", m) |
         m = "Password" or
         m = "Username"
       )
@@ -250,7 +252,7 @@ module URL {
   /** A method that returns all or part of a Values map. */
   class ValuesGetter extends TaintTracking::FunctionModel, Method {
     ValuesGetter() {
-      exists(string m | hasQualifiedName("net/url", "Values", m) |
+      exists(string m | this.hasQualifiedName("net/url", "Values", m) |
         m = "Encode" or
         m = "Get"
       )

go/ql/lib/semmle/go/frameworks/WebSocket.qll

@@ -288,8 +288,8 @@ module WebSocketReader {
   /**
    * The `ServerWebSocket.MessageReceiveJSON` method of the `github.com/revel/revel` package.
    */
-  private class RevelServerWebSocketMessageReceiveJSON extends Range, Method {
-    RevelServerWebSocketMessageReceiveJSON() {
+  private class RevelServerWebSocketMessageReceiveJson extends Range, Method {
+    RevelServerWebSocketMessageReceiveJson() {
       // func MessageReceiveJSON(v interface{}) error
       this.hasQualifiedName(Revel::packagePath(), "ServerWebSocket", "MessageReceiveJSON")
     }

go/ql/lib/semmle/go/security/ExternalAPIs.qll

@@ -14,15 +14,18 @@ private import Logrus
 /**
  * A `Function` that is considered a "safe" external API from a security perspective.
  */
-abstract class SafeExternalAPIFunction extends Function { }
+abstract class SafeExternalApiFunction extends Function { }
+
+/** DEPRECATED: Alias for SafeExternalApiFunction */
+deprecated class SafeExternalAPIFunction = SafeExternalApiFunction;
 
 private predicate isDefaultSafePackage(Package package) {
   package.getPath() in ["time", "unicode/utf8", package("gopkg.in/go-playground/validator", "")]
 }
 
 /** The default set of "safe" external APIs. */
-private class DefaultSafeExternalAPIFunction extends SafeExternalAPIFunction {
-  DefaultSafeExternalAPIFunction() {
+private class DefaultSafeExternalApiFunction extends SafeExternalApiFunction {
+  DefaultSafeExternalApiFunction() {
     this instanceof BuiltinFunction or
     isDefaultSafePackage(this.getPackage()) or
     this.hasQualifiedName(package("gopkg.in/square/go-jose", "jwt"), "ParseSigned") or
@@ -52,11 +55,11 @@ private predicate isProbableLocalFunctionPointer(DataFlow::CallNode callNode) {
 }
 
 /** A node representing data being passed to an external API. */
-class ExternalAPIDataNode extends DataFlow::Node {
+class ExternalApiDataNode extends DataFlow::Node {
   DataFlow::CallNode call;
   int i;
 
-  ExternalAPIDataNode() {
+  ExternalApiDataNode() {
     (
       // Argument to call to a function
       this = call.getArgument(i)
@@ -74,7 +77,7 @@ class ExternalAPIDataNode extends DataFlow::Node {
     // Not already modeled as a taint step
     not exists(DataFlow::Node next | TaintTracking::localTaintStep(this, next)) and
     // Not a call to a known safe external API
-    not call.getTarget() instanceof SafeExternalAPIFunction
+    not call.getTarget() instanceof SafeExternalApiFunction
   }
 
   /** Gets the called API `Function`. */
@@ -102,6 +105,9 @@ class ExternalAPIDataNode extends DataFlow::Node {
   }
 }
 
+/** DEPRECATED: Alias for ExternalApiDataNode */
+deprecated class ExternalAPIDataNode = ExternalApiDataNode;
+
 /** Gets the name of a method in package `p` which has a function model. */
 TaintTracking::FunctionModel getAMethodModelInPackage(Package p) {
   p = result.getPackage() and
@@ -140,8 +146,8 @@ predicate isACommonSink(DataFlow::Node n) {
 }
 
 /** A node representing data being passed to an unknown external API. */
-class UnknownExternalAPIDataNode extends ExternalAPIDataNode {
-  UnknownExternalAPIDataNode() {
+class UnknownExternalApiDataNode extends ExternalApiDataNode {
+  UnknownExternalApiDataNode() {
     // Not a sink for a commonly-used query
     not isACommonSink(this) and
     // Not in a package that has some functions modeled
@@ -149,47 +155,61 @@ class UnknownExternalAPIDataNode extends ExternalAPIDataNode {
   }
 }
 
-/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalAPIDataNode`s. */
-class UntrustedDataToExternalAPIConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalAPIConfig() { this = "UntrustedDataToExternalAPIConfig" }
+/** DEPRECATED: Alias for UnknownExternalApiDataNode */
+deprecated class UnknownExternalAPIDataNode = UnknownExternalApiDataNode;
+
+/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
+class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
+  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
 
   override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalAPIDataNode }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
 
-/** A configuration for tracking flow from `RemoteFlowSource`s to `UnknownExternalAPIDataNode`s. */
-class UntrustedDataToUnknownExternalAPIConfig extends TaintTracking::Configuration {
-  UntrustedDataToUnknownExternalAPIConfig() { this = "UntrustedDataToUnknownExternalAPIConfig" }
+/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */
+deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig;
+
+/** A configuration for tracking flow from `RemoteFlowSource`s to `UnknownExternalApiDataNode`s. */
+class UntrustedDataToUnknownExternalApiConfig extends TaintTracking::Configuration {
+  UntrustedDataToUnknownExternalApiConfig() { this = "UntrustedDataToUnknownExternalAPIConfig" }
 
   override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalAPIDataNode }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode }
 }
 
+/** DEPRECATED: Alias for UntrustedDataToUnknownExternalApiConfig */
+deprecated class UntrustedDataToUnknownExternalAPIConfig = UntrustedDataToUnknownExternalApiConfig;
+
 /** A node representing untrusted data being passed to an external API. */
-class UntrustedExternalAPIDataNode extends ExternalAPIDataNode {
-  UntrustedExternalAPIDataNode() { any(UntrustedDataToExternalAPIConfig c).hasFlow(_, this) }
+class UntrustedExternalApiDataNode extends ExternalApiDataNode {
+  UntrustedExternalApiDataNode() { any(UntrustedDataToExternalApiConfig c).hasFlow(_, this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() {
-    any(UntrustedDataToExternalAPIConfig c).hasFlow(result, this)
+    any(UntrustedDataToExternalApiConfig c).hasFlow(result, this)
   }
 }
 
-private newtype TExternalAPI =
-  TExternalAPIParameter(Function m, int index) {
-    exists(UntrustedExternalAPIDataNode n |
+/** DEPRECATED: Alias for UntrustedExternalApiDataNode */
+deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
+
+/** An external API which is used with untrusted data. */
+private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
+  TExternalApiParameter(Function m, int index) {
+    exists(UntrustedExternalApiDataNode n |
       m = n.getFunction() and
       index = n.getIndex()
     )
   }
 
 /** An external API which is used with untrusted data. */
-class ExternalAPIUsedWithUntrustedData extends TExternalAPI {
+class ExternalApiUsedWithUntrustedData extends TExternalApi {
   /** Gets a possibly untrusted use of this external API. */
-  UntrustedExternalAPIDataNode getUntrustedDataNode() {
-    this = TExternalAPIParameter(result.getFunction(), result.getIndex())
+  UntrustedExternalApiDataNode getUntrustedDataNode() {
+    this = TExternalApiParameter(result.getFunction(), result.getIndex())
   }
 
   /** Gets the number of untrusted sources used with this external API. */
@@ -202,10 +222,13 @@ class ExternalAPIUsedWithUntrustedData extends TExternalAPI {
     exists(Function f, int index, string indexString |
       if index = -1 then indexString = "receiver" else indexString = "param " + index
     |
-      this = TExternalAPIParameter(f, index) and
+      this = TExternalApiParameter(f, index) and
       if exists(f.getQualifiedName())
       then result = f.getQualifiedName() + " [" + indexString + "]"
       else result = f.getName() + " [" + indexString + "]"
     )
   }
 }
+
+/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
+deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;

go/ql/lib/semmle/go/security/SqlInjection.qll

@@ -24,7 +24,7 @@ module SqlInjection {
     override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
     override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      NoSQL::isAdditionalMongoTaintStep(pred, succ)
+      NoSql::isAdditionalMongoTaintStep(pred, succ)
     }
 
     override predicate isSanitizer(DataFlow::Node node) {

go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll

@@ -42,8 +42,8 @@ module SqlInjection {
     SqlQueryAsSink() { this instanceof SQL::QueryString }
   }
 
-  /** A NoSQL query, considered as a taint sink for SQL injection. */
+  /** A NoSql query, considered as a taint sink for SQL injection. */
   class NoSqlQueryAsSink extends Sink {
-    NoSqlQueryAsSink() { this instanceof NoSQL::Query }
+    NoSqlQueryAsSink() { this instanceof NoSql::Query }
   }
 }

go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql

@@ -11,7 +11,7 @@
 import go
 import semmle.go.security.ExternalAPIs
 
-from ExternalAPIUsedWithUntrustedData externalAPI
-select externalAPI, count(externalAPI.getUntrustedDataNode()) as numberOfUses,
-  externalAPI.getNumberOfUntrustedSources() as numberOfUntrustedSources order by
+from ExternalApiUsedWithUntrustedData externalApi
+select externalApi, count(externalApi.getUntrustedDataNode()) as numberOfUses,
+  externalApi.getNumberOfUntrustedSources() as numberOfUntrustedSources order by
     numberOfUntrustedSources desc

go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql

@@ -13,8 +13,8 @@ import go
 import semmle.go.security.ExternalAPIs
 import DataFlow::PathGraph
 
-from UntrustedDataToExternalAPIConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
+from UntrustedDataToExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink, source, sink,
-  "Call to " + sink.getNode().(ExternalAPIDataNode).getFunctionDescription() +
+  "Call to " + sink.getNode().(ExternalApiDataNode).getFunctionDescription() +
     " with untrusted data from $@.", source, source.toString()

go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql

@@ -14,8 +14,8 @@ import semmle.go.security.ExternalAPIs
 import DataFlow::PathGraph
 
 from
-  UntrustedDataToUnknownExternalAPIConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
+  UntrustedDataToUnknownExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink, source, sink,
-  "Call to " + sink.getNode().(UnknownExternalAPIDataNode).getFunctionDescription() +
+  "Call to " + sink.getNode().(UnknownExternalApiDataNode).getFunctionDescription() +
     " with untrusted data from $@.", source, source.toString()

go/ql/src/Security/CWE-352/ConstantOauth2State.ql

@@ -18,8 +18,8 @@ import DataFlow::PathGraph
  * A method that creates a new URL that will send the user
  * to the OAuth 2.0 authorization dialog of the provider.
  */
-class AuthCodeURL extends Method {
-  AuthCodeURL() {
+class AuthCodeUrl extends Method {
+  AuthCodeUrl() {
     this.hasQualifiedName(package("golang.org/x/oauth2", ""), "Config", "AuthCodeURL")
   }
 }
@@ -32,7 +32,7 @@ class ConstantStateFlowConf extends DataFlow::Configuration {
   ConstantStateFlowConf() { this = "ConstantStateFlowConf" }
 
   predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) {
-    exists(AuthCodeURL m | call = m.getACall() | sink = call.getArgument(0))
+    exists(AuthCodeUrl m | call = m.getACall() | sink = call.getArgument(0))
   }
 
   override predicate isSource(DataFlow::Node source) {
@@ -110,7 +110,7 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration {
   }
 
   predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) {
-    exists(AuthCodeURL m | call = m.getACall() | sink = call.getReceiver())
+    exists(AuthCodeUrl m | call = m.getACall() | sink = call.getReceiver())
   }
 
   override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) }
@@ -130,7 +130,7 @@ predicate privateUrlFlowsToAuthCodeUrlCall(DataFlow::CallNode call) {
   )
 }
 
-/** A flow from `golang.org/x/oauth2.Config.AuthCodeURL`'s result to a logging function. */
+/** A flow from `golang.org/x/oauth2.Config.AuthCodeUrl`'s result to a logging function. */
 class FlowToPrint extends DataFlow::Configuration {
   FlowToPrint() { this = "FlowToPrint" }
 
@@ -139,17 +139,17 @@ class FlowToPrint extends DataFlow::Configuration {
   }
 
   override predicate isSource(DataFlow::Node source) {
-    source = any(AuthCodeURL m).getACall().getResult()
+    source = any(AuthCodeUrl m).getACall().getResult()
   }
 
   override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) }
 }
 
 /** Holds if the provided `CallNode`'s result flows to an argument of a printer call. */
-predicate resultFlowsToPrinter(DataFlow::CallNode authCodeURLCall) {
+predicate resultFlowsToPrinter(DataFlow::CallNode authCodeUrlCall) {
   exists(FlowToPrint cfg, DataFlow::PathNode source, DataFlow::PathNode sink |
     cfg.hasFlowPath(source, sink) and
-    authCodeURLCall.getResult() = source.getNode()
+    authCodeUrlCall.getResult() = source.getNode()
   )
 }
 
@@ -188,9 +188,9 @@ predicate containsCallToStdinScanner(FuncDef funcDef) { getAScannerCall().getRoo
  * and a call to a scanner (`fmt.Scan` and similar),
  * all of which are typically done within a terminal session.
  */
-predicate seemsLikeDoneWithinATerminal(DataFlow::CallNode authCodeURLCall) {
-  resultFlowsToPrinter(authCodeURLCall) and
-  containsCallToStdinScanner(authCodeURLCall.getRoot())
+predicate seemsLikeDoneWithinATerminal(DataFlow::CallNode authCodeUrlCall) {
+  resultFlowsToPrinter(authCodeUrlCall) and
+  containsCallToStdinScanner(authCodeUrlCall.getRoot())
 }
 
 from

go/ql/test/library-tests/semmle/go/frameworks/NoSQL/Query.ql

@@ -1,13 +1,13 @@
 import go
 import TestUtilities.InlineExpectationsTest
 
-class NoSQLQueryTest extends InlineExpectationsTest {
-  NoSQLQueryTest() { this = "NoSQLQueryTest" }
+class NoSqlQueryTest extends InlineExpectationsTest {
+  NoSqlQueryTest() { this = "NoSQLQueryTest" }
 
   override string getARelevantTag() { result = "nosqlquery" }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(NoSQL::Query q |
+    exists(NoSql::Query q |
       q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
         location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = q.toString() and

go/ql/test/library-tests/semmle/go/frameworks/SQL/QueryString.ql

@@ -1,8 +1,8 @@
 import go
 import TestUtilities.InlineExpectationsTest
 
-class SQLTest extends InlineExpectationsTest {
-  SQLTest() { this = "SQLTest" }
+class SqlTest extends InlineExpectationsTest {
+  SqlTest() { this = "SQLTest" }
 
   override string getARelevantTag() { result = "query" }
 

java/ql/lib/change-notes/2022-08-22-xml-rename.md

@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
   The old name still exists as a deprecated alias.

java/ql/lib/semmle/code/java/J2EE.qll

@@ -19,33 +19,45 @@ class EnterpriseBean extends RefType {
 }
 
 /** A local EJB home interface. */
-class LocalEJBHomeInterface extends Interface {
-  LocalEJBHomeInterface() {
+class LocalEjbHomeInterface extends Interface {
+  LocalEjbHomeInterface() {
     exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalHome") | this.hasSupertype+(i))
   }
 }
 
+/** DEPRECATED: Alias for LocalEjbHomeInterface */
+deprecated class LocalEJBHomeInterface = LocalEjbHomeInterface;
+
 /** A remote EJB home interface. */
-class RemoteEJBHomeInterface extends Interface {
-  RemoteEJBHomeInterface() {
+class RemoteEjbHomeInterface extends Interface {
+  RemoteEjbHomeInterface() {
     exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBHome") | this.hasSupertype+(i))
   }
 }
 
+/** DEPRECATED: Alias for RemoteEjbHomeInterface */
+deprecated class RemoteEJBHomeInterface = RemoteEjbHomeInterface;
+
 /** A local EJB interface. */
-class LocalEJBInterface extends Interface {
-  LocalEJBInterface() {
+class LocalEjbInterface extends Interface {
+  LocalEjbInterface() {
     exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalObject") | this.hasSupertype+(i))
   }
 }
 
+/** DEPRECATED: Alias for LocalEjbInterface */
+deprecated class LocalEJBInterface = LocalEjbInterface;
+
 /** A remote EJB interface. */
-class RemoteEJBInterface extends Interface {
-  RemoteEJBInterface() {
+class RemoteEjbInterface extends Interface {
+  RemoteEjbInterface() {
     exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBObject") | this.hasSupertype+(i))
   }
 }
 
+/** DEPRECATED: Alias for RemoteEjbInterface */
+deprecated class RemoteEJBInterface = RemoteEjbInterface;
+
 /** A message bean. */
 class MessageBean extends Class {
   MessageBean() {

java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll

@@ -314,21 +314,27 @@ class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructed
 /**
  * Entry point for EJB home interfaces.
  */
-class EJBHome extends Interface, EntryPoint {
-  EJBHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") }
+class EjbHome extends Interface, EntryPoint {
+  EjbHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") }
 
   override Callable getALiveCallable() { result = this.getACallable() }
 }
 
+/** DEPRECATED: Alias for EjbHome */
+deprecated class EJBHome = EjbHome;
+
 /**
  * Entry point for EJB object interfaces.
  */
-class EJBObject extends Interface, EntryPoint {
-  EJBObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") }
+class EjbObject extends Interface, EntryPoint {
+  EjbObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") }
 
   override Callable getALiveCallable() { result = this.getACallable() }
 }
 
+/** DEPRECATED: Alias for EjbObject */
+deprecated class EJBObject = EjbObject;
+
 class GsonDeserializationEntryPoint extends ReflectivelyConstructedClass {
   GsonDeserializationEntryPoint() {
     // Assume any class with a gson annotated field can be deserialized.

java/ql/lib/semmle/code/java/frameworks/Camel.qll

@@ -10,19 +10,22 @@ import semmle.code.java.frameworks.camel.CamelJavaAnnotations
 /**
  * A string describing a URI specified in an Apache Camel "to" declaration.
  */
-class CamelToURI extends string {
-  CamelToURI() {
-    exists(SpringCamelXmlToElement toXmlElement | this = toXmlElement.getURI()) or
-    exists(CamelJavaDSLToDecl toJavaDSL | this = toJavaDSL.getURI())
+class CamelToUri extends string {
+  CamelToUri() {
+    exists(SpringCamelXmlToElement toXmlElement | this = toXmlElement.getUri()) or
+    exists(CamelJavaDSLToDecl toJavaDSL | this = toJavaDSL.getUri())
   }
 }
 
+/** DEPRECATED: Alias for CamelToUri */
+deprecated class CamelToURI = CamelToUri;
+
 /**
  * A string describing a URI specified in an Apache Camel "to" declaration that maps to a
  * SpringBean.
  */
-class CamelToBeanURI extends CamelToURI {
-  CamelToBeanURI() {
+class CamelToBeanUri extends CamelToUri {
+  CamelToBeanUri() {
     // A `<to>` element references a bean if the URI starts with "bean:", or there is no scheme.
     matches("bean:%") or
     not exists(indexOf(":"))
@@ -51,6 +54,9 @@ class CamelToBeanURI extends CamelToURI {
   SpringBean getRefBean() { result.getBeanIdentifier() = this.getBeanIdentifier() }
 }
 
+/** DEPRECATED: Alias for CamelToBeanUri */
+deprecated class CamelToBeanURI = CamelToBeanUri;
+
 /**
  * A Class whose methods may be called in response to an Apache Camel message.
  */
@@ -64,7 +70,7 @@ class CamelTargetClass extends Class {
       this = camelXmlBeanRef.getBeanType()
     )
     or
-    exists(CamelToBeanURI toBeanURI | this = toBeanURI.getRefBean().getClass())
+    exists(CamelToBeanUri toBeanUri | this = toBeanUri.getRefBean().getClass())
     or
     exists(SpringCamelXmlMethodElement xmlMethod |
       this = xmlMethod.getRefBean().getClass() or

java/ql/lib/semmle/code/java/frameworks/Servlets.qll

@@ -134,14 +134,17 @@ deprecated class HttpServletRequestGetRequestURLMethod = HttpServletRequestGetRe
 /**
  * The method `getRequestURI()` declared in `javax.servlet.http.HttpServletRequest`.
  */
-class HttpServletRequestGetRequestURIMethod extends Method {
-  HttpServletRequestGetRequestURIMethod() {
+class HttpServletRequestGetRequestUriMethod extends Method {
+  HttpServletRequestGetRequestUriMethod() {
     this.getDeclaringType() instanceof HttpServletRequest and
     this.hasName("getRequestURI") and
     this.getNumberOfParameters() = 0
   }
 }
 
+/** DEPRECATED: Alias for HttpServletRequestGetRequestUriMethod */
+deprecated class HttpServletRequestGetRequestURIMethod = HttpServletRequestGetRequestUriMethod;
+
 /**
  * The method `getRemoteUser()` declared in `javax.servlet.http.HttpServletRequest`.
  */

java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll

@@ -41,7 +41,10 @@ class CamelJavaDSLToDecl extends ProcessorDefinitionElement {
   /**
    * Gets the URI specified by this `to` declaration.
    */
-  string getURI() { result = getArgument(0).(CompileTimeConstantExpr).getStringValue() }
+  string getUri() { result = getArgument(0).(CompileTimeConstantExpr).getStringValue() }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = getUri() }
 }
 
 /**

java/ql/lib/semmle/code/java/frameworks/gwt/GWT.qll

@@ -92,19 +92,25 @@ private predicate jsniComment(Javadoc jsni, Method m) {
  * A JavaScript Native Interface (JSNI) comment that contains JavaScript code
  * implementing a native method.
  */
-class JSNIComment extends Javadoc {
-  JSNIComment() { jsniComment(this, _) }
+class JsniComment extends Javadoc {
+  JsniComment() { jsniComment(this, _) }
 
   /** Gets the method implemented by this comment. */
   Method getImplementedMethod() { jsniComment(this, result) }
 }
 
+/** DEPRECATED: Alias for JsniComment */
+deprecated class JSNIComment = JsniComment;
+
 /**
  * A JavaScript Native Interface (JSNI) method.
  */
-class JSNIMethod extends Method {
-  JSNIMethod() { jsniComment(_, this) }
+class JsniMethod extends Method {
+  JsniMethod() { jsniComment(_, this) }
 
   /** Gets the comment containing the JavaScript code for this method. */
-  JSNIComment getImplementation() { jsniComment(result, this) }
+  JsniComment getImplementation() { jsniComment(result, this) }
 }
+
+/** DEPRECATED: Alias for JsniMethod */
+deprecated class JSNIMethod = JsniMethod;

java/ql/lib/semmle/code/java/frameworks/gwt/GwtUiBinderXml.qll

@@ -17,7 +17,7 @@ class GwtUiBinderTemplateElement extends XmlElement {
   GwtUiBinderTemplateElement() {
     this.getParent() instanceof GwtUiTemplateXmlFile and
     this.getName() = "UiBinder" and
-    this.getNamespace().getURI() = "urn:ui:com.google.gwt.uibinder"
+    this.getNamespace().getUri() = "urn:ui:com.google.gwt.uibinder"
   }
 }
 
@@ -27,7 +27,7 @@ class GwtUiBinderTemplateElement extends XmlElement {
 class GwtComponentTemplateElement extends XmlElement {
   GwtComponentTemplateElement() {
     exists(GwtUiBinderTemplateElement templateElement | this = templateElement.getAChild*() |
-      this.getNamespace().getURI().substring(0, 10) = "urn:import"
+      this.getNamespace().getUri().substring(0, 10) = "urn:import"
     )
   }
 
@@ -36,7 +36,7 @@ class GwtComponentTemplateElement extends XmlElement {
    */
   Class getClass() {
     exists(string namespace |
-      namespace = this.getNamespace().getURI() and
+      namespace = this.getNamespace().getUri() and
       result.getQualifiedName() = namespace.substring(11, namespace.length()) + "." + this.getName()
     )
   }

java/ql/lib/semmle/code/java/frameworks/j2objc/J2ObjC.qll

@@ -7,8 +7,8 @@ import java
 /**
  * An Objective-C Native Interface (OCNI) comment.
  */
-class OCNIComment extends Javadoc {
-  OCNIComment() {
+class OcniComment extends Javadoc {
+  OcniComment() {
     // The comment must start with `-[` ...
     this.getChild(0).getText().matches("-[%") and
     // ... and it must end with `]-`.
@@ -16,8 +16,11 @@ class OCNIComment extends Javadoc {
   }
 }
 
+/** DEPRECATED: Alias for OcniComment */
+deprecated class OCNIComment = OcniComment;
+
 /** Auxiliary predicate: `ocni` is an OCNI comment associated with method `m`. */
-private predicate ocniComment(OCNIComment ocni, Method m) {
+private predicate ocniComment(OcniComment ocni, Method m) {
   // The associated callable must be marked as `native` ...
   m.isNative() and
   // ... and the comment has to be contained in `m`.
@@ -30,21 +33,27 @@ private predicate ocniComment(OCNIComment ocni, Method m) {
  * An Objective-C Native Interface (OCNI) comment that contains Objective-C code
  * implementing a native method.
  */
-class OCNIMethodComment extends OCNIComment {
-  OCNIMethodComment() { ocniComment(this, _) }
+class OcniMethodComment extends OcniComment {
+  OcniMethodComment() { ocniComment(this, _) }
 
   /** Gets the method implemented by this comment. */
   Method getImplementedMethod() { ocniComment(this, result) }
 }
 
+/** DEPRECATED: Alias for OcniMethodComment */
+deprecated class OCNIMethodComment = OcniMethodComment;
+
 /**
  * An Objective-C Native Interface (OCNI) native import comment.
  */
-class OCNIImport extends OCNIComment {
-  OCNIImport() {
+class OcniImport extends OcniComment {
+  OcniImport() {
     this.getAChild().getText().regexpMatch(".*#(import|include).*") and
     not exists(RefType rt | rt.getFile() = this.getFile() |
       rt.getLocation().getStartLine() < this.getLocation().getStartLine()
     )
   }
 }
+
+/** DEPRECATED: Alias for OcniImport */
+deprecated class OCNIImport = OcniImport;

java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll

@@ -14,8 +14,8 @@ abstract class EJB extends Class {
 /**
  * A session EJB.
  */
-class SessionEJB extends EJB {
-  SessionEJB() {
+class SessionEjb extends EJB {
+  SessionEjb() {
     // Subtype of `javax.ejb.SessionBean`.
     this instanceof SessionBean or
     // EJB annotations.
@@ -50,8 +50,8 @@ class SessionEJB extends EJB {
    * using either an annotation or an XML deployment descriptor.
    */
   private BusinessInterface getAnExplicitBusinessInterface() {
-    result.(AnnotatedBusinessInterface).getAnEJB() = this or
-    result.(XmlSpecifiedBusinessInterface).getAnEJB() = this
+    result.(AnnotatedBusinessInterface).getAnEjb() = this or
+    result.(XmlSpecifiedBusinessInterface).getAnEjb() = this
   }
 
   /**
@@ -69,40 +69,40 @@ class SessionEJB extends EJB {
   LegacyEjbRemoteInterface getARemoteInterface() {
     result = this.getASupertype() and result instanceof ExtendedRemoteInterface
     or
-    exists(AnnotatedRemoteHomeInterface i | i.getAnEJB() = this |
+    exists(AnnotatedRemoteHomeInterface i | i.getAnEjb() = this |
       result = i.getAnAssociatedRemoteInterface()
     )
     or
-    result.(XmlSpecifiedRemoteInterface).getAnEJB() = this
+    result.(XmlSpecifiedRemoteInterface).getAnEjb() = this
   }
 
   /** Any remote home interfaces of this EJB. */
   LegacyEjbRemoteHomeInterface getARemoteHomeInterface() {
     result = this.getASupertype() and result instanceof ExtendedRemoteHomeInterface
     or
-    result.(AnnotatedRemoteHomeInterface).getAnEJB() = this
+    result.(AnnotatedRemoteHomeInterface).getAnEjb() = this
     or
-    result.(XmlSpecifiedRemoteHomeInterface).getAnEJB() = this
+    result.(XmlSpecifiedRemoteHomeInterface).getAnEjb() = this
   }
 
   /** Any local interfaces of this EJB. */
   LegacyEjbLocalInterface getALocalInterface() {
     result = this.getASupertype() and result instanceof ExtendedLocalInterface
     or
-    exists(AnnotatedLocalHomeInterface i | i.getAnEJB() = this |
+    exists(AnnotatedLocalHomeInterface i | i.getAnEjb() = this |
       result = i.getAnAssociatedLocalInterface()
     )
     or
-    result.(XmlSpecifiedLocalInterface).getAnEJB() = this
+    result.(XmlSpecifiedLocalInterface).getAnEjb() = this
   }
 
   /** Any local home interfaces of this EJB. */
   LegacyEjbLocalHomeInterface getALocalHomeInterface() {
     result = this.getASupertype() and result instanceof ExtendedLocalHomeInterface
     or
-    result.(AnnotatedLocalHomeInterface).getAnEJB() = this
+    result.(AnnotatedLocalHomeInterface).getAnEjb() = this
     or
-    result.(XmlSpecifiedLocalHomeInterface).getAnEJB() = this
+    result.(XmlSpecifiedLocalHomeInterface).getAnEjb() = this
   }
 
   /** Any `ejbCreate*` methods required for legacy remote or local home interfaces. */
@@ -112,11 +112,14 @@ class SessionEJB extends EJB {
   EjbAnnotatedInitMethod getAnAnnotatedInitMethod() { this.inherits(result) }
 }
 
+/** DEPRECATED: Alias for SessionEjb */
+deprecated class SessionEJB = SessionEjb;
+
 /**
  * A stateful session EJB.
  */
-class StatefulSessionEJB extends SessionEJB {
-  StatefulSessionEJB() {
+class StatefulSessionEjb extends SessionEjb {
+  StatefulSessionEjb() {
     // EJB annotations.
     this.getAnAnnotation().getType().hasName("Stateful")
     or
@@ -129,11 +132,14 @@ class StatefulSessionEJB extends SessionEJB {
   }
 }
 
+/** DEPRECATED: Alias for StatefulSessionEjb */
+deprecated class StatefulSessionEJB = StatefulSessionEjb;
+
 /**
  * A stateless session EJB.
  */
-class StatelessSessionEJB extends SessionEJB {
-  StatelessSessionEJB() {
+class StatelessSessionEjb extends SessionEjb {
+  StatelessSessionEjb() {
     // EJB annotations.
     this.getAnAnnotation().getType().hasName("Stateless")
     or
@@ -146,6 +152,9 @@ class StatelessSessionEJB extends SessionEJB {
   }
 }
 
+/** DEPRECATED: Alias for StatelessSessionEjb */
+deprecated class StatelessSessionEJB = StatelessSessionEjb;
+
 /**
  * A message-driven EJB.
  */
@@ -168,8 +177,8 @@ class MessageDrivenBean extends EJB {
 /**
  * An entity EJB (deprecated as of EJB 3.0).
  */
-class EntityEJB extends EJB {
-  EntityEJB() {
+class EntityEjb extends EJB {
+  EntityEjb() {
     // Subtype of `javax.ejb.EntityBean`.
     this instanceof EntityBean
     or
@@ -181,6 +190,9 @@ class EntityEJB extends EJB {
   }
 }
 
+/** DEPRECATED: Alias for EntityEjb */
+deprecated class EntityEJB = EntityEjb;
+
 /*
  * Business interfaces (applicable to session beans).
  */
@@ -231,7 +243,10 @@ class LocalAnnotation extends BusinessInterfaceAnnotation {
  */
 abstract class BusinessInterface extends Interface {
   /** Gets an EJB to which this business interface belongs. */
-  abstract SessionEJB getAnEJB();
+  abstract SessionEjb getAnEjb();
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
 
   /** Holds if this business interface is declared local. */
   abstract predicate isDeclaredLocal();
@@ -251,7 +266,7 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface {
     )
   }
 
-  override SessionEJB getAnEJB() {
+  override SessionEjb getAnEjb() {
     exists(EjbJarXmlFile f, EjbJarSessionElement se |
       se = f.getASessionElement() and
       this.getQualifiedName() = se.getABusinessElement().getACharactersSet().getCharacters() and
@@ -259,6 +274,9 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface {
     )
   }
 
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated override SessionEJB getAnEJB() { result = this.getAnEjb() }
+
   override predicate isDeclaredLocal() {
     exists(EjbJarXmlFile f |
       this.getQualifiedName() =
@@ -291,10 +309,13 @@ class AnnotatedBusinessInterface extends BusinessInterface {
    * Any class that has a `@Local` or `@Remote` annotation that names this interface
    * is an EJB to which this business interface belongs.
    */
-  override SessionEJB getAnEJB() {
+  override SessionEjb getAnEjb() {
     result.getAnAnnotation().(BusinessInterfaceAnnotation).getANamedType() = this
   }
 
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated override SessionEJB getAnEJB() { result = this.getAnEjb() }
+
   override predicate isDeclaredLocal() { this instanceof LocalAnnotatedBusinessInterface }
 
   override predicate isDeclaredRemote() { this instanceof RemoteAnnotatedBusinessInterface }
@@ -338,7 +359,7 @@ class InitAnnotation extends Annotation {
 class EjbAnnotatedInitMethod extends Method {
   EjbAnnotatedInitMethod() {
     this.getAnAnnotation() instanceof InitAnnotation and
-    exists(SessionEJB ejb | ejb.inherits(this))
+    exists(SessionEjb ejb | ejb.inherits(this))
   }
 }
 
@@ -349,7 +370,7 @@ class EjbAnnotatedInitMethod extends Method {
 class EjbCreateMethod extends Method {
   EjbCreateMethod() {
     this.getName().matches("ejbCreate%") and
-    exists(SessionEJB ejb | ejb.inherits(this))
+    exists(SessionEjb ejb | ejb.inherits(this))
   }
 
   /** Gets the suffix of the method name without the `ejbCreate` prefix. */
@@ -405,8 +426,8 @@ abstract class LegacyEjbHomeInterface extends LegacyEjbInterface {
 /** A legacy remote interface. */
 abstract class LegacyEjbRemoteInterface extends LegacyEjbInterface { }
 
-/** A legacy remote interface that extends `javax.ejb.EJBObject`. */
-class ExtendedRemoteInterface extends LegacyEjbRemoteInterface, RemoteEJBInterface { }
+/** A legacy remote interface that extends `javax.ejb.EjbObject`. */
+class ExtendedRemoteInterface extends LegacyEjbRemoteInterface, RemoteEjbInterface { }
 
 /** A legacy remote interface specified within an XML deployment descriptor. */
 class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface {
@@ -421,20 +442,23 @@ class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface {
    * Gets a session EJB specified in the XML deployment descriptor
    * for this legacy EJB remote interface.
    */
-  SessionEJB getAnEJB() {
+  SessionEjb getAnEjb() {
     exists(EjbJarXmlFile f, EjbJarSessionElement se |
       se = f.getASessionElement() and
       this.getQualifiedName() = se.getARemoteElement().getACharactersSet().getCharacters() and
       result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
     )
   }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
 }
 
 /** A legacy remote home interface. */
 abstract class LegacyEjbRemoteHomeInterface extends LegacyEjbHomeInterface { }
 
-/** A legacy remote home interface that extends `javax.ejb.EJBHome`. */
-class ExtendedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface, RemoteEJBHomeInterface { }
+/** A legacy remote home interface that extends `javax.ejb.EjbHome`. */
+class ExtendedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface, RemoteEjbHomeInterface { }
 
 /** A legacy remote home interface specified by means of a `@RemoteHome` annotation. */
 class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
@@ -444,7 +468,10 @@ class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
   }
 
   /** Gets an EJB to which this interface belongs. */
-  SessionEJB getAnEJB() { result.getAnAnnotation().(RemoteHomeAnnotation).getANamedType() = this }
+  SessionEjb getAnEjb() { result.getAnAnnotation().(RemoteHomeAnnotation).getANamedType() = this }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
 
   /** Gets a remote interface associated with this legacy remote home interface. */
   Interface getAnAssociatedRemoteInterface() { result = this.getACreateMethod().getReturnType() }
@@ -460,20 +487,23 @@ class XmlSpecifiedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
   }
 
   /** Gets an EJB to which this interface belongs. */
-  SessionEJB getAnEJB() {
+  SessionEjb getAnEjb() {
     exists(EjbJarXmlFile f, EjbJarSessionElement se |
       se = f.getASessionElement() and
       this.getQualifiedName() = se.getARemoteHomeElement().getACharactersSet().getCharacters() and
       result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
     )
   }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
 }
 
 /** A legacy local interface. */
 abstract class LegacyEjbLocalInterface extends LegacyEjbInterface { }
 
 /** A legacy local interface that extends `javax.ejb.EJBLocalObject`. */
-class ExtendedLocalInterface extends LegacyEjbLocalInterface, LocalEJBInterface { }
+class ExtendedLocalInterface extends LegacyEjbLocalInterface, LocalEjbInterface { }
 
 /** A legacy local interface specified within an XML deployment descriptor. */
 class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface {
@@ -485,20 +515,23 @@ class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface {
   }
 
   /** Gets an EJB to which this interface belongs. */
-  SessionEJB getAnEJB() {
+  SessionEjb getAnEjb() {
     exists(EjbJarXmlFile f, EjbJarSessionElement se |
       se = f.getASessionElement() and
       this.getQualifiedName() = se.getALocalElement().getACharactersSet().getCharacters() and
       result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
     )
   }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
 }
 
 /** A legacy local home interface. */
 abstract class LegacyEjbLocalHomeInterface extends LegacyEjbHomeInterface { }
 
 /** A legacy local home interface that extends `javax.ejb.EJBLocalHome`. */
-class ExtendedLocalHomeInterface extends LegacyEjbLocalHomeInterface, LocalEJBHomeInterface { }
+class ExtendedLocalHomeInterface extends LegacyEjbLocalHomeInterface, LocalEjbHomeInterface { }
 
 /** A legacy local home interface specified by means of a `@LocalHome` annotation. */
 class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
@@ -508,7 +541,10 @@ class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
   }
 
   /** Gets an EJB to which this interface belongs. */
-  SessionEJB getAnEJB() { result.getAnAnnotation().(LocalHomeAnnotation).getANamedType() = this }
+  SessionEjb getAnEjb() { result.getAnAnnotation().(LocalHomeAnnotation).getANamedType() = this }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
 
   /** Gets a local interface associated with this legacy local home interface. */
   Interface getAnAssociatedLocalInterface() { result = this.getACreateMethod().getReturnType() }
@@ -524,13 +560,16 @@ class XmlSpecifiedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
   }
 
   /** Gets an EJB to which this interface belongs. */
-  SessionEJB getAnEJB() {
+  SessionEjb getAnEjb() {
     exists(EjbJarXmlFile f, EjbJarSessionElement se |
       se = f.getASessionElement() and
       this.getQualifiedName() = se.getALocalHomeElement().getACharactersSet().getCharacters() and
       result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
     )
   }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
 }
 
 /**
@@ -541,19 +580,22 @@ class RemoteInterface extends Interface {
   RemoteInterface() {
     this instanceof RemoteAnnotatedBusinessInterface or
     this.(XmlSpecifiedBusinessInterface).isDeclaredRemote() or
-    exists(SessionEJB ejb | this = ejb.getARemoteInterface())
+    exists(SessionEjb ejb | this = ejb.getARemoteInterface())
   }
 
   /**
    * Any EJBs associated with this `RemoteInterface`
    * by means of annotations or `ejb-jar.xml` configuration files.
    */
-  SessionEJB getAnEJB() {
+  SessionEjb getAnEjb() {
     result.getAnAnnotation().(RemoteAnnotation).getANamedType() = this or
-    result = this.(XmlSpecifiedRemoteInterface).getAnEJB() or
+    result = this.(XmlSpecifiedRemoteInterface).getAnEjb() or
     result.getARemoteInterface() = this
   }
 
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
+
   /**
    * A "remote method" is a method that is available on the remote
    * interface (either because it's declared or inherited).
@@ -585,8 +627,8 @@ class RemoteInterface extends Interface {
    * but the EJB is not a subtype of this remote interface.
    */
   Method getARemoteMethodImplementationUnchecked() {
-    exists(SessionEJB ejb, Method rm |
-      ejb = this.getAnEJB() and
+    exists(SessionEjb ejb, Method rm |
+      ejb = this.getAnEjb() and
       not ejb.getAnAncestor() = this and
       rm = this.getARemoteMethod() and
       result = getAnInheritedMatchingMethodIgnoreThrows(ejb, rm.getSignature()) and
@@ -648,13 +690,13 @@ private predicate throwsExplicitUncheckedException(Method m, Exception ex) {
 }
 
 /** Gets a method (inherited by `ejb`) matching the signature `sig`. (Ignores `throws` clauses.) */
-Method getAnInheritedMatchingMethodIgnoreThrows(SessionEJB ejb, string sig) {
+Method getAnInheritedMatchingMethodIgnoreThrows(SessionEjb ejb, string sig) {
   ejb.inherits(result) and
   sig = result.getSignature()
 }
 
 /** Holds if `ejb` inherits a method matching the given signature. (Ignores `throws` clauses.) */
-predicate inheritsMatchingMethodIgnoreThrows(SessionEJB ejb, string signature) {
+predicate inheritsMatchingMethodIgnoreThrows(SessionEjb ejb, string signature) {
   exists(getAnInheritedMatchingMethodIgnoreThrows(ejb, signature))
 }
 
@@ -662,7 +704,7 @@ predicate inheritsMatchingMethodIgnoreThrows(SessionEJB ejb, string signature) {
  * If `ejb` inherits a method matching the signature of `m` except for the `throws` clause,
  * then return any type in the `throws` clause that does not match.
  */
-Type inheritsMatchingMethodExceptThrows(SessionEJB ejb, Method m) {
+Type inheritsMatchingMethodExceptThrows(SessionEjb ejb, Method m) {
   exists(Method n, string sig |
     ejb.inherits(n) and
     sig = n.getSignature() and
@@ -679,7 +721,7 @@ Type inheritsMatchingMethodExceptThrows(SessionEJB ejb, Method m) {
  * (Ignores `throws` clauses.)
  */
 predicate inheritsMatchingCreateMethodIgnoreThrows(
-  StatefulSessionEJB ejb, EjbInterfaceCreateMethod icm
+  StatefulSessionEjb ejb, EjbInterfaceCreateMethod icm
 ) {
   exists(EjbCreateMethod cm | cm = ejb.getAnEjbCreateMethod() |
     cm.getMethodSuffix() = icm.getMethodSuffix() and
@@ -705,7 +747,7 @@ predicate inheritsMatchingCreateMethodIgnoreThrows(
  * If `ejb` inherits an `ejbCreate` or `@Init` method matching `create` method `m` except for the `throws` clause,
  * then return any type in the `throws` clause that does not match.
  */
-Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEJB ejb, EjbInterfaceCreateMethod icm) {
+Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEjb ejb, EjbInterfaceCreateMethod icm) {
   exists(EjbCreateMethod cm | cm = ejb.getAnEjbCreateMethod() |
     cm.getMethodSuffix() = icm.getMethodSuffix() and
     cm.getNumberOfParameters() = icm.getNumberOfParameters() and
@@ -814,10 +856,13 @@ class DependsOnAnnotation extends Annotation {
 /**
  * A `@javax.ejb.EJB` annotation.
  */
-class EJBAnnotation extends Annotation {
-  EJBAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") }
+class EjbAnnotation extends Annotation {
+  EjbAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") }
 }
 
+/** DEPRECATED: Alias for EjbAnnotation */
+deprecated class EJBAnnotation = EjbAnnotation;
+
 /**
  * A `@javax.ejb.EJBs` annotation.
  */

java/ql/lib/semmle/code/java/frameworks/spring/SpringBean.qll

@@ -16,7 +16,7 @@ class SpringBean extends SpringXmlElement {
   SpringBean() {
     this.getName() = "bean" and
     // Do not capture Camel beans, which are different
-    not this.getNamespace().getURI() = "http://camel.apache.org/schema/spring"
+    not this.getNamespace().getUri() = "http://camel.apache.org/schema/spring"
   }
 
   override string toString() { result = this.getBeanIdentifier() }

java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll

@@ -10,7 +10,7 @@ import semmle.code.java.frameworks.spring.SpringBean
  * An Apache Camel element in a Spring Beans file.
  */
 class SpringCamelXmlElement extends SpringXmlElement {
-  SpringCamelXmlElement() { getNamespace().getURI() = "http://camel.apache.org/schema/spring" }
+  SpringCamelXmlElement() { getNamespace().getUri() = "http://camel.apache.org/schema/spring" }
 }
 
 /** DEPRECATED: Alias for SpringCamelXmlElement */
@@ -114,7 +114,10 @@ class SpringCamelXmlToElement extends SpringCamelXmlRouteElement {
   /**
    * Gets the URI attribute for this `<to>` element.
    */
-  string getURI() { result = getAttribute("uri").getValue() }
+  string getUri() { result = getAttribute("uri").getValue() }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = getUri() }
 }
 
 /** DEPRECATED: Alias for SpringCamelXmlToElement */

java/ql/lib/semmle/code/java/security/Encryption.qll

@@ -4,8 +4,8 @@
 
 import java
 
-class SSLClass extends RefType {
-  SSLClass() {
+class SslClass extends RefType {
+  SslClass() {
     exists(Class c | this.getAnAncestor() = c |
       c.hasQualifiedName("javax.net.ssl", _) or
       c.hasQualifiedName("javax.rmi.ssl", _)
@@ -13,6 +13,9 @@ class SSLClass extends RefType {
   }
 }
 
+/** DEPRECATED: Alias for SslClass */
+deprecated class SSLClass = SslClass;
+
 class X509TrustManager extends RefType {
   X509TrustManager() { this.hasQualifiedName("javax.net.ssl", "X509TrustManager") }
 }
@@ -25,34 +28,52 @@ class HttpsUrlConnection extends RefType {
 /** DEPRECATED: Alias for HttpsUrlConnection */
 deprecated class HttpsURLConnection = HttpsUrlConnection;
 
-class SSLSocketFactory extends RefType {
-  SSLSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") }
+class SslSocketFactory extends RefType {
+  SslSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") }
 }
 
-class SSLContext extends RefType {
-  SSLContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") }
+/** DEPRECATED: Alias for SslSocketFactory */
+deprecated class SSLSocketFactory = SslSocketFactory;
+
+class SslContext extends RefType {
+  SslContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") }
 }
 
-/** The `javax.net.ssl.SSLSession` class. */
-class SSLSession extends RefType {
-  SSLSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") }
+/** DEPRECATED: Alias for SslContext */
+deprecated class SSLContext = SslContext;
+
+/** The `javax.net.ssl.SslSession` class. */
+class SslSession extends RefType {
+  SslSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") }
 }
 
-/** The `javax.net.ssl.SSLEngine` class. */
-class SSLEngine extends RefType {
-  SSLEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") }
+/** DEPRECATED: Alias for SslSession */
+deprecated class SSLSession = SslSession;
+
+/** The `javax.net.ssl.SslEngine` class. */
+class SslEngine extends RefType {
+  SslEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") }
 }
 
-/** The `javax.net.ssl.SSLSocket` class. */
-class SSLSocket extends RefType {
-  SSLSocket() { this.hasQualifiedName("javax.net.ssl", "SSLSocket") }
+/** DEPRECATED: Alias for SslEngine */
+deprecated class SSLEngine = SslEngine;
+
+/** The `javax.net.ssl.SslSocket` class. */
+class SslSocket extends RefType {
+  SslSocket() { this.hasQualifiedName("javax.net.ssl", "SSLSocket") }
 }
 
-/** The `javax.net.ssl.SSLParameters` class. */
-class SSLParameters extends RefType {
-  SSLParameters() { this.hasQualifiedName("javax.net.ssl", "SSLParameters") }
+/** DEPRECATED: Alias for SslSocket */
+deprecated class SSLSocket = SslSocket;
+
+/** The `javax.net.ssl.SslParameters` class. */
+class SslParameters extends RefType {
+  SslParameters() { this.hasQualifiedName("javax.net.ssl", "SSLParameters") }
 }
 
+/** DEPRECATED: Alias for SslParameters */
+deprecated class SSLParameters = SslParameters;
+
 class HostnameVerifier extends RefType {
   HostnameVerifier() { this.hasQualifiedName("javax.net.ssl", "HostnameVerifier") }
 }
@@ -73,7 +94,7 @@ class HostnameVerifierVerify extends Method {
     this.hasName("verify") and
     this.getDeclaringType().getAnAncestor() instanceof HostnameVerifier and
     this.getParameterType(0) instanceof TypeString and
-    this.getParameterType(1) instanceof SSLSession
+    this.getParameterType(1) instanceof SslSession
   }
 }
 
@@ -87,22 +108,22 @@ class TrustManagerCheckMethod extends Method {
 class CreateSocket extends Method {
   CreateSocket() {
     this.hasName("createSocket") and
-    this.getDeclaringType() instanceof SSLSocketFactory
+    this.getDeclaringType() instanceof SslSocketFactory
   }
 }
 
 class GetSocketFactory extends Method {
   GetSocketFactory() {
     this.hasName("getSocketFactory") and
-    this.getDeclaringType() instanceof SSLContext
+    this.getDeclaringType() instanceof SslContext
   }
 }
 
-/** The `createSSLEngine` method of the class `javax.net.ssl.SSLContext`. */
+/** The `createSSLEngine` method of the class `javax.net.ssl.SslContext`. */
 class CreateSslEngineMethod extends Method {
   CreateSslEngineMethod() {
     this.hasName("createSSLEngine") and
-    this.getDeclaringType() instanceof SSLContext
+    this.getDeclaringType() instanceof SslContext
   }
 }
 
@@ -128,35 +149,35 @@ class SetDefaultHostnameVerifierMethod extends Method {
   }
 }
 
-/** The `beginHandshake` method of the class `javax.net.ssl.SSLEngine`. */
+/** The `beginHandshake` method of the class `javax.net.ssl.SslEngine`. */
 class BeginHandshakeMethod extends Method {
   BeginHandshakeMethod() {
     this.hasName("beginHandshake") and
-    this.getDeclaringType().getAnAncestor() instanceof SSLEngine
+    this.getDeclaringType().getAnAncestor() instanceof SslEngine
   }
 }
 
-/** The `wrap` method of the class `javax.net.ssl.SSLEngine`. */
+/** The `wrap` method of the class `javax.net.ssl.SslEngine`. */
 class SslWrapMethod extends Method {
   SslWrapMethod() {
     this.hasName("wrap") and
-    this.getDeclaringType().getAnAncestor() instanceof SSLEngine
+    this.getDeclaringType().getAnAncestor() instanceof SslEngine
   }
 }
 
-/** The `unwrap` method of the class `javax.net.ssl.SSLEngine`. */
+/** The `unwrap` method of the class `javax.net.ssl.SslEngine`. */
 class SslUnwrapMethod extends Method {
   SslUnwrapMethod() {
     this.hasName("unwrap") and
-    this.getDeclaringType().getAnAncestor() instanceof SSLEngine
+    this.getDeclaringType().getAnAncestor() instanceof SslEngine
   }
 }
 
-/** The `getSession` method of the class `javax.net.ssl.SSLSession`. */
+/** The `getSession` method of the class `javax.net.ssl.SslSession`. */
 class GetSslSessionMethod extends Method {
   GetSslSessionMethod() {
     this.hasName("getSession") and
-    this.getDeclaringType().getAnAncestor() instanceof SSLSession
+    this.getDeclaringType().getAnAncestor() instanceof SslSession
   }
 }
 

java/ql/lib/semmle/code/java/security/ExternalAPIs.qll

@@ -126,7 +126,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
 
+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
   TExternalApiParameter(Method m, int index) {
     exists(UntrustedExternalApiDataNode n |
       m = n.getMethod() and

java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll

@@ -26,7 +26,7 @@ private class DefaultInsecureTrustManagerSink extends InsecureTrustManagerSink {
   DefaultInsecureTrustManagerSink() {
     exists(MethodAccess ma, Method m |
       m.hasName("init") and
-      m.getDeclaringType() instanceof SSLContext and
+      m.getDeclaringType() instanceof SslContext and
       ma.getMethod() = m
     |
       ma.getArgument(1) = this.asExpr()

java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll

@@ -41,5 +41,5 @@ class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
     sanitizer.getType() instanceof TypeType
   }
 
-  override predicate isSanitizerIn(Node node) { isSource(node) }
+  override predicate isSanitizerIn(Node node) { this.isSource(node) }
 }

java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll

@@ -56,7 +56,7 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer {
   SslEngineServerMode() {
     exists(MethodAccess ma, Method m |
       m.hasName("setUseClientMode") and
-      m.getDeclaringType().getAnAncestor() instanceof SSLEngine and
+      m.getDeclaringType().getAnAncestor() instanceof SslEngine and
       ma.getMethod() = m and
       ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = false and
       this.asExpr() = ma.getQualifier()
@@ -69,9 +69,9 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer {
  * or the qualifier of `createSocket` is an instance of `SSLSocketFactory`.
  */
 private predicate isSslSocket(MethodAccess createSocket) {
-  createSocket = any(CastExpr ce | ce.getType() instanceof SSLSocket).getExpr()
+  createSocket = any(CastExpr ce | ce.getType() instanceof SslSocket).getExpr()
   or
-  createSocket.getQualifier().getType().(RefType).getAnAncestor() instanceof SSLSocketFactory
+  createSocket.getQualifier().getType().(RefType).getAnAncestor() instanceof SslSocketFactory
 }
 
 /**

java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll

@@ -44,7 +44,7 @@ private class SafeSslParametersFlowConfig extends DataFlow2::Configuration {
   }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(MethodAccess ma, RefType t | t instanceof SSLSocket or t instanceof SSLEngine |
+    exists(MethodAccess ma, RefType t | t instanceof SslSocket or t instanceof SslEngine |
       ma.getMethod().hasName("setSSLParameters") and
       ma.getMethod().getDeclaringType().getAnAncestor() = t and
       ma.getArgument(0) = sink.asExpr()
@@ -58,7 +58,7 @@ private class SafeSslParametersFlowConfig extends DataFlow2::Configuration {
 private class SafeSetEndpointIdentificationAlgorithm extends MethodAccess {
   SafeSetEndpointIdentificationAlgorithm() {
     this.getMethod().hasName("setEndpointIdentificationAlgorithm") and
-    this.getMethod().getDeclaringType() instanceof SSLParameters and
+    this.getMethod().getDeclaringType() instanceof SslParameters and
     not this.getArgument(0) instanceof NullLiteral and
     not this.getArgument(0).(CompileTimeConstantExpr).getStringValue() = ""
   }

java/ql/lib/semmle/code/java/security/XmlParsers.qll

@@ -324,7 +324,7 @@ Expr configOptionIsSupportingExternalEntities() {
 /**
  * An `XmlInputFactory` specific expression that indicates whether DTD is supported.
  */
-Expr configOptionSupportDTD() {
+Expr configOptionSupportDtd() {
   result.(ConstantStringExpr).getStringValue() = "javax.xml.stream.supportDTD"
   or
   exists(Field f |
@@ -334,6 +334,9 @@ Expr configOptionSupportDTD() {
   )
 }
 
+/** DEPRECATED: Alias for configOptionSupportDtd */
+deprecated Expr configOptionSupportDTD() { result = configOptionSupportDtd() }
+
 /**
  * A safely configured `XmlInputFactory`.
  */
@@ -345,7 +348,7 @@ class SafeXmlInputFactory extends VarAccess {
         config.disables(configOptionIsSupportingExternalEntities())
       ) and
       exists(XmlInputFactoryConfig config | config.getQualifier() = v.getAnAccess() |
-        config.disables(configOptionSupportDTD())
+        config.disables(configOptionSupportDtd())
       )
     )
   }
@@ -907,7 +910,7 @@ class XmlConstants extends RefType {
 }
 
 /** A configuration specific for transformers and schema. */
-Expr configAccessExternalDTD() {
+Expr configAccessExternalDtd() {
   result.(ConstantStringExpr).getStringValue() =
     "http://javax.xml.XMLConstants/property/accessExternalDTD"
   or
@@ -918,6 +921,9 @@ Expr configAccessExternalDTD() {
   )
 }
 
+/** DEPRECATED: Alias for configAccessExternalDtd */
+deprecated Expr configAccessExternalDTD() { result = configAccessExternalDtd() }
+
 /** A configuration specific for transformers. */
 Expr configAccessExternalStyleSheet() {
   result.(ConstantStringExpr).getStringValue() =
@@ -1040,7 +1046,7 @@ class SafeTransformerFactory extends VarAccess {
   SafeTransformerFactory() {
     exists(Variable v | v = this.getVariable() |
       exists(TransformerFactoryConfig config | config.getQualifier() = v.getAnAccess() |
-        config.disables(configAccessExternalDTD())
+        config.disables(configAccessExternalDtd())
       ) and
       exists(TransformerFactoryConfig config | config.getQualifier() = v.getAnAccess() |
         config.disables(configAccessExternalStyleSheet())
@@ -1141,7 +1147,7 @@ class SafeSchemaFactory extends VarAccess {
   SafeSchemaFactory() {
     exists(Variable v | v = this.getVariable() |
       exists(SchemaFactoryConfig config | config.getQualifier() = v.getAnAccess() |
-        config.disables(configAccessExternalDTD())
+        config.disables(configAccessExternalDtd())
       ) and
       exists(SchemaFactoryConfig config | config.getQualifier() = v.getAnAccess() |
         config.disables(configAccessExternalSchema())

java/ql/lib/semmle/code/xml/XML.qll

@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
   XmlElement getARootElement() { result = this.getAChild() }
 
   /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }
 
 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
  * <!ELEMENT lastName (#PCDATA)>
  * ```
  */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
   /** Gets the name of the root element of this DTD. */
   string getRoot() { xmlDTDs(this, result, _, _, _) }
 
@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
   }
 }
 
-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;
 
 /**
  * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
   string getPrefix() { xmlNs(this, result, _, _) }
 
   /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }
 
   /** Holds if this namespace has no prefix. */
   predicate isDefault() { this.getPrefix() = "" }
 
   override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
     or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
   }
 }
 

java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql

@@ -81,7 +81,7 @@ predicate exceptions(Class c, Field f) {
     // Stateless session beans are not normally serialized during their usual life-cycle
     // but are forced by their expected supertype to be serializable.
     // Arguably, warnings for their non-serializable fields can therefore be suppressed in practice.
-    c instanceof StatelessSessionEJB
+    c instanceof StatelessSessionEjb
     or
     // Enum types are serialized by name, so it doesn't matter if they have non-serializable fields.
     c instanceof EnumType

java/ql/src/Security/CWE/CWE-319/UseSSL.ql

@@ -33,10 +33,10 @@ where
     or
     c instanceof Socket and type = "socket"
   ) and
-  not c instanceof SSLClass and
+  not c instanceof SslClass and
   not exists(RefType t |
     exprTypeFlow(m.getQualifier(), t, _) and
-    t instanceof SSLClass
+    t instanceof SslClass
   ) and
   (
     m.getMethod().getName() = "getInputStream" or

java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql

@@ -65,7 +65,7 @@ predicate query(MethodAccess m, Method def, int paramNo, string message, Element
     // an SSL factory, ...
     usesFactory(def, paramNo) and
     evidence = m.getArgument(paramNo) and
-    not evidence.(Expr).getType() instanceof SSLClass and
+    not evidence.(Expr).getType() instanceof SslClass and
     message = "has a non-SSL factory argument "
     or
     // ... or there is an overloaded method on the same type that does take a factory,

java/ql/src/Violations of Best Practice/Comments/CommentedCode.qll

@@ -107,8 +107,8 @@ class CommentedOutCode extends JavadocFirst {
   CommentedOutCode() {
     anyCount(this) > 0 and
     codeCount(this).(float) / anyCount(this).(float) > 0.5 and
-    not this instanceof JSNIComment and
-    not this instanceof OCNIComment
+    not this instanceof JsniComment and
+    not this instanceof OcniComment
   }
 
   /**

java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql

@@ -87,7 +87,7 @@ predicate isTestMethod(MethodAccess ma) {
 }
 
 /** Holds if `MethodAccess` ma disables SSL endpoint check. */
-predicate isInsecureSSLEndpoint(MethodAccess ma) {
+predicate isInsecureSslEndpoint(MethodAccess ma) {
   (
     ma.getMethod() instanceof SetSystemPropertyMethod and
     isPropertyDisableLdapEndpointId(ma.getArgument(0)) and
@@ -105,6 +105,6 @@ predicate isInsecureSSLEndpoint(MethodAccess ma) {
 
 from MethodAccess ma
 where
-  isInsecureSSLEndpoint(ma) and
+  isInsecureSslEndpoint(ma) and
   not isTestMethod(ma)
 select ma, "LDAPS configuration allows insecure endpoint identification"

java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll

@@ -27,7 +27,7 @@ class UnsafeTlsVersionConfig extends TaintTracking::Configuration {
 class SslContextGetInstanceSink extends DataFlow::ExprNode {
   SslContextGetInstanceSink() {
     exists(StaticMethodAccess ma, Method m | m = ma.getMethod() |
-      m.getDeclaringType() instanceof SSLContext and
+      m.getDeclaringType() instanceof SslContext and
       m.hasName("getInstance") and
       ma.getArgument(0) = asExpr()
     )
@@ -40,7 +40,7 @@ class SslContextGetInstanceSink extends DataFlow::ExprNode {
  */
 class CreateSslParametersSink extends DataFlow::ExprNode {
   CreateSslParametersSink() {
-    exists(ConstructorCall cc | cc.getConstructedType() instanceof SSLParameters |
+    exists(ConstructorCall cc | cc.getConstructedType() instanceof SslParameters |
       cc.getArgument(1) = asExpr()
     )
   }
@@ -53,7 +53,7 @@ class CreateSslParametersSink extends DataFlow::ExprNode {
 class SslParametersSetProtocolsSink extends DataFlow::ExprNode {
   SslParametersSetProtocolsSink() {
     exists(MethodAccess ma, Method m | m = ma.getMethod() |
-      m.getDeclaringType() instanceof SSLParameters and
+      m.getDeclaringType() instanceof SslParameters and
       m.hasName("setProtocols") and
       ma.getArgument(0) = asExpr()
     )
@@ -70,9 +70,9 @@ class SetEnabledProtocolsSink extends DataFlow::ExprNode {
       m = ma.getMethod() and type = m.getDeclaringType()
     |
       (
-        type instanceof SSLSocket or
-        type instanceof SSLServerSocket or
-        type instanceof SSLEngine
+        type instanceof SslSocket or
+        type instanceof SslServerSocket or
+        type instanceof SslEngine
       ) and
       m.hasName("setEnabledProtocols") and
       ma.getArgument(0) = asExpr()
@@ -94,6 +94,6 @@ class UnsafeTlsVersion extends StringLiteral {
   }
 }
 
-class SSLServerSocket extends RefType {
-  SSLServerSocket() { hasQualifiedName("javax.net.ssl", "SSLServerSocket") }
+class SslServerSocket extends RefType {
+  SslServerSocket() { hasQualifiedName("javax.net.ssl", "SSLServerSocket") }
 }

java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql

@@ -125,7 +125,7 @@ predicate isBasicAuthEnv(MethodAccess ma) {
 /**
  * Holds if `ma` sets `java.naming.security.protocol` (also known as `Context.SECURITY_PROTOCOL`) to `ssl` in some `Hashtable`.
  */
-predicate isSSLEnv(MethodAccess ma) {
+predicate isSslEnv(MethodAccess ma) {
   hasFieldValueEnv(ma, "java.naming.security.protocol", "ssl") or
   hasFieldNameEnv(ma, "SECURITY_PROTOCOL", "ssl")
 }
@@ -182,13 +182,13 @@ class BasicAuthFlowConfig extends DataFlow::Configuration {
 /**
  * A taint-tracking configuration for `ssl` configuration in LDAP authentication.
  */
-class SSLFlowConfig extends DataFlow::Configuration {
-  SSLFlowConfig() { this = "InsecureLdapAuth:SSLFlowConfig" }
+class SslFlowConfig extends DataFlow::Configuration {
+  SslFlowConfig() { this = "InsecureLdapAuth:SSLFlowConfig" }
 
   /** Source of `ssl` configuration. */
   override predicate isSource(DataFlow::Node src) {
     exists(MethodAccess ma |
-      isSSLEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr()
+      isSslEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr()
     )
   }
 
@@ -205,6 +205,6 @@ from DataFlow::PathNode source, DataFlow::PathNode sink, InsecureUrlFlowConfig c
 where
   config.hasFlowPath(source, sink) and
   exists(BasicAuthFlowConfig bc | bc.hasFlowTo(sink.getNode())) and
-  not exists(SSLFlowConfig sc | sc.hasFlowTo(sink.getNode()))
+  not exists(SslFlowConfig sc | sc.hasFlowTo(sink.getNode()))
 select sink.getNode(), source, sink, "Insecure LDAP authentication from $@.", source.getNode(),
   "LDAP connection string"

java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql

@@ -25,7 +25,7 @@ class UnsafeUrlForwardFlowConfig extends TaintTracking::Configuration {
     source instanceof RemoteFlowSource and
     not exists(MethodAccess ma, Method m | ma.getMethod() = m |
       (
-        m instanceof HttpServletRequestGetRequestURIMethod or
+        m instanceof HttpServletRequestGetRequestUriMethod or
         m instanceof HttpServletRequestGetRequestUrlMethod or
         m instanceof HttpServletRequestGetPathMethod
       ) and

java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll

@@ -73,7 +73,7 @@ class SafeValidator extends VarAccess {
   SafeValidator() {
     exists(Variable v | v = this.getVariable() |
       exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() |
-        config.disables(configAccessExternalDTD())
+        config.disables(configAccessExternalDtd())
       ) and
       exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() |
         config.disables(configAccessExternalSchema())

java/ql/test/library-tests/gwt/JSNI.ql

@@ -1,5 +1,5 @@
 import java
 import semmle.code.java.frameworks.gwt.GWT
 
-from JSNIComment jsni
+from JsniComment jsni
 select jsni, jsni.getImplementedMethod()

java/ql/test/library-tests/j2objc/OCNIComment.expected

@@ -1,13 +1,13 @@
-| IosRSASignature | 39 | 1 | 60 | 4 | /* -[ ... */ | OCNIImport |
-| IosRSASignature | 78 | 62 | 80 | 6 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 137 | 3 | 173 | 6 | /* -[ ... */ | OCNIComment |
-| IosRSASignature | 177 | 62 | 189 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 192 | 82 | 205 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 210 | 62 | 222 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 225 | 82 | 238 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 243 | 62 | 255 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 258 | 82 | 271 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 276 | 62 | 288 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 291 | 82 | 304 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 309 | 62 | 321 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 324 | 82 | 337 | 8 | /* -[ ... */ | OCNIMethodComment |
+| IosRSASignature | 39 | 1 | 60 | 4 | /* -[ ... */ | OcniImport |
+| IosRSASignature | 78 | 62 | 80 | 6 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 137 | 3 | 173 | 6 | /* -[ ... */ | OcniComment |
+| IosRSASignature | 177 | 62 | 189 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 192 | 82 | 205 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 210 | 62 | 222 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 225 | 82 | 238 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 243 | 62 | 255 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 258 | 82 | 271 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 276 | 62 | 288 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 291 | 82 | 304 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 309 | 62 | 321 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 324 | 82 | 337 | 8 | /* -[ ... */ | OcniMethodComment |

java/ql/test/library-tests/j2objc/OCNIComment.ql

@@ -1,6 +1,6 @@
 import semmle.code.java.frameworks.j2objc.J2ObjC
 
-from OCNIComment ocni
+from OcniComment ocni
 select ocni.getFile().getStem(), ocni.getLocation().getStartLine(),
   ocni.getLocation().getStartColumn(), ocni.getLocation().getEndLine(),
   ocni.getLocation().getEndColumn(), ocni.toString(), ocni.getAQlClass()

javascript/ql/lib/change-notes/2022-08-22-xml-rename.md

@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
   The old name still exists as a deprecated alias.

javascript/ql/lib/semmle/javascript/XML.qll

@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
   XmlElement getARootElement() { result = this.getAChild() }
 
   /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }
 
 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
  * <!ELEMENT lastName (#PCDATA)>
  * ```
  */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
   /** Gets the name of the root element of this DTD. */
   string getRoot() { xmlDTDs(this, result, _, _, _) }
 
@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
   }
 }
 
-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;
 
 /**
  * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
   string getPrefix() { xmlNs(this, result, _, _) }
 
   /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }
 
   /** Holds if this namespace has no prefix. */
   predicate isDefault() { this.getPrefix() = "" }
 
   override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
     or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
   }
 }
 

javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll

@@ -4,9 +4,9 @@
 
 import javascript
 
-/** Provides classes for modeling NoSQL query sinks. */
+/** Provides classes for modeling NoSql query sinks. */
 module NoSql {
-  /** An expression that is interpreted as a NoSQL query. */
+  /** An expression that is interpreted as a NoSql query. */
   abstract class Query extends Expr {
     /** Gets an expression that is interpreted as a code operator in this query. */
     DataFlow::Node getACodeOperator() { none() }

javascript/ql/lib/semmle/javascript/frameworks/ServerLess.qll

@@ -14,15 +14,15 @@ private module ServerLess {
    * Holds if the `.yml` file `ymlFile` contains a serverless configuration with `handler` and `codeURI` properties.
    * `codeURI` defaults to the empty string if no explicit value is set in the configuration.
    */
-  private predicate hasServerlessHandler(File ymlFile, string handler, string codeURI) {
+  private predicate hasServerlessHandler(File ymlFile, string handler, string codeUri) {
     exists(YAMLMapping resource | ymlFile = resource.getFile() |
       // There exists at least "AWS::Serverless::Function" and "Aliyun::Serverless::Function"
       resource.lookup("Type").(YAMLScalar).getValue().regexpMatch(".*::Serverless::Function") and
       exists(YAMLMapping properties | properties = resource.lookup("Properties") |
         handler = properties.lookup("Handler").(YAMLScalar).getValue() and
         if exists(properties.lookup("CodeUri"))
-        then codeURI = properties.lookup("CodeUri").(YAMLScalar).getValue()
-        else codeURI = ""
+        then codeUri = properties.lookup("CodeUri").(YAMLScalar).getValue()
+        else codeUri = ""
       )
       or
       // The `serverless` library, which specifies a top-level `functions` property
@@ -30,7 +30,7 @@ private module ServerLess {
         functions = resource.lookup("functions") and
         not exists(resource.getParentNode()) and
         handler = functions.getValue(_).(YAMLMapping).lookup("handler").(YAMLScalar).getValue() and
-        codeURI = ""
+        codeUri = ""
       )
     )
   }
@@ -58,9 +58,9 @@ private module ServerLess {
    *
    * For example if `codeURI` is "function/." and `file` is "index", then the result becomes "function/index.js".
    */
-  bindingset[codeURI, file]
-  private string getPathFromHandlerProperties(string codeURI, string file) {
-    exists(string folder | folder = removeLeadingDotSlash(removeTrailingDot(codeURI)) |
+  bindingset[codeUri, file]
+  private string getPathFromHandlerProperties(string codeUri, string file) {
+    exists(string folder | folder = removeLeadingDotSlash(removeTrailingDot(codeUri)) |
       result = folder + file + ".js"
     )
   }
@@ -69,8 +69,8 @@ private module ServerLess {
    * Holds if `file` has a serverless handler function with name `func`.
    */
   private predicate hasServerlessHandler(File file, string func) {
-    exists(File ymlFile, string handler, string codeURI, string fileName |
-      hasServerlessHandler(ymlFile, handler, codeURI) and
+    exists(File ymlFile, string handler, string codeUri, string fileName |
+      hasServerlessHandler(ymlFile, handler, codeUri) and
       // Splits a `handler` into two components. The `fileName` to the left of the dot, and the `func` to the right.
       // E.g. if `handler` is "index.foo", then `fileName` is "index" and `func` is "foo".
       exists(string pattern | pattern = "(.*)\\.(.*)" |
@@ -80,7 +80,7 @@ private module ServerLess {
     |
       file.getAbsolutePath() =
         ymlFile.getParentContainer().getAbsolutePath() + "/" +
-          getPathFromHandlerProperties(codeURI, fileName)
+          getPathFromHandlerProperties(codeUri, fileName)
     )
   }
 

javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll

@@ -177,7 +177,7 @@ module ClientSideUrlRedirect {
       )
       or
       // e.g. node.setAttribute("href", sink)
-      any(DomMethodCallExpr call).interpretsArgumentsAsURL(this.asExpr())
+      any(DomMethodCallExpr call).interpretsArgumentsAsUrl(this.asExpr())
     }
 
     override predicate isXssSink() { any() }

javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll

@@ -86,7 +86,7 @@ class DomMethodCallExpr extends MethodCallExpr {
   /**
    * Holds if `arg` is an argument that is used as an URL.
    */
-  predicate interpretsArgumentsAsURL(Expr arg) {
+  predicate interpretsArgumentsAsUrl(Expr arg) {
     exists(int argPos, string name |
       arg = this.getArgument(argPos) and
       name = this.getMethodName()
@@ -103,6 +103,9 @@ class DomMethodCallExpr extends MethodCallExpr {
     )
   }
 
+  /** DEPRECATED: Alias for interpretsArgumentsAsUrl */
+  deprecated predicate interpretsArgumentsAsURL(Expr arg) { this.interpretsArgumentsAsUrl(arg) }
+
   /** DEPRECATED: Alias for interpretsArgumentsAsHtml */
   deprecated predicate interpretsArgumentsAsHTML(Expr arg) { this.interpretsArgumentsAsHtml(arg) }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll

@@ -23,13 +23,16 @@ deprecated class JQueryHtmlOrSelectorInjectionConfiguration = Configuration;
  * A sink that is not a URL write or a JQuery selector,
  * assumed to be a value that is interpreted as HTML.
  */
-class HTMLSink extends DataFlow::Node instanceof Sink {
-  HTMLSink() {
+class HtmlSink extends DataFlow::Node instanceof Sink {
+  HtmlSink() {
     not this instanceof WriteUrlSink and
     not this instanceof JQueryHtmlOrSelectorSink
   }
 }
 
+/** DEPRECATED: Alias for HtmlSink */
+deprecated class HTMLSink = HtmlSink;
+
 /**
  * A taint-tracking configuration for reasoning about XSS.
  * Both ordinary HTML sinks, URL sinks, and JQuery selector based sinks.
@@ -55,7 +58,7 @@ class Configuration extends TaintTracking::Configuration {
   }
 
   override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
-    sink instanceof HTMLSink and
+    sink instanceof HtmlSink and
     label = [TaintedUrlSuffix::label(), prefixLabel(), DataFlow::FlowLabel::taint()]
     or
     sink instanceof JQueryHtmlOrSelectorSink and

javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll

@@ -1,10 +1,10 @@
-/** DEPRECATED. Import `ExternalAPIUsedWithUntrustedDataQuery` instead. */
+/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */
 
 import javascript
-private import ExternalAPIUsedWithUntrustedDataQuery as ExternalAPIUsedWithUntrustedDataQuery // ignore-query-import
+private import ExternalAPIUsedWithUntrustedDataQuery as ExternalApiUsedWithUntrustedDataQuery // ignore-query-import
 
-/** DEPRECATED. Import `ExternalAPIUsedWithUntrustedDataQuery` instead. */
-deprecated module ExternalApiUsedWithUntrustedData = ExternalAPIUsedWithUntrustedDataQuery;
+/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */
+deprecated module ExternalApiUsedWithUntrustedData = ExternalApiUsedWithUntrustedDataQuery;
 
 /** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
 deprecated module ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;

javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll

@@ -81,6 +81,7 @@ deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
  * Name of an external API sink, boxed in a newtype for consistency with other languages.
  */
 private newtype TExternalApi =
+  /** An external API sink with `name`. */
   MkExternalApiNode(string name) {
     exists(Sink sink |
       any(Configuration c).hasFlow(_, sink) and

javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll

@@ -62,7 +62,7 @@ module Shared {
     }
   }
 
-  private import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHTML
+  private import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHtml
 
   /**
    * A guard that checks if a string can contain quotes, which is a guard for strings that are inside a HTML attribute.
@@ -72,7 +72,7 @@ module Shared {
       this.getSubstring().mayHaveStringValue("\"") and
       this.getBaseString()
           .getALocalSource()
-          .flowsTo(any(IncompleteHTML::HtmlAttributeConcatenation attributeConcat))
+          .flowsTo(any(IncompleteHtml::HtmlAttributeConcatenation attributeConcat))
     }
 
     override predicate sanitizes(boolean outcome, Expr e) {

python/ql/lib/change-notes/2022-08-22-xml-rename.md

@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
   The old name still exists as a deprecated alias.

python/ql/lib/semmle/python/frameworks/Stdlib.qll

@@ -1854,16 +1854,22 @@ private module StdlibPrivate {
   deprecated API::Node cgiHTTPServer() { result = cgiHttpServer() }
 
   /** Provides models for the `CGIHTTPServer` module. */
-  module CGIHTTPServer {
+  module CgiHttpServer {
     /**
      * Provides models for the `CGIHTTPServer.CGIHTTPRequestHandler` class (Python 2 only).
      */
-    module CGIHTTPRequestHandler {
-      /** Gets a reference to the `CGIHTTPServer.CGIHTTPRequestHandler` class. */
+    module CgiHttpRequestHandler {
+      /** Gets a reference to the `CGIHTTPServer.CgiHttpRequestHandler` class. */
       API::Node classRef() { result = cgiHttpServer().getMember("CGIHTTPRequestHandler") }
     }
+
+    /** DEPRECATED: Alias for CgiHttpRequestHandler */
+    deprecated module CGIHTTPRequestHandler = CgiHttpRequestHandler;
   }
 
+  /** DEPRECATED: Alias for CgiHttpServer */
+  deprecated module CGIHTTPServer = CgiHttpServer;
+
   // ---------------------------------------------------------------------------
   // http (Python 3 only)
   // ---------------------------------------------------------------------------
@@ -1911,10 +1917,13 @@ private module StdlibPrivate {
        *
        * See https://docs.python.org/3.9/library/http.server.html#http.server.CGIHTTPRequestHandler.
        */
-      module CGIHTTPRequestHandler {
+      module CgiHttpRequestHandler {
         /** Gets a reference to the `http.server.CGIHTTPRequestHandler` class. */
         API::Node classRef() { result = server().getMember("CGIHTTPRequestHandler") }
       }
+
+      /** DEPRECATED: Alias for CgiHttpRequestHandler */
+      deprecated module CGIHTTPRequestHandler = CgiHttpRequestHandler;
     }
   }
 
@@ -1933,11 +1942,11 @@ private module StdlibPrivate {
           // Python 2
           BaseHttpServer::BaseHttpRequestHandler::classRef(),
           SimpleHttpServer::SimpleHttpRequestHandler::classRef(),
-          CGIHTTPServer::CGIHTTPRequestHandler::classRef(),
+          CgiHttpServer::CgiHttpRequestHandler::classRef(),
           // Python 3
           Http::Server::BaseHttpRequestHandler::classRef(),
           Http::Server::SimpleHttpRequestHandler::classRef(),
-          Http::Server::CGIHTTPRequestHandler::classRef()
+          Http::Server::CgiHttpRequestHandler::classRef()
         ].getASubclass*()
     }
 

python/ql/lib/semmle/python/xml/XML.qll

@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
   XmlElement getARootElement() { result = this.getAChild() }
 
   /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }
 
 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
  * <!ELEMENT lastName (#PCDATA)>
  * ```
  */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
   /** Gets the name of the root element of this DTD. */
   string getRoot() { xmlDTDs(this, result, _, _, _) }
 
@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
   }
 }
 
-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;
 
 /**
  * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
   string getPrefix() { xmlNs(this, result, _, _) }
 
   /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }
 
   /** Holds if this namespace has no prefix. */
   predicate isDefault() { this.getPrefix() = "" }
 
   override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
     or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
   }
 }
 

python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll

@@ -129,7 +129,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
 
+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
   TExternalApiParameter(DataFlowPrivate::DataFlowCallable callable, int index) {
     exists(UntrustedExternalApiDataNode n |
       callable = n.getCallable() and

python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql

@@ -19,14 +19,14 @@ private API::Node unsafe_paramiko_policy(string name) {
   result = API::moduleImport("paramiko").getMember("client").getMember(name)
 }
 
-private API::Node paramikoSSHClientInstance() {
+private API::Node paramikoSshClientInstance() {
   result = API::moduleImport("paramiko").getMember("client").getMember("SSHClient").getReturn()
 }
 
 from DataFlow::CallCfgNode call, DataFlow::Node arg, string name
 where
   // see http://docs.paramiko.org/en/stable/api/client.html#paramiko.client.SSHClient.set_missing_host_key_policy
-  call = paramikoSSHClientInstance().getMember("set_missing_host_key_policy").getACall() and
+  call = paramikoSshClientInstance().getMember("set_missing_host_key_policy").getACall() and
   arg in [call.getArg(0), call.getArgByName("policy")] and
   (
     arg = unsafe_paramiko_policy(name).getAValueReachableFromSource() or

python/ql/src/Security/CWE-327/PyOpenSSL.qll

@@ -7,13 +7,13 @@ private import python
 private import semmle.python.ApiGraphs
 import TlsLibraryModel
 
-class PyOpenSSLContextCreation extends ContextCreation, DataFlow::CallCfgNode {
-  PyOpenSSLContextCreation() {
+class PyOpenSslContextCreation extends ContextCreation, DataFlow::CallCfgNode {
+  PyOpenSslContextCreation() {
     this = API::moduleImport("OpenSSL").getMember("SSL").getMember("Context").getACall()
   }
 
   override string getProtocol() {
-    exists(DataFlow::Node protocolArg, PyOpenSSL pyo |
+    exists(DataFlow::Node protocolArg, PyOpenSsl pyo |
       protocolArg in [this.getArg(0), this.getArgByName("method")]
     |
       protocolArg in [
@@ -51,12 +51,12 @@ class SetOptionsCall extends ProtocolRestriction, DataFlow::CallCfgNode {
   }
 }
 
-class UnspecificPyOpenSSLContextCreation extends PyOpenSSLContextCreation, UnspecificContextCreation {
-  UnspecificPyOpenSSLContextCreation() { library instanceof PyOpenSSL }
+class UnspecificPyOpenSslContextCreation extends PyOpenSslContextCreation, UnspecificContextCreation {
+  UnspecificPyOpenSslContextCreation() { library instanceof PyOpenSsl }
 }
 
-class PyOpenSSL extends TlsLibrary {
-  PyOpenSSL() { this = "pyOpenSSL" }
+class PyOpenSsl extends TlsLibrary {
+  PyOpenSsl() { this = "pyOpenSSL" }
 
   override string specific_version_name(ProtocolVersion version) { result = version + "_METHOD" }
 
@@ -70,7 +70,7 @@ class PyOpenSSL extends TlsLibrary {
   override ContextCreation default_context_creation() { none() }
 
   override ContextCreation specific_context_creation() {
-    result instanceof PyOpenSSLContextCreation
+    result instanceof PyOpenSslContextCreation
   }
 
   override DataFlow::Node insecure_connection_creation(ProtocolVersion version) { none() }
@@ -80,6 +80,6 @@ class PyOpenSSL extends TlsLibrary {
   override ProtocolRestriction protocol_restriction() { result instanceof SetOptionsCall }
 
   override ProtocolUnrestriction protocol_unrestriction() {
-    result instanceof UnspecificPyOpenSSLContextCreation
+    result instanceof UnspecificPyOpenSslContextCreation
   }
 }

python/ql/src/Security/CWE-327/Ssl.qll

@@ -7,8 +7,8 @@ private import python
 private import semmle.python.ApiGraphs
 import TlsLibraryModel
 
-class SSLContextCreation extends ContextCreation, DataFlow::CallCfgNode {
-  SSLContextCreation() { this = API::moduleImport("ssl").getMember("SSLContext").getACall() }
+class SslContextCreation extends ContextCreation, DataFlow::CallCfgNode {
+  SslContextCreation() { this = API::moduleImport("ssl").getMember("SSLContext").getACall() }
 
   override string getProtocol() {
     exists(DataFlow::Node protocolArg, Ssl ssl |
@@ -27,8 +27,8 @@ class SSLContextCreation extends ContextCreation, DataFlow::CallCfgNode {
   }
 }
 
-class SSLDefaultContextCreation extends ContextCreation {
-  SSLDefaultContextCreation() {
+class SslDefaultContextCreation extends ContextCreation {
+  SslDefaultContextCreation() {
     this = API::moduleImport("ssl").getMember("create_default_context").getACall()
   }
 
@@ -161,8 +161,8 @@ class ContextSetVersion extends ProtocolRestriction, ProtocolUnrestriction, Data
   }
 }
 
-class UnspecificSSLContextCreation extends SSLContextCreation, UnspecificContextCreation {
-  UnspecificSSLContextCreation() { library instanceof Ssl }
+class UnspecificSslContextCreation extends SslContextCreation, UnspecificContextCreation {
+  UnspecificSslContextCreation() { library instanceof Ssl }
 
   override ProtocolVersion getUnrestriction() {
     result = UnspecificContextCreation.super.getUnrestriction() and
@@ -172,7 +172,7 @@ class UnspecificSSLContextCreation extends SSLContextCreation, UnspecificContext
   }
 }
 
-class UnspecificSSLDefaultContextCreation extends SSLDefaultContextCreation, ProtocolUnrestriction {
+class UnspecificSslDefaultContextCreation extends SslDefaultContextCreation, ProtocolUnrestriction {
   override DataFlow::Node getContext() { result = this }
 
   // see https://docs.python.org/3/library/ssl.html#ssl.create_default_context
@@ -195,10 +195,10 @@ class Ssl extends TlsLibrary {
   override API::Node version_constants() { result = API::moduleImport("ssl") }
 
   override ContextCreation default_context_creation() {
-    result instanceof SSLDefaultContextCreation
+    result instanceof SslDefaultContextCreation
   }
 
-  override ContextCreation specific_context_creation() { result instanceof SSLContextCreation }
+  override ContextCreation specific_context_creation() { result instanceof SslContextCreation }
 
   override DataFlow::CallCfgNode insecure_connection_creation(ProtocolVersion version) {
     result = API::moduleImport("ssl").getMember("wrap_socket").getACall() and
@@ -220,8 +220,8 @@ class Ssl extends TlsLibrary {
     or
     result instanceof ContextSetVersion
     or
-    result instanceof UnspecificSSLContextCreation
+    result instanceof UnspecificSslContextCreation
     or
-    result instanceof UnspecificSSLDefaultContextCreation
+    result instanceof UnspecificSslDefaultContextCreation
   }
 }

python/ql/src/experimental/Security/CWE-091/Xslt.ql

@@ -17,8 +17,8 @@ import semmle.python.web.HttpRequest
 /* Sinks */
 import experimental.semmle.python.security.injection.XSLT
 
-class XSLTInjectionConfiguration extends TaintTracking::Configuration {
-  XSLTInjectionConfiguration() { this = "XSLT injection configuration" }
+class XsltInjectionConfiguration extends TaintTracking::Configuration {
+  XsltInjectionConfiguration() { this = "XSLT injection configuration" }
 
   deprecated override predicate isSource(TaintTracking::Source source) {
     source instanceof HttpRequestTaintSource
@@ -29,7 +29,7 @@ class XSLTInjectionConfiguration extends TaintTracking::Configuration {
   }
 }
 
-from XSLTInjectionConfiguration config, TaintedPathSource src, TaintedPathSink sink
+from XsltInjectionConfiguration config, TaintedPathSource src, TaintedPathSink sink
 where config.hasFlowPath(src, sink)
 select sink.getSink(), src, sink, "This XSLT query depends on $@.", src.getSource(),
   "a user-provided value"

python/ql/src/experimental/semmle/python/Concepts.qll

@@ -182,7 +182,10 @@ module LdapBind {
     /**
      * Holds if the binding process use SSL.
      */
-    abstract predicate useSSL();
+    abstract predicate useSsl();
+
+    /** DEPRECATED: Alias for useSsl */
+    deprecated predicate useSSL() { useSsl() }
   }
 }
 
@@ -213,7 +216,10 @@ class LdapBind extends DataFlow::Node {
   /**
    * Holds if the binding process use SSL.
    */
-  predicate useSSL() { range.useSSL() }
+  predicate useSsl() { range.useSsl() }
+
+  /** DEPRECATED: Alias for useSsl */
+  deprecated predicate useSSL() { useSsl() }
 }
 
 /** DEPRECATED: Alias for LdapBind */

python/ql/src/experimental/semmle/python/frameworks/LDAP.qll

@@ -12,13 +12,13 @@ private import semmle.python.ApiGraphs
 /**
  * Provides models for Python's ldap-related libraries.
  */
-private module LDAP {
+private module Ldap {
   /**
    * Provides models for the `python-ldap` PyPI package (imported as `ldap`).
    *
    * See https://www.python-ldap.org/en/python-ldap-3.3.0/index.html
    */
-  private module LDAP2 {
+  private module Ldap2 {
     /** Gets a reference to the `ldap` module. */
     API::Node ldap() { result = API::moduleImport("ldap") }
 
@@ -38,8 +38,8 @@ private module LDAP {
      *
      * See https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#functions
      */
-    private class LDAP2QueryMethods extends string {
-      LDAP2QueryMethods() {
+    private class Ldap2QueryMethods extends string {
+      Ldap2QueryMethods() {
         this in ["search", "search_s", "search_st", "search_ext", "search_ext_s"]
       }
     }
@@ -52,7 +52,7 @@ private module LDAP {
     /** Gets a reference to a `ldap` query. */
     private DataFlow::Node ldapQuery() {
       result = ldapOperation() and
-      result.(DataFlow::AttrRead).getAttributeName() instanceof LDAP2QueryMethods
+      result.(DataFlow::AttrRead).getAttributeName() instanceof Ldap2QueryMethods
     }
 
     /**
@@ -60,8 +60,8 @@ private module LDAP {
      *
      * See `LDAP2QueryMethods`
      */
-    private class LDAP2Query extends DataFlow::CallCfgNode, LdapQuery::Range {
-      LDAP2Query() { this.getFunction() = ldapQuery() }
+    private class Ldap2Query extends DataFlow::CallCfgNode, LdapQuery::Range {
+      Ldap2Query() { this.getFunction() = ldapQuery() }
 
       override DataFlow::Node getQuery() {
         result in [this.getArg(0), this.getArg(2), this.getArgByName("filterstr")]
@@ -73,8 +73,8 @@ private module LDAP {
      *
      * See https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#functions
      */
-    private class LDAP2BindMethods extends string {
-      LDAP2BindMethods() {
+    private class Ldap2BindMethods extends string {
+      Ldap2BindMethods() {
         this in [
             "bind", "bind_s", "simple_bind", "simple_bind_s", "sasl_interactive_bind_s",
             "sasl_non_interactive_bind_s", "sasl_external_bind_s", "sasl_gssapi_bind_s"
@@ -85,12 +85,12 @@ private module LDAP {
     /** Gets a reference to a `ldap` bind. */
     private DataFlow::Node ldapBind() {
       result = ldapOperation() and
-      result.(DataFlow::AttrRead).getAttributeName() instanceof LDAP2BindMethods
+      result.(DataFlow::AttrRead).getAttributeName() instanceof Ldap2BindMethods
     }
 
     /**List of SSL-demanding options */
-    private class LDAPSSLOptions extends DataFlow::Node {
-      LDAPSSLOptions() {
+    private class LdapSslOptions extends DataFlow::Node {
+      LdapSslOptions() {
         this = ldap().getMember("OPT_X_TLS_" + ["DEMAND", "HARD"]).getAValueReachableFromSource()
       }
     }
@@ -100,8 +100,8 @@ private module LDAP {
      *
      * See `LDAP2BindMethods`
      */
-    private class LDAP2Bind extends DataFlow::CallCfgNode, LdapBind::Range {
-      LDAP2Bind() { this.getFunction() = ldapBind() }
+    private class Ldap2Bind extends DataFlow::CallCfgNode, LdapBind::Range {
+      Ldap2Bind() { this.getFunction() = ldapBind() }
 
       override DataFlow::Node getPassword() {
         result in [this.getArg(1), this.getArgByName("cred")]
@@ -115,11 +115,11 @@ private module LDAP {
         )
       }
 
-      override predicate useSSL() {
+      override predicate useSsl() {
         // use initialize to correlate `this` and so avoid FP in several instances
         exists(DataFlow::CallCfgNode initialize |
           // ldap.set_option(ldap.OPT_X_TLS_%s)
-          ldap().getMember("set_option").getACall().getArg(_) instanceof LDAPSSLOptions
+          ldap().getMember("set_option").getACall().getArg(_) instanceof LdapSslOptions
           or
           this.getFunction().(DataFlow::AttrRead).getObject().getALocalSource() = initialize and
           initialize = ldapInitialize().getACall() and
@@ -136,7 +136,7 @@ private module LDAP {
               setOption.getFunction().(DataFlow::AttrRead).getObject().getALocalSource() =
                 initialize and
               setOption.getFunction().(DataFlow::AttrRead).getAttributeName() = "set_option" and
-              setOption.getArg(0) instanceof LDAPSSLOptions and
+              setOption.getArg(0) instanceof LdapSslOptions and
               not DataFlow::exprNode(any(False falseExpr))
                   .(DataFlow::LocalSourceNode)
                   .flowsTo(setOption.getArg(1))
@@ -144,6 +144,9 @@ private module LDAP {
           )
         )
       }
+
+      /** DEPRECATED: Alias for useSsl */
+      deprecated override predicate useSSL() { this.useSsl() }
     }
 
     /**
@@ -151,8 +154,8 @@ private module LDAP {
      *
      * See https://github.com/python-ldap/python-ldap/blob/7ce471e238cdd9a4dd8d17baccd1c9e05e6f894a/Lib/ldap/dn.py#L17
      */
-    private class LDAP2EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range {
-      LDAP2EscapeDNCall() { this = ldap().getMember("dn").getMember("escape_dn_chars").getACall() }
+    private class Ldap2EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range {
+      Ldap2EscapeDNCall() { this = ldap().getMember("dn").getMember("escape_dn_chars").getACall() }
 
       override DataFlow::Node getAnInput() { result = this.getArg(0) }
     }
@@ -162,8 +165,8 @@ private module LDAP {
      *
      * See https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap-filter.html#ldap.filter.escape_filter_chars
      */
-    private class LDAP2EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range {
-      LDAP2EscapeFilterCall() {
+    private class Ldap2EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range {
+      Ldap2EscapeFilterCall() {
         this = ldap().getMember("filter").getMember("escape_filter_chars").getACall()
       }
 
@@ -176,7 +179,7 @@ private module LDAP {
    *
    * See https://pypi.org/project/ldap3/
    */
-  private module LDAP3 {
+  private module Ldap3 {
     /** Gets a reference to the `ldap3` module. */
     API::Node ldap3() { result = API::moduleImport("ldap3") }
 
@@ -192,8 +195,8 @@ private module LDAP {
     /**
      * A class to find `ldap3` methods executing a query.
      */
-    private class LDAP3Query extends DataFlow::CallCfgNode, LdapQuery::Range {
-      LDAP3Query() {
+    private class Ldap3Query extends DataFlow::CallCfgNode, LdapQuery::Range {
+      Ldap3Query() {
         this.getFunction().(DataFlow::AttrRead).getObject().getALocalSource() =
           ldap3Connection().getACall() and
         this.getFunction().(DataFlow::AttrRead).getAttributeName() = "search"
@@ -205,8 +208,8 @@ private module LDAP {
     /**
      * A class to find `ldap3` methods binding a connection.
      */
-    class LDAP3Bind extends DataFlow::CallCfgNode, LdapBind::Range {
-      LDAP3Bind() { this = ldap3Connection().getACall() }
+    class Ldap3Bind extends DataFlow::CallCfgNode, LdapBind::Range {
+      Ldap3Bind() { this = ldap3Connection().getACall() }
 
       override DataFlow::Node getPassword() {
         result in [this.getArg(2), this.getArgByName("password")]
@@ -220,7 +223,7 @@ private module LDAP {
         )
       }
 
-      override predicate useSSL() {
+      override predicate useSsl() {
         exists(DataFlow::CallCfgNode serverCall |
           serverCall = ldap3Server().getACall() and
           this.getArg(0).getALocalSource() = serverCall and
@@ -236,6 +239,9 @@ private module LDAP {
           startTLS.getObject().getALocalSource() = this
         )
       }
+
+      /** DEPRECATED: Alias for useSsl */
+      deprecated override predicate useSSL() { this.useSsl() }
     }
 
     /**
@@ -243,8 +249,8 @@ private module LDAP {
      *
      * See https://github.com/cannatag/ldap3/blob/4d33166f0869b929f59c6e6825a1b9505eb99967/ldap3/utils/dn.py#L390
      */
-    private class LDAP3EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range {
-      LDAP3EscapeDNCall() { this = ldap3Utils().getMember("dn").getMember("escape_rdn").getACall() }
+    private class Ldap3EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range {
+      Ldap3EscapeDNCall() { this = ldap3Utils().getMember("dn").getMember("escape_rdn").getACall() }
 
       override DataFlow::Node getAnInput() { result = this.getArg(0) }
     }
@@ -254,8 +260,8 @@ private module LDAP {
      *
      * See https://github.com/cannatag/ldap3/blob/4d33166f0869b929f59c6e6825a1b9505eb99967/ldap3/utils/conv.py#L91
      */
-    private class LDAP3EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range {
-      LDAP3EscapeFilterCall() {
+    private class Ldap3EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range {
+      Ldap3EscapeFilterCall() {
         this = ldap3Utils().getMember("conv").getMember("escape_filter_chars").getACall()
       }
 

python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll

@@ -122,7 +122,7 @@ class LdapInsecureAuthConfig extends TaintTracking::Configuration {
   }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(LdapBind ldapBind | not ldapBind.useSSL() and sink = ldapBind.getHost())
+    exists(LdapBind ldapBind | not ldapBind.useSsl() and sink = ldapBind.getHost())
   }
 }
 

python/ql/src/experimental/semmle/python/security/injection/XSLT.qll

@@ -11,12 +11,15 @@ import semmle.python.dataflow.TaintTracking
 import semmle.python.web.HttpRequest
 
 /** Models XSLT Injection related classes and functions */
-module XSLTInjection {
+module XsltInjection {
   /** Returns a class value which refers to `lxml.etree` */
   Value etree() { result = Value::named("lxml.etree") }
 
   /** A generic taint sink that is vulnerable to XSLT injection. */
-  abstract class XSLTInjectionSink extends TaintSink { }
+  abstract class XsltInjectionSink extends TaintSink { }
+
+  /** DEPRECATED: Alias for XsltInjectionSink */
+  deprecated class XSLTInjectionSink = XsltInjectionSink;
 
   /**
    * A kind of "taint", representing an untrusted XML string
@@ -73,10 +76,10 @@ module XSLTInjection {
    *    root = etree.XML("<xmlContent>")
    *    find_text = etree.XSLT("`sink`")
    */
-  private class EtreeXSLTArgument extends XSLTInjectionSink {
+  private class EtreeXsltArgument extends XsltInjectionSink {
     override string toString() { result = "lxml.etree.XSLT" }
 
-    EtreeXSLTArgument() {
+    EtreeXsltArgument() {
       exists(CallNode call | call.getFunction().(AttrNode).getObject("XSLT").pointsTo(etree()) |
         call.getArg(0) = this
       )
@@ -94,10 +97,10 @@ module XSLTInjection {
    *    tree = etree.parse(f)
    *    result_tree = tree.xslt(`sink`)
    */
-  private class ParseXSLTArgument extends XSLTInjectionSink {
+  private class ParseXsltArgument extends XsltInjectionSink {
     override string toString() { result = "lxml.etree.parse.xslt" }
 
-    ParseXSLTArgument() {
+    ParseXsltArgument() {
       exists(
         CallNode parseCall, CallNode xsltCall, ControlFlowNode obj, Variable var, AssignStmt assign
       |
@@ -113,3 +116,6 @@ module XSLTInjection {
     override predicate sinks(TaintKind kind) { kind instanceof ExternalXmlKind }
   }
 }
+
+/** DEPRECATED: Alias for XsltInjection */
+deprecated module XSLTInjection = XsltInjection;

python/ql/test/experimental/query-tests/Security/CWE-091/XsltSinks.ql

@@ -1,6 +1,6 @@
 import python
 import experimental.semmle.python.security.injection.XSLT
 
-from XSLTInjection::XSLTInjectionSink sink, TaintKind kind
+from XsltInjection::XsltInjectionSink sink, TaintKind kind
 where sink.sinks(kind)
 select sink, kind

ruby/ql/lib/codeql/ruby/Concepts.qll

@@ -714,7 +714,7 @@ module PersistentWriteAccess {
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `CSRFProtectionSetting::Range` instead.
  */
-class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSetting::Range {
+class CsrfProtectionSetting extends DataFlow::Node instanceof CsrfProtectionSetting::Range {
   /**
    * Gets the boolean value corresponding to if CSRF protection is enabled
    * (`true`) or disabled (`false`) by this node.
@@ -722,8 +722,11 @@ class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSett
   boolean getVerificationSetting() { result = super.getVerificationSetting() }
 }
 
+/** DEPRECATED: Alias for CsrfProtectionSetting */
+deprecated class CSRFProtectionSetting = CsrfProtectionSetting;
+
 /** Provides a class for modeling new CSRF protection setting APIs. */
-module CSRFProtectionSetting {
+module CsrfProtectionSetting {
   /**
    * A data-flow node that may set or unset Cross-site request forgery protection.
    *
@@ -739,6 +742,9 @@ module CSRFProtectionSetting {
   }
 }
 
+/** DEPRECATED: Alias for CsrfProtectionSetting */
+deprecated module CSRFProtectionSetting = CsrfProtectionSetting;
+
 /** Provides classes for modeling path-related APIs. */
 module Path {
   /**