Merge pull request #10096 from erik-krogh/acronyms-part1

make acronyms camelcase
2025-12-20 10:46:30 +01:00 · 2022-08-24 09:33:53 +02:00
parent 18ed9ed2ee 82a5b7838c
commit 4df2e5d937
108 changed files with 779 additions and 491 deletions
--- a/cpp/ql/lib/change-notes/2022-08-22-xml-rename.md
+++ b/cpp/ql/lib/change-notes/2022-08-22-xml-rename.md
@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
  The old name still exists as a deprecated alias.
--- a/cpp/ql/lib/semmle/code/cpp/XML.qll
+++ b/cpp/ql/lib/semmle/code/cpp/XML.qll
@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
  XmlElement getARootElement() { result = this.getAChild() }

  /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }

 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
 * <!ELEMENT lastName (#PCDATA)>
 * ```
 */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
  /** Gets the name of the root element of this DTD. */
  string getRoot() { xmlDTDs(this, result, _, _, _) }

@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
  }
 }

-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;

 /**
 * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
  string getPrefix() { xmlNs(this, result, _, _) }

  /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }

  /** Holds if this namespace has no prefix. */
  predicate isDefault() { this.getPrefix() = "" }

  override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
    or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
  }
 }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll
@@ -3,7 +3,7 @@ import semmle.code.cpp.ir.internal.Overlap
 private import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 private import semmle.code.cpp.Print
 private import semmle.code.cpp.ir.implementation.unaliased_ssa.IR
-private import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as OldSSA
+private import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as OldSsa
 private import semmle.code.cpp.ir.internal.IntegerConstant as Ints
 private import semmle.code.cpp.ir.internal.IntegerInterval as Interval
 private import semmle.code.cpp.ir.implementation.internal.OperandTag
@@ -572,7 +572,7 @@ private Overlap getVariableMemoryLocationOverlap(
 * Holds if the def/use information for the result of `instr` can be reused from the previous
 * iteration of the IR.
 */
-predicate canReuseSsaForOldResult(Instruction instr) { OldSSA::canReuseSsaForMemoryResult(instr) }
+predicate canReuseSsaForOldResult(Instruction instr) { OldSsa::canReuseSsaForMemoryResult(instr) }

 /** DEPRECATED: Alias for canReuseSsaForOldResult */
 deprecated predicate canReuseSSAForOldResult = canReuseSsaForOldResult/1;
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll
@@ -5,8 +5,8 @@ private import Imports::OperandTag
 private import Imports::Overlap
 private import Imports::TInstruction
 private import Imports::RawIR as RawIR
-private import SSAInstructions
-private import SSAOperands
+private import SsaInstructions
+private import SsaOperands
 private import NewIR

 private class OldBlock = Reachability::ReachableBlock;
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionInternal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionInternal.qll
@@ -2,7 +2,14 @@ import semmle.code.cpp.ir.implementation.unaliased_ssa.IR as OldIR
 import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.reachability.ReachableBlock as Reachability
 import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.reachability.Dominance as Dominance
 import semmle.code.cpp.ir.implementation.aliased_ssa.IR as NewIR
-import semmle.code.cpp.ir.implementation.internal.TInstruction::AliasedSsaInstructions as SSAInstructions
+import semmle.code.cpp.ir.implementation.internal.TInstruction::AliasedSsaInstructions as SsaInstructions
+
+/** DEPRECATED: Alias for SsaInstructions */
+deprecated module SSAInstructions = SsaInstructions;
+
 import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 import AliasedSSA as Alias
-import semmle.code.cpp.ir.implementation.internal.TOperand::AliasedSsaOperands as SSAOperands
+import semmle.code.cpp.ir.implementation.internal.TOperand::AliasedSsaOperands as SsaOperands
+
+/** DEPRECATED: Alias for SsaOperands */
+deprecated module SSAOperands = SsaOperands;
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll
@@ -29,15 +29,15 @@ newtype TInstruction =
    UnaliasedSsa::SSA::hasUnreachedInstruction(irFunc)
  } or
  TAliasedSsaPhiInstruction(
-    TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation
+    TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation
  ) {
-    AliasedSSA::SSA::hasPhiInstruction(blockStartInstr, memoryLocation)
+    AliasedSsa::SSA::hasPhiInstruction(blockStartInstr, memoryLocation)
  } or
  TAliasedSsaChiInstruction(TRawInstruction primaryInstruction) {
-    AliasedSSA::SSA::hasChiInstruction(primaryInstruction)
+    AliasedSsa::SSA::hasChiInstruction(primaryInstruction)
  } or
  TAliasedSsaUnreachedInstruction(IRFunctionBase irFunc) {
-    AliasedSSA::SSA::hasUnreachedInstruction(irFunc)
+    AliasedSsa::SSA::hasUnreachedInstruction(irFunc)
  }

 /**
@@ -83,7 +83,7 @@ module AliasedSsaInstructions {
  class TPhiInstruction = TAliasedSsaPhiInstruction or TUnaliasedSsaPhiInstruction;

  TPhiInstruction phiInstruction(
-    TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation
+    TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation
  ) {
    result = TAliasedSsaPhiInstruction(blockStartInstr, memoryLocation)
  }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstructionInternal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstructionInternal.qll
@@ -1,4 +1,7 @@
 import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as IRConstruction
 import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as UnaliasedSsa
-import semmle.code.cpp.ir.implementation.aliased_ssa.internal.SSAConstruction as AliasedSSA
+import semmle.code.cpp.ir.implementation.aliased_ssa.internal.SSAConstruction as AliasedSsa
+
+/** DEPRECATED: Alias for AliasedSsa */
+deprecated module AliasedSSA = AliasedSsa;
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
@@ -5,8 +5,8 @@ private import Imports::OperandTag
 private import Imports::Overlap
 private import Imports::TInstruction
 private import Imports::RawIR as RawIR
-private import SSAInstructions
-private import SSAOperands
+private import SsaInstructions
+private import SsaOperands
 private import NewIR

 private class OldBlock = Reachability::ReachableBlock;
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll
@@ -3,7 +3,14 @@ import semmle.code.cpp.ir.implementation.raw.internal.reachability.ReachableBloc
 import semmle.code.cpp.ir.implementation.raw.internal.reachability.Dominance as Dominance
 import semmle.code.cpp.ir.implementation.unaliased_ssa.IR as NewIR
 import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as RawStage
-import semmle.code.cpp.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SSAInstructions
+import semmle.code.cpp.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SsaInstructions
+
+/** DEPRECATED: Alias for SsaInstructions */
+deprecated module SSAInstructions = SsaInstructions;
+
 import semmle.code.cpp.ir.internal.IRCppLanguage as Language
 import SimpleSSA as Alias
-import semmle.code.cpp.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SSAOperands
+import semmle.code.cpp.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SsaOperands
+
+/** DEPRECATED: Alias for SsaOperands */
+deprecated module SSAOperands = SsaOperands;
--- a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll
+++ b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll
@@ -21,7 +21,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;

+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
  TExternalApiParameter(Function f, int index) {
    exists(UntrustedExternalApiDataNode n |
      f = n.getExternalFunction() and
--- a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll
+++ b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll
@@ -21,7 +21,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;

+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
  TExternalApiParameter(Function f, int index) {
    exists(UntrustedExternalApiDataNode n |
      f = n.getExternalFunction() and
--- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql
@@ -17,8 +17,8 @@ import semmle.code.cpp.dataflow.DataFlow
 /**
 * A call to `SSL_get_verify_result`.
 */
-class SSLGetVerifyResultCall extends FunctionCall {
-  SSLGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" }
+class SslGetVerifyResultCall extends FunctionCall {
+  SslGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" }
 }

 /**
@@ -29,7 +29,7 @@ class VerifyResultConfig extends DataFlow::Configuration {
  VerifyResultConfig() { this = "VerifyResultConfig" }

  override predicate isSource(DataFlow::Node source) {
-    source.asExpr() instanceof SSLGetVerifyResultCall
+    source.asExpr() instanceof SslGetVerifyResultCall
  }

  override predicate isSink(DataFlow::Node sink) {
--- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
+++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
@@ -17,33 +17,33 @@ import semmle.code.cpp.controlflow.IRGuards
 /**
 * A call to `SSL_get_peer_certificate`.
 */
-class SSLGetPeerCertificateCall extends FunctionCall {
-  SSLGetPeerCertificateCall() {
+class SslGetPeerCertificateCall extends FunctionCall {
+  SslGetPeerCertificateCall() {
    getTarget().getName() = "SSL_get_peer_certificate" // SSL_get_peer_certificate(ssl)
  }

-  Expr getSSLArgument() { result = getArgument(0) }
+  Expr getSslArgument() { result = getArgument(0) }
 }

 /**
 * A call to `SSL_get_verify_result`.
 */
-class SSLGetVerifyResultCall extends FunctionCall {
-  SSLGetVerifyResultCall() {
+class SslGetVerifyResultCall extends FunctionCall {
+  SslGetVerifyResultCall() {
    getTarget().getName() = "SSL_get_verify_result" // SSL_get_peer_certificate(ssl)
  }

-  Expr getSSLArgument() { result = getArgument(0) }
+  Expr getSslArgument() { result = getArgument(0) }
 }

 /**
 * Holds if the SSL object passed into `SSL_get_peer_certificate` is checked with
 * `SSL_get_verify_result` entering `node`.
 */
-predicate resultIsChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode node) {
-  exists(Expr ssl, SSLGetVerifyResultCall check |
-    ssl = globalValueNumber(getCertCall.getSSLArgument()).getAnExpr() and
-    ssl = check.getSSLArgument() and
+predicate resultIsChecked(SslGetPeerCertificateCall getCertCall, ControlFlowNode node) {
+  exists(Expr ssl, SslGetVerifyResultCall check |
+    ssl = globalValueNumber(getCertCall.getSslArgument()).getAnExpr() and
+    ssl = check.getSslArgument() and
    node = check
  )
 }
@@ -53,7 +53,7 @@ predicate resultIsChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode
 * `0` on the edge `node1` to `node2`.
 */
 predicate certIsZero(
-  SSLGetPeerCertificateCall getCertCall, ControlFlowNode node1, ControlFlowNode node2
+  SslGetPeerCertificateCall getCertCall, ControlFlowNode node1, ControlFlowNode node2
 ) {
  exists(Expr cert | cert = globalValueNumber(getCertCall).getAnExpr() |
    exists(GuardCondition guard, Expr zero |
@@ -87,7 +87,7 @@ predicate certIsZero(
 * `SSL_get_verify_result` at `node`. Note that this is only computed at the call to
 * `SSL_get_peer_certificate` and at the start and end of `BasicBlock`s.
 */
-predicate certNotChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode node) {
+predicate certNotChecked(SslGetPeerCertificateCall getCertCall, ControlFlowNode node) {
  // cert is not checked at the call to `SSL_get_peer_certificate`
  node = getCertCall
  or
@@ -112,7 +112,7 @@ predicate certNotChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode
  )
 }

-from SSLGetPeerCertificateCall getCertCall, ControlFlowNode node
+from SslGetPeerCertificateCall getCertCall, ControlFlowNode node
 where
  certNotChecked(getCertCall, node) and
  node instanceof Function // (function exit)
--- a/cpp/ql/src/Security/CWE/CWE-497/SystemData.qll
+++ b/cpp/ql/src/Security/CWE/CWE-497/SystemData.qll
@@ -47,14 +47,17 @@ class EnvData extends SystemData {
 /**
 * Data originating from a call to `mysql_get_client_info()`.
 */
-class SQLClientInfo extends SystemData {
-  SQLClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") }
+class SqlClientInfo extends SystemData {
+  SqlClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") }

  override DataFlow::Node getAnExpr() { result.asConvertedExpr() = this }

  override predicate isSensitive() { any() }
 }

+/** DEPRECATED: Alias for SqlClientInfo */
+deprecated class SQLClientInfo = SqlClientInfo;
+
 private predicate sqlConnectInfo(FunctionCall source, Expr use) {
  (
    source.getTarget().hasName("mysql_connect") or
@@ -66,14 +69,17 @@ private predicate sqlConnectInfo(FunctionCall source, Expr use) {
 /**
 * Data passed into an SQL connect function.
 */
-class SQLConnectInfo extends SystemData {
-  SQLConnectInfo() { sqlConnectInfo(this, _) }
+class SqlConnectInfo extends SystemData {
+  SqlConnectInfo() { sqlConnectInfo(this, _) }

  override DataFlow::Node getAnExpr() { sqlConnectInfo(this, result.asConvertedExpr()) }

  override predicate isSensitive() { any() }
 }

+/** DEPRECATED: Alias for SqlConnectInfo */
+deprecated class SQLConnectInfo = SqlConnectInfo;
+
 private predicate posixSystemInfo(FunctionCall source, DataFlow::Node use) {
  // size_t confstr(int name, char *buf, size_t len)
  //  - various OS / system strings, such as the libc version
--- a/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll
+++ b/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll
@@ -13,7 +13,7 @@

 import cpp
 private import semmle.code.cpp.ir.dataflow.DataFlow::DataFlow as IRDataFlow
-private import semmle.code.cpp.dataflow.DataFlow::DataFlow as ASTDataFlow
+private import semmle.code.cpp.dataflow.DataFlow::DataFlow as AstDataFlow
 import TestUtilities.InlineExpectationsTest

 class IRFlowTest extends InlineExpectationsTest {
@@ -49,11 +49,11 @@ class AstFlowTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    exists(
-      ASTDataFlow::Node source, ASTDataFlow::Node sink, ASTDataFlow::Configuration conf, int n
+      AstDataFlow::Node source, AstDataFlow::Node sink, AstDataFlow::Configuration conf, int n
    |
      tag = "ast" and
      conf.hasFlow(source, sink) and
-      n = strictcount(ASTDataFlow::Node otherSource | conf.hasFlow(otherSource, sink)) and
+      n = strictcount(AstDataFlow::Node otherSource | conf.hasFlow(otherSource, sink)) and
      (
        n = 1 and value = ""
        or
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql
+++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql
@@ -4,7 +4,7 @@
 */

 import cpp
-import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking
+import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking
 import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking
 import IRDefaultTaintTracking::TaintedWithPath as TaintedWithPath
 import TaintedWithPath::Private
@@ -17,7 +17,7 @@ predicate isSinkArgument(Element sink) {
  )
 }

-predicate astTaint(Expr source, Element sink) { ASTTaintTracking::tainted(source, sink) }
+predicate astTaint(Expr source, Element sink) { AstTaintTracking::tainted(source, sink) }

 class SourceConfiguration extends TaintedWithPath::TaintTrackingConfiguration {
  override predicate isSink(Element e) { isSinkArgument(e) }
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql
+++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql
@@ -5,7 +5,7 @@
 */

 import cpp
-import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking
+import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking
 import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking
 import IRDefaultTaintTracking::TaintedWithPath as TaintedWithPath
 import TestUtilities.InlineExpectationsTest
@@ -18,7 +18,7 @@ predicate argToSinkCall(Element sink) {
 }

 predicate astTaint(Expr source, Element sink) {
-  ASTTaintTracking::tainted(source, sink) and argToSinkCall(sink)
+  AstTaintTracking::tainted(source, sink) and argToSinkCall(sink)
 }

 class SourceConfiguration extends TaintedWithPath::TaintTrackingConfiguration {
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql
+++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql
@@ -1,11 +1,11 @@
 import cpp
 import semmle.code.cpp.security.Security
-import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking
+import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking
 import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking
 import TestUtilities.InlineExpectationsTest

 predicate astTaint(Expr source, Element sink, string globalVar) {
-  ASTTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != ""
+  AstTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != ""
 }

 predicate irTaint(Expr source, Element sink, string globalVar) {
--- a/csharp/ql/lib/change-notes/2022-08-22-xml-rename.md
+++ b/csharp/ql/lib/change-notes/2022-08-22-xml-rename.md
@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
  The old name still exists as a deprecated alias.
--- a/csharp/ql/lib/semmle/code/asp/WebConfig.qll
+++ b/csharp/ql/lib/semmle/code/asp/WebConfig.qll
@@ -94,14 +94,20 @@ class FormsElement extends XmlElement {
  /**
   * Gets attribute's `requireSSL` value.
   */
-  string getRequireSSL() {
+  string getRequireSsl() {
    result = this.getAttribute("requireSSL").getValue().trim().toLowerCase()
  }

+  /** DEPRECATED: Alias for getRequireSsl */
+  deprecated string getRequireSSL() { result = this.getRequireSsl() }
+
  /**
   * Holds if `requireSSL` value is true.
   */
-  predicate isRequireSSL() { this.getRequireSSL() = "true" }
+  predicate isRequireSsl() { this.getRequireSsl() = "true" }
+
+  /** DEPRECATED: Alias for isRequireSsl */
+  deprecated predicate isRequireSSL() { this.isRequireSsl() }
 }

 /** A `<httpCookies>` tag in an ASP.NET configuration file. */
@@ -123,17 +129,23 @@ class HttpCookiesElement extends XmlElement {
  /**
   * Gets attribute's `requireSSL` value.
   */
-  string getRequireSSL() {
+  string getRequireSsl() {
    result = this.getAttribute("requireSSL").getValue().trim().toLowerCase()
  }

+  /** DEPRECATED: Alias for getRequireSsl */
+  deprecated string getRequireSSL() { result = this.getRequireSsl() }
+
  /**
   * Holds if there is any chance that `requireSSL` is set to `true` either globally or for Forms.
   */
-  predicate isRequireSSL() {
-    this.getRequireSSL() = "true"
+  predicate isRequireSsl() {
+    this.getRequireSsl() = "true"
    or
-    not this.getRequireSSL() = "false" and // not set all, i.e. default
-    exists(FormsElement forms | forms.getFile() = this.getFile() | forms.isRequireSSL())
+    not this.getRequireSsl() = "false" and // not set all, i.e. default
+    exists(FormsElement forms | forms.getFile() = this.getFile() | forms.isRequireSsl())
  }
+
+  /** DEPRECATED: Alias for isRequireSsl */
+  deprecated predicate isRequireSSL() { this.isRequireSsl() }
 }
--- a/csharp/ql/lib/semmle/code/csharp/XML.qll
+++ b/csharp/ql/lib/semmle/code/csharp/XML.qll
@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
  XmlElement getARootElement() { result = this.getAChild() }

  /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }

 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
 * <!ELEMENT lastName (#PCDATA)>
 * ```
 */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
  /** Gets the name of the root element of this DTD. */
  string getRoot() { xmlDTDs(this, result, _, _, _) }

@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
  }
 }

-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;

 /**
 * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
  string getPrefix() { xmlNs(this, result, _, _) }

  /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }

  /** Holds if this namespace has no prefix. */
  predicate isDefault() { this.getPrefix() = "" }

  override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
    or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
  }
 }

--- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll
@@ -119,10 +119,13 @@ class MicrosoftOwinIOwinRequestClass extends Class {
  }

  /** Gets the `URI` property. */
-  Property getURIProperty() {
+  Property getUriProperty() {
    result = this.getAProperty() and
    result.hasName("URI")
  }
+
+  /** DEPRECATED: Alias for getUriProperty */
+  deprecated Property getURIProperty() { result = this.getUriProperty() }
 }

 /** A `Microsoft.Owin.*String` class. */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
@@ -102,7 +102,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;

+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
  TExternalApiParameter(Callable m, int index) {
    exists(UntrustedExternalApiDataNode n |
      m = n.getCallable().getUnboundDeclaration() and
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll
@@ -146,7 +146,7 @@ class MicrosoftOwinRequestRemoteFlowSource extends RemoteFlowSource, DataFlow::E
      p = owinRequest.getQueryStringProperty() or
      p = owinRequest.getRemoteIpAddressProperty() or
      p = owinRequest.getSchemeProperty() or
-      p = owinRequest.getURIProperty()
+      p = owinRequest.getUriProperty()
    )
  }

--- a/Features/CWE-614/RequireSSL.ql
+++ b/Features/CWE-614/RequireSSL.ql
@@ -22,9 +22,9 @@ import semmle.code.csharp.frameworks.system.Web
 from XmlElement element
 where
  element instanceof FormsElement and
-  not element.(FormsElement).isRequireSSL()
+  not element.(FormsElement).isRequireSsl()
  or
  element instanceof HttpCookiesElement and
-  not element.(HttpCookiesElement).isRequireSSL() and
+  not element.(HttpCookiesElement).isRequireSsl() and
  not any(SystemWebHttpCookie c).getSecureProperty().getAnAssignedValue().getValue() = "true"
 select element, "The 'requireSSL' attribute is not set to 'true'."
--- a/Features/CWE-614/CookieWithoutSecure.ql
+++ b/Features/CWE-614/CookieWithoutSecure.ql
@@ -66,10 +66,10 @@ where
        // the `exists` below covers the `cs/web/requiressl-not-set`
        not exists(XmlElement element |
          element instanceof FormsElement and
-          element.(FormsElement).isRequireSSL()
+          element.(FormsElement).isRequireSsl()
          or
          element instanceof HttpCookiesElement and
-          element.(HttpCookiesElement).isRequireSSL()
+          element.(HttpCookiesElement).isRequireSsl()
        )
      )
    )
--- a/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll
+++ b/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll
@@ -29,15 +29,15 @@ newtype TInstruction =
    UnaliasedSsa::SSA::hasUnreachedInstruction(irFunc)
  } or
  TAliasedSsaPhiInstruction(
-    TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation
+    TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation
  ) {
-    AliasedSSA::SSA::hasPhiInstruction(blockStartInstr, memoryLocation)
+    AliasedSsa::SSA::hasPhiInstruction(blockStartInstr, memoryLocation)
  } or
  TAliasedSsaChiInstruction(TRawInstruction primaryInstruction) {
-    AliasedSSA::SSA::hasChiInstruction(primaryInstruction)
+    AliasedSsa::SSA::hasChiInstruction(primaryInstruction)
  } or
  TAliasedSsaUnreachedInstruction(IRFunctionBase irFunc) {
-    AliasedSSA::SSA::hasUnreachedInstruction(irFunc)
+    AliasedSsa::SSA::hasUnreachedInstruction(irFunc)
  }

 /**
@@ -83,7 +83,7 @@ module AliasedSsaInstructions {
  class TPhiInstruction = TAliasedSsaPhiInstruction or TUnaliasedSsaPhiInstruction;

  TPhiInstruction phiInstruction(
-    TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation
+    TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation
  ) {
    result = TAliasedSsaPhiInstruction(blockStartInstr, memoryLocation)
  }
--- a/csharp/ql/src/experimental/ir/implementation/internal/TInstructionInternal.qll
+++ b/csharp/ql/src/experimental/ir/implementation/internal/TInstructionInternal.qll
@@ -1,4 +1,7 @@
 import experimental.ir.internal.IRCSharpLanguage as Language
 import experimental.ir.implementation.raw.internal.IRConstruction as IRConstruction
 import experimental.ir.implementation.unaliased_ssa.internal.SSAConstruction as UnaliasedSsa
-import AliasedSSAStub as AliasedSSA
+import AliasedSSAStub as AliasedSsa
+
+/** DEPRECATED: Alias for AliasedSsa */
+deprecated module AliasedSSA = AliasedSsa;
--- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
+++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
@@ -5,8 +5,8 @@ private import Imports::OperandTag
 private import Imports::Overlap
 private import Imports::TInstruction
 private import Imports::RawIR as RawIR
-private import SSAInstructions
-private import SSAOperands
+private import SsaInstructions
+private import SsaOperands
 private import NewIR

 private class OldBlock = Reachability::ReachableBlock;
--- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll
+++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll
@@ -3,7 +3,14 @@ import experimental.ir.implementation.raw.internal.reachability.ReachableBlock a
 import experimental.ir.implementation.raw.internal.reachability.Dominance as Dominance
 import experimental.ir.implementation.unaliased_ssa.IR as NewIR
 import experimental.ir.implementation.raw.internal.IRConstruction as RawStage
-import experimental.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SSAInstructions
+import experimental.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SsaInstructions
+
+/** DEPRECATED: Alias for SsaInstructions */
+deprecated module SSAInstructions = SsaInstructions;
+
 import experimental.ir.internal.IRCSharpLanguage as Language
 import SimpleSSA as Alias
-import experimental.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SSAOperands
+import experimental.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SsaOperands
+
+/** DEPRECATED: Alias for SsaOperands */
+deprecated module SSAOperands = SsaOperands;
--- a/go/ql/lib/semmle/go/frameworks/Couchbase.qll
+++ b/go/ql/lib/semmle/go/frameworks/Couchbase.qll
@@ -62,7 +62,7 @@ module Couchbase {
   * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
   * the official Couchbase Go library, gocb.
   */
-  private class CouchbaseV1Query extends NoSQL::Query::Range {
+  private class CouchbaseV1Query extends NoSql::Query::Range {
    CouchbaseV1Query() {
      // func (b *Bucket) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
      // func (b *Bucket) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
@@ -81,7 +81,7 @@ module Couchbase {
   * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
   * the official Couchbase Go library, gocb.
   */
-  private class CouchbaseV2Query extends NoSQL::Query::Range {
+  private class CouchbaseV2Query extends NoSql::Query::Range {
    CouchbaseV2Query() {
      // func (c *Cluster) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
      // func (c *Cluster) Query(statement string, opts *QueryOptions) (*QueryResult, error)
--- a/go/ql/lib/semmle/go/frameworks/K8sIoApimachineryPkgRuntime.qll
+++ b/go/ql/lib/semmle/go/frameworks/K8sIoApimachineryPkgRuntime.qll
@@ -43,8 +43,8 @@ module K8sIoApimachineryPkgRuntime {
    }
  }

-  private class DeepCopyJSON extends TaintTracking::FunctionModel {
-    DeepCopyJSON() { this.hasQualifiedName(packagePath(), ["DeepCopyJSON", "DeepCopyJSONValue"]) }
+  private class DeepCopyJson extends TaintTracking::FunctionModel {
+    DeepCopyJson() { this.hasQualifiedName(packagePath(), ["DeepCopyJSON", "DeepCopyJSONValue"]) }

    override predicate hasTaintFlow(DataFlow::FunctionInput inp, DataFlow::FunctionOutput outp) {
      inp.isParameter(0) and outp.isResult()
--- a/go/ql/lib/semmle/go/frameworks/NoSQL.qll
+++ b/go/ql/lib/semmle/go/frameworks/NoSQL.qll
@@ -4,8 +4,8 @@

 import go

-/** Provides classes for working with NoSQL-related APIs. */
-module NoSQL {
+/** Provides classes for working with NoSql-related APIs. */
+module NoSql {
  /**
   * A data-flow node whose value is interpreted as (part of) a NoSQL query.
   *
@@ -18,7 +18,7 @@ module NoSQL {
    Query() { this = self }
  }

-  /** Provides classes for working with NoSQL queries. */
+  /** Provides classes for working with NoSql queries. */
  module Query {
    /**
     * A data-flow node whose value is interpreted as (part of) a NoSQL query.
@@ -119,3 +119,6 @@ module NoSQL {
    )
  }
 }
+
+/** DEPRECATED: Alias for NoSql */
+deprecated module NoSQL = NoSql;
--- a/go/ql/lib/semmle/go/frameworks/Stdlib.qll
+++ b/go/ql/lib/semmle/go/frameworks/Stdlib.qll
@@ -69,9 +69,9 @@ import semmle.go.frameworks.stdlib.TextTemplate
 /** A `String()` method. */
 class StringMethod extends TaintTracking::FunctionModel, Method {
  StringMethod() {
-    getName() = "String" and
-    getNumParameter() = 0 and
-    getResultType(0) = Builtin::string_().getType()
+    this.getName() = "String" and
+    this.getNumParameter() = 0 and
+    this.getResultType(0) = Builtin::string_().getType()
  }

  override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
@@ -132,7 +132,8 @@ module URL {
  /** The `PathEscape` or `QueryEscape` function. */
  class Escaper extends TaintTracking::FunctionModel {
    Escaper() {
-      hasQualifiedName("net/url", "PathEscape") or hasQualifiedName("net/url", "QueryEscape")
+      this.hasQualifiedName("net/url", "PathEscape") or
+      this.hasQualifiedName("net/url", "QueryEscape")
    }

    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
@@ -143,7 +144,8 @@ module URL {
  /** The `PathUnescape` or `QueryUnescape` function. */
  class Unescaper extends TaintTracking::FunctionModel {
    Unescaper() {
-      hasQualifiedName("net/url", "PathUnescape") or hasQualifiedName("net/url", "QueryUnescape")
+      this.hasQualifiedName("net/url", "PathUnescape") or
+      this.hasQualifiedName("net/url", "QueryUnescape")
    }

    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
@@ -154,10 +156,10 @@ module URL {
  /** The `Parse`, `ParseQuery` or `ParseRequestURI` function, or the `URL.Parse` method. */
  class Parser extends TaintTracking::FunctionModel {
    Parser() {
-      hasQualifiedName("net/url", "Parse") or
+      this.hasQualifiedName("net/url", "Parse") or
      this.(Method).hasQualifiedName("net/url", "URL", "Parse") or
-      hasQualifiedName("net/url", "ParseQuery") or
-      hasQualifiedName("net/url", "ParseRequestURI")
+      this.hasQualifiedName("net/url", "ParseQuery") or
+      this.hasQualifiedName("net/url", "ParseRequestURI")
    }

    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
@@ -192,7 +194,7 @@ module URL {
  /** A method that returns a part of a URL. */
  class UrlGetter extends TaintTracking::FunctionModel, Method {
    UrlGetter() {
-      exists(string m | hasQualifiedName("net/url", "URL", m) |
+      exists(string m | this.hasQualifiedName("net/url", "URL", m) |
        m = ["EscapedPath", "Hostname", "Port", "Query", "RequestURI"]
      )
    }
@@ -204,7 +206,7 @@ module URL {

  /** The method `URL.MarshalBinary`. */
  class UrlMarshalBinary extends TaintTracking::FunctionModel, Method {
-    UrlMarshalBinary() { hasQualifiedName("net/url", "URL", "MarshalBinary") }
+    UrlMarshalBinary() { this.hasQualifiedName("net/url", "URL", "MarshalBinary") }

    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
      inp.isReceiver() and outp.isResult(0)
@@ -213,7 +215,7 @@ module URL {

  /** The method `URL.ResolveReference`. */
  class UrlResolveReference extends TaintTracking::FunctionModel, Method {
-    UrlResolveReference() { hasQualifiedName("net/url", "URL", "ResolveReference") }
+    UrlResolveReference() { this.hasQualifiedName("net/url", "URL", "ResolveReference") }

    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
      (inp.isReceiver() or inp.isParameter(0)) and
@@ -224,8 +226,8 @@ module URL {
  /** The function `User` or `UserPassword`. */
  class UserinfoConstructor extends TaintTracking::FunctionModel {
    UserinfoConstructor() {
-      hasQualifiedName("net/url", "User") or
-      hasQualifiedName("net/url", "UserPassword")
+      this.hasQualifiedName("net/url", "User") or
+      this.hasQualifiedName("net/url", "UserPassword")
    }

    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
@@ -236,7 +238,7 @@ module URL {
  /** A method that returns a part of a Userinfo struct. */
  class UserinfoGetter extends TaintTracking::FunctionModel, Method {
    UserinfoGetter() {
-      exists(string m | hasQualifiedName("net/url", "Userinfo", m) |
+      exists(string m | this.hasQualifiedName("net/url", "Userinfo", m) |
        m = "Password" or
        m = "Username"
      )
@@ -250,7 +252,7 @@ module URL {
  /** A method that returns all or part of a Values map. */
  class ValuesGetter extends TaintTracking::FunctionModel, Method {
    ValuesGetter() {
-      exists(string m | hasQualifiedName("net/url", "Values", m) |
+      exists(string m | this.hasQualifiedName("net/url", "Values", m) |
        m = "Encode" or
        m = "Get"
      )
--- a/go/ql/lib/semmle/go/frameworks/WebSocket.qll
+++ b/go/ql/lib/semmle/go/frameworks/WebSocket.qll
@@ -288,8 +288,8 @@ module WebSocketReader {
  /**
   * The `ServerWebSocket.MessageReceiveJSON` method of the `github.com/revel/revel` package.
   */
-  private class RevelServerWebSocketMessageReceiveJSON extends Range, Method {
-    RevelServerWebSocketMessageReceiveJSON() {
+  private class RevelServerWebSocketMessageReceiveJson extends Range, Method {
+    RevelServerWebSocketMessageReceiveJson() {
      // func MessageReceiveJSON(v interface{}) error
      this.hasQualifiedName(Revel::packagePath(), "ServerWebSocket", "MessageReceiveJSON")
    }
--- a/go/ql/lib/semmle/go/security/ExternalAPIs.qll
+++ b/go/ql/lib/semmle/go/security/ExternalAPIs.qll
@@ -14,15 +14,18 @@ private import Logrus
 /**
 * A `Function` that is considered a "safe" external API from a security perspective.
 */
-abstract class SafeExternalAPIFunction extends Function { }
+abstract class SafeExternalApiFunction extends Function { }
+
+/** DEPRECATED: Alias for SafeExternalApiFunction */
+deprecated class SafeExternalAPIFunction = SafeExternalApiFunction;

 private predicate isDefaultSafePackage(Package package) {
  package.getPath() in ["time", "unicode/utf8", package("gopkg.in/go-playground/validator", "")]
 }

 /** The default set of "safe" external APIs. */
-private class DefaultSafeExternalAPIFunction extends SafeExternalAPIFunction {
-  DefaultSafeExternalAPIFunction() {
+private class DefaultSafeExternalApiFunction extends SafeExternalApiFunction {
+  DefaultSafeExternalApiFunction() {
    this instanceof BuiltinFunction or
    isDefaultSafePackage(this.getPackage()) or
    this.hasQualifiedName(package("gopkg.in/square/go-jose", "jwt"), "ParseSigned") or
@@ -52,11 +55,11 @@ private predicate isProbableLocalFunctionPointer(DataFlow::CallNode callNode) {
 }

 /** A node representing data being passed to an external API. */
-class ExternalAPIDataNode extends DataFlow::Node {
+class ExternalApiDataNode extends DataFlow::Node {
  DataFlow::CallNode call;
  int i;

-  ExternalAPIDataNode() {
+  ExternalApiDataNode() {
    (
      // Argument to call to a function
      this = call.getArgument(i)
@@ -74,7 +77,7 @@ class ExternalAPIDataNode extends DataFlow::Node {
    // Not already modeled as a taint step
    not exists(DataFlow::Node next | TaintTracking::localTaintStep(this, next)) and
    // Not a call to a known safe external API
-    not call.getTarget() instanceof SafeExternalAPIFunction
+    not call.getTarget() instanceof SafeExternalApiFunction
  }

  /** Gets the called API `Function`. */
@@ -102,6 +105,9 @@ class ExternalAPIDataNode extends DataFlow::Node {
  }
 }

+/** DEPRECATED: Alias for ExternalApiDataNode */
+deprecated class ExternalAPIDataNode = ExternalApiDataNode;
+
 /** Gets the name of a method in package `p` which has a function model. */
 TaintTracking::FunctionModel getAMethodModelInPackage(Package p) {
  p = result.getPackage() and
@@ -140,8 +146,8 @@ predicate isACommonSink(DataFlow::Node n) {
 }

 /** A node representing data being passed to an unknown external API. */
-class UnknownExternalAPIDataNode extends ExternalAPIDataNode {
-  UnknownExternalAPIDataNode() {
+class UnknownExternalApiDataNode extends ExternalApiDataNode {
+  UnknownExternalApiDataNode() {
    // Not a sink for a commonly-used query
    not isACommonSink(this) and
    // Not in a package that has some functions modeled
@@ -149,47 +155,61 @@ class UnknownExternalAPIDataNode extends ExternalAPIDataNode {
  }
 }

-/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalAPIDataNode`s. */
-class UntrustedDataToExternalAPIConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalAPIConfig() { this = "UntrustedDataToExternalAPIConfig" }
+/** DEPRECATED: Alias for UnknownExternalApiDataNode */
+deprecated class UnknownExternalAPIDataNode = UnknownExternalApiDataNode;
+
+/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
+class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
+  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }

  override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }

-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalAPIDataNode }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }

-/** A configuration for tracking flow from `RemoteFlowSource`s to `UnknownExternalAPIDataNode`s. */
-class UntrustedDataToUnknownExternalAPIConfig extends TaintTracking::Configuration {
-  UntrustedDataToUnknownExternalAPIConfig() { this = "UntrustedDataToUnknownExternalAPIConfig" }
+/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */
+deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig;
+
+/** A configuration for tracking flow from `RemoteFlowSource`s to `UnknownExternalApiDataNode`s. */
+class UntrustedDataToUnknownExternalApiConfig extends TaintTracking::Configuration {
+  UntrustedDataToUnknownExternalApiConfig() { this = "UntrustedDataToUnknownExternalAPIConfig" }

  override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }

-  override predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalAPIDataNode }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode }
 }

+/** DEPRECATED: Alias for UntrustedDataToUnknownExternalApiConfig */
+deprecated class UntrustedDataToUnknownExternalAPIConfig = UntrustedDataToUnknownExternalApiConfig;
+
 /** A node representing untrusted data being passed to an external API. */
-class UntrustedExternalAPIDataNode extends ExternalAPIDataNode {
-  UntrustedExternalAPIDataNode() { any(UntrustedDataToExternalAPIConfig c).hasFlow(_, this) }
+class UntrustedExternalApiDataNode extends ExternalApiDataNode {
+  UntrustedExternalApiDataNode() { any(UntrustedDataToExternalApiConfig c).hasFlow(_, this) }

  /** Gets a source of untrusted data which is passed to this external API data node. */
  DataFlow::Node getAnUntrustedSource() {
-    any(UntrustedDataToExternalAPIConfig c).hasFlow(result, this)
+    any(UntrustedDataToExternalApiConfig c).hasFlow(result, this)
  }
 }

-private newtype TExternalAPI =
-  TExternalAPIParameter(Function m, int index) {
-    exists(UntrustedExternalAPIDataNode n |
+/** DEPRECATED: Alias for UntrustedExternalApiDataNode */
+deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
+
+/** An external API which is used with untrusted data. */
+private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
+  TExternalApiParameter(Function m, int index) {
+    exists(UntrustedExternalApiDataNode n |
      m = n.getFunction() and
      index = n.getIndex()
    )
  }

 /** An external API which is used with untrusted data. */
-class ExternalAPIUsedWithUntrustedData extends TExternalAPI {
+class ExternalApiUsedWithUntrustedData extends TExternalApi {
  /** Gets a possibly untrusted use of this external API. */
-  UntrustedExternalAPIDataNode getUntrustedDataNode() {
-    this = TExternalAPIParameter(result.getFunction(), result.getIndex())
+  UntrustedExternalApiDataNode getUntrustedDataNode() {
+    this = TExternalApiParameter(result.getFunction(), result.getIndex())
  }

  /** Gets the number of untrusted sources used with this external API. */
@@ -202,10 +222,13 @@ class ExternalAPIUsedWithUntrustedData extends TExternalAPI {
    exists(Function f, int index, string indexString |
      if index = -1 then indexString = "receiver" else indexString = "param " + index
    |
-      this = TExternalAPIParameter(f, index) and
+      this = TExternalApiParameter(f, index) and
      if exists(f.getQualifiedName())
      then result = f.getQualifiedName() + " [" + indexString + "]"
      else result = f.getName() + " [" + indexString + "]"
    )
  }
 }
+
+/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
+deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;
--- a/go/ql/lib/semmle/go/security/SqlInjection.qll
+++ b/go/ql/lib/semmle/go/security/SqlInjection.qll
@@ -24,7 +24,7 @@ module SqlInjection {
    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      NoSQL::isAdditionalMongoTaintStep(pred, succ)
+      NoSql::isAdditionalMongoTaintStep(pred, succ)
    }

    override predicate isSanitizer(DataFlow::Node node) {
--- a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
@@ -42,8 +42,8 @@ module SqlInjection {
    SqlQueryAsSink() { this instanceof SQL::QueryString }
  }

-  /** A NoSQL query, considered as a taint sink for SQL injection. */
+  /** A NoSql query, considered as a taint sink for SQL injection. */
  class NoSqlQueryAsSink extends Sink {
-    NoSqlQueryAsSink() { this instanceof NoSQL::Query }
+    NoSqlQueryAsSink() { this instanceof NoSql::Query }
  }
 }
--- a/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
+++ b/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
@@ -11,7 +11,7 @@
 import go
 import semmle.go.security.ExternalAPIs

-from ExternalAPIUsedWithUntrustedData externalAPI
-select externalAPI, count(externalAPI.getUntrustedDataNode()) as numberOfUses,
-  externalAPI.getNumberOfUntrustedSources() as numberOfUntrustedSources order by
+from ExternalApiUsedWithUntrustedData externalApi
+select externalApi, count(externalApi.getUntrustedDataNode()) as numberOfUses,
+  externalApi.getNumberOfUntrustedSources() as numberOfUntrustedSources order by
    numberOfUntrustedSources desc
--- a/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
+++ b/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
@@ -13,8 +13,8 @@ import go
 import semmle.go.security.ExternalAPIs
 import DataFlow::PathGraph

-from UntrustedDataToExternalAPIConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
+from UntrustedDataToExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink, source, sink,
-  "Call to " + sink.getNode().(ExternalAPIDataNode).getFunctionDescription() +
+  "Call to " + sink.getNode().(ExternalApiDataNode).getFunctionDescription() +
    " with untrusted data from $@.", source, source.toString()
--- a/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql
+++ b/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql
@@ -14,8 +14,8 @@ import semmle.go.security.ExternalAPIs
 import DataFlow::PathGraph

 from
-  UntrustedDataToUnknownExternalAPIConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
+  UntrustedDataToUnknownExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink, source, sink,
-  "Call to " + sink.getNode().(UnknownExternalAPIDataNode).getFunctionDescription() +
+  "Call to " + sink.getNode().(UnknownExternalApiDataNode).getFunctionDescription() +
    " with untrusted data from $@.", source, source.toString()
--- a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
+++ b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
@@ -18,8 +18,8 @@ import DataFlow::PathGraph
 * A method that creates a new URL that will send the user
 * to the OAuth 2.0 authorization dialog of the provider.
 */
-class AuthCodeURL extends Method {
-  AuthCodeURL() {
+class AuthCodeUrl extends Method {
+  AuthCodeUrl() {
    this.hasQualifiedName(package("golang.org/x/oauth2", ""), "Config", "AuthCodeURL")
  }
 }
@@ -32,7 +32,7 @@ class ConstantStateFlowConf extends DataFlow::Configuration {
  ConstantStateFlowConf() { this = "ConstantStateFlowConf" }

  predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) {
-    exists(AuthCodeURL m | call = m.getACall() | sink = call.getArgument(0))
+    exists(AuthCodeUrl m | call = m.getACall() | sink = call.getArgument(0))
  }

  override predicate isSource(DataFlow::Node source) {
@@ -110,7 +110,7 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration {
  }

  predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) {
-    exists(AuthCodeURL m | call = m.getACall() | sink = call.getReceiver())
+    exists(AuthCodeUrl m | call = m.getACall() | sink = call.getReceiver())
  }

  override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) }
@@ -130,7 +130,7 @@ predicate privateUrlFlowsToAuthCodeUrlCall(DataFlow::CallNode call) {
  )
 }

-/** A flow from `golang.org/x/oauth2.Config.AuthCodeURL`'s result to a logging function. */
+/** A flow from `golang.org/x/oauth2.Config.AuthCodeUrl`'s result to a logging function. */
 class FlowToPrint extends DataFlow::Configuration {
  FlowToPrint() { this = "FlowToPrint" }

@@ -139,17 +139,17 @@ class FlowToPrint extends DataFlow::Configuration {
  }

  override predicate isSource(DataFlow::Node source) {
-    source = any(AuthCodeURL m).getACall().getResult()
+    source = any(AuthCodeUrl m).getACall().getResult()
  }

  override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) }
 }

 /** Holds if the provided `CallNode`'s result flows to an argument of a printer call. */
-predicate resultFlowsToPrinter(DataFlow::CallNode authCodeURLCall) {
+predicate resultFlowsToPrinter(DataFlow::CallNode authCodeUrlCall) {
  exists(FlowToPrint cfg, DataFlow::PathNode source, DataFlow::PathNode sink |
    cfg.hasFlowPath(source, sink) and
-    authCodeURLCall.getResult() = source.getNode()
+    authCodeUrlCall.getResult() = source.getNode()
  )
 }

@@ -188,9 +188,9 @@ predicate containsCallToStdinScanner(FuncDef funcDef) { getAScannerCall().getRoo
 * and a call to a scanner (`fmt.Scan` and similar),
 * all of which are typically done within a terminal session.
 */
-predicate seemsLikeDoneWithinATerminal(DataFlow::CallNode authCodeURLCall) {
-  resultFlowsToPrinter(authCodeURLCall) and
-  containsCallToStdinScanner(authCodeURLCall.getRoot())
+predicate seemsLikeDoneWithinATerminal(DataFlow::CallNode authCodeUrlCall) {
+  resultFlowsToPrinter(authCodeUrlCall) and
+  containsCallToStdinScanner(authCodeUrlCall.getRoot())
 }

 from
--- a/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/Query.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/Query.ql
@@ -1,13 +1,13 @@
 import go
 import TestUtilities.InlineExpectationsTest

-class NoSQLQueryTest extends InlineExpectationsTest {
-  NoSQLQueryTest() { this = "NoSQLQueryTest" }
+class NoSqlQueryTest extends InlineExpectationsTest {
+  NoSqlQueryTest() { this = "NoSQLQueryTest" }

  override string getARelevantTag() { result = "nosqlquery" }

  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(NoSQL::Query q |
+    exists(NoSql::Query q |
      q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
      element = q.toString() and
--- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/QueryString.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/QueryString.ql
@@ -1,8 +1,8 @@
 import go
 import TestUtilities.InlineExpectationsTest

-class SQLTest extends InlineExpectationsTest {
-  SQLTest() { this = "SQLTest" }
+class SqlTest extends InlineExpectationsTest {
+  SqlTest() { this = "SQLTest" }

  override string getARelevantTag() { result = "query" }

--- a/java/ql/lib/change-notes/2022-08-22-xml-rename.md
+++ b/java/ql/lib/change-notes/2022-08-22-xml-rename.md
@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
  The old name still exists as a deprecated alias.
--- a/java/ql/lib/semmle/code/java/J2EE.qll
+++ b/java/ql/lib/semmle/code/java/J2EE.qll
@@ -19,33 +19,45 @@ class EnterpriseBean extends RefType {
 }

 /** A local EJB home interface. */
-class LocalEJBHomeInterface extends Interface {
-  LocalEJBHomeInterface() {
+class LocalEjbHomeInterface extends Interface {
+  LocalEjbHomeInterface() {
    exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalHome") | this.hasSupertype+(i))
  }
 }

+/** DEPRECATED: Alias for LocalEjbHomeInterface */
+deprecated class LocalEJBHomeInterface = LocalEjbHomeInterface;
+
 /** A remote EJB home interface. */
-class RemoteEJBHomeInterface extends Interface {
-  RemoteEJBHomeInterface() {
+class RemoteEjbHomeInterface extends Interface {
+  RemoteEjbHomeInterface() {
    exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBHome") | this.hasSupertype+(i))
  }
 }

+/** DEPRECATED: Alias for RemoteEjbHomeInterface */
+deprecated class RemoteEJBHomeInterface = RemoteEjbHomeInterface;
+
 /** A local EJB interface. */
-class LocalEJBInterface extends Interface {
-  LocalEJBInterface() {
+class LocalEjbInterface extends Interface {
+  LocalEjbInterface() {
    exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalObject") | this.hasSupertype+(i))
  }
 }

+/** DEPRECATED: Alias for LocalEjbInterface */
+deprecated class LocalEJBInterface = LocalEjbInterface;
+
 /** A remote EJB interface. */
-class RemoteEJBInterface extends Interface {
-  RemoteEJBInterface() {
+class RemoteEjbInterface extends Interface {
+  RemoteEjbInterface() {
    exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBObject") | this.hasSupertype+(i))
  }
 }

+/** DEPRECATED: Alias for RemoteEjbInterface */
+deprecated class RemoteEJBInterface = RemoteEjbInterface;
+
 /** A message bean. */
 class MessageBean extends Class {
  MessageBean() {
--- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
@@ -314,21 +314,27 @@ class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructed
 /**
 * Entry point for EJB home interfaces.
 */
-class EJBHome extends Interface, EntryPoint {
-  EJBHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") }
+class EjbHome extends Interface, EntryPoint {
+  EjbHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") }

  override Callable getALiveCallable() { result = this.getACallable() }
 }

+/** DEPRECATED: Alias for EjbHome */
+deprecated class EJBHome = EjbHome;
+
 /**
 * Entry point for EJB object interfaces.
 */
-class EJBObject extends Interface, EntryPoint {
-  EJBObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") }
+class EjbObject extends Interface, EntryPoint {
+  EjbObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") }

  override Callable getALiveCallable() { result = this.getACallable() }
 }

+/** DEPRECATED: Alias for EjbObject */
+deprecated class EJBObject = EjbObject;
+
 class GsonDeserializationEntryPoint extends ReflectivelyConstructedClass {
  GsonDeserializationEntryPoint() {
    // Assume any class with a gson annotated field can be deserialized.
--- a/java/ql/lib/semmle/code/java/frameworks/Camel.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Camel.qll
@@ -10,19 +10,22 @@ import semmle.code.java.frameworks.camel.CamelJavaAnnotations
 /**
 * A string describing a URI specified in an Apache Camel "to" declaration.
 */
-class CamelToURI extends string {
-  CamelToURI() {
-    exists(SpringCamelXmlToElement toXmlElement | this = toXmlElement.getURI()) or
-    exists(CamelJavaDSLToDecl toJavaDSL | this = toJavaDSL.getURI())
+class CamelToUri extends string {
+  CamelToUri() {
+    exists(SpringCamelXmlToElement toXmlElement | this = toXmlElement.getUri()) or
+    exists(CamelJavaDSLToDecl toJavaDSL | this = toJavaDSL.getUri())
  }
 }

+/** DEPRECATED: Alias for CamelToUri */
+deprecated class CamelToURI = CamelToUri;
+
 /**
 * A string describing a URI specified in an Apache Camel "to" declaration that maps to a
 * SpringBean.
 */
-class CamelToBeanURI extends CamelToURI {
-  CamelToBeanURI() {
+class CamelToBeanUri extends CamelToUri {
+  CamelToBeanUri() {
    // A `<to>` element references a bean if the URI starts with "bean:", or there is no scheme.
    matches("bean:%") or
    not exists(indexOf(":"))
@@ -51,6 +54,9 @@ class CamelToBeanURI extends CamelToURI {
  SpringBean getRefBean() { result.getBeanIdentifier() = this.getBeanIdentifier() }
 }

+/** DEPRECATED: Alias for CamelToBeanUri */
+deprecated class CamelToBeanURI = CamelToBeanUri;
+
 /**
 * A Class whose methods may be called in response to an Apache Camel message.
 */
@@ -64,7 +70,7 @@ class CamelTargetClass extends Class {
      this = camelXmlBeanRef.getBeanType()
    )
    or
-    exists(CamelToBeanURI toBeanURI | this = toBeanURI.getRefBean().getClass())
+    exists(CamelToBeanUri toBeanUri | this = toBeanUri.getRefBean().getClass())
    or
    exists(SpringCamelXmlMethodElement xmlMethod |
      this = xmlMethod.getRefBean().getClass() or
--- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
@@ -134,14 +134,17 @@ deprecated class HttpServletRequestGetRequestURLMethod = HttpServletRequestGetRe
 /**
 * The method `getRequestURI()` declared in `javax.servlet.http.HttpServletRequest`.
 */
-class HttpServletRequestGetRequestURIMethod extends Method {
-  HttpServletRequestGetRequestURIMethod() {
+class HttpServletRequestGetRequestUriMethod extends Method {
+  HttpServletRequestGetRequestUriMethod() {
    this.getDeclaringType() instanceof HttpServletRequest and
    this.hasName("getRequestURI") and
    this.getNumberOfParameters() = 0
  }
 }

+/** DEPRECATED: Alias for HttpServletRequestGetRequestUriMethod */
+deprecated class HttpServletRequestGetRequestURIMethod = HttpServletRequestGetRequestUriMethod;
+
 /**
 * The method `getRemoteUser()` declared in `javax.servlet.http.HttpServletRequest`.
 */
--- a/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll
@@ -41,7 +41,10 @@ class CamelJavaDSLToDecl extends ProcessorDefinitionElement {
  /**
   * Gets the URI specified by this `to` declaration.
   */
-  string getURI() { result = getArgument(0).(CompileTimeConstantExpr).getStringValue() }
+  string getUri() { result = getArgument(0).(CompileTimeConstantExpr).getStringValue() }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = getUri() }
 }

 /**
--- a/java/ql/lib/semmle/code/java/frameworks/gwt/GWT.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/gwt/GWT.qll
@@ -92,19 +92,25 @@ private predicate jsniComment(Javadoc jsni, Method m) {
 * A JavaScript Native Interface (JSNI) comment that contains JavaScript code
 * implementing a native method.
 */
-class JSNIComment extends Javadoc {
-  JSNIComment() { jsniComment(this, _) }
+class JsniComment extends Javadoc {
+  JsniComment() { jsniComment(this, _) }

  /** Gets the method implemented by this comment. */
  Method getImplementedMethod() { jsniComment(this, result) }
 }

+/** DEPRECATED: Alias for JsniComment */
+deprecated class JSNIComment = JsniComment;
+
 /**
 * A JavaScript Native Interface (JSNI) method.
 */
-class JSNIMethod extends Method {
-  JSNIMethod() { jsniComment(_, this) }
+class JsniMethod extends Method {
+  JsniMethod() { jsniComment(_, this) }

  /** Gets the comment containing the JavaScript code for this method. */
-  JSNIComment getImplementation() { jsniComment(result, this) }
+  JsniComment getImplementation() { jsniComment(result, this) }
 }
+
+/** DEPRECATED: Alias for JsniMethod */
+deprecated class JSNIMethod = JsniMethod;
--- a/java/ql/lib/semmle/code/java/frameworks/gwt/GwtUiBinderXml.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/gwt/GwtUiBinderXml.qll
@@ -17,7 +17,7 @@ class GwtUiBinderTemplateElement extends XmlElement {
  GwtUiBinderTemplateElement() {
    this.getParent() instanceof GwtUiTemplateXmlFile and
    this.getName() = "UiBinder" and
-    this.getNamespace().getURI() = "urn:ui:com.google.gwt.uibinder"
+    this.getNamespace().getUri() = "urn:ui:com.google.gwt.uibinder"
  }
 }

@@ -27,7 +27,7 @@ class GwtUiBinderTemplateElement extends XmlElement {
 class GwtComponentTemplateElement extends XmlElement {
  GwtComponentTemplateElement() {
    exists(GwtUiBinderTemplateElement templateElement | this = templateElement.getAChild*() |
-      this.getNamespace().getURI().substring(0, 10) = "urn:import"
+      this.getNamespace().getUri().substring(0, 10) = "urn:import"
    )
  }

@@ -36,7 +36,7 @@ class GwtComponentTemplateElement extends XmlElement {
   */
  Class getClass() {
    exists(string namespace |
-      namespace = this.getNamespace().getURI() and
+      namespace = this.getNamespace().getUri() and
      result.getQualifiedName() = namespace.substring(11, namespace.length()) + "." + this.getName()
    )
  }
--- a/java/ql/lib/semmle/code/java/frameworks/j2objc/J2ObjC.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/j2objc/J2ObjC.qll
@@ -7,8 +7,8 @@ import java
 /**
 * An Objective-C Native Interface (OCNI) comment.
 */
-class OCNIComment extends Javadoc {
-  OCNIComment() {
+class OcniComment extends Javadoc {
+  OcniComment() {
    // The comment must start with `-[` ...
    this.getChild(0).getText().matches("-[%") and
    // ... and it must end with `]-`.
@@ -16,8 +16,11 @@ class OCNIComment extends Javadoc {
  }
 }

+/** DEPRECATED: Alias for OcniComment */
+deprecated class OCNIComment = OcniComment;
+
 /** Auxiliary predicate: `ocni` is an OCNI comment associated with method `m`. */
-private predicate ocniComment(OCNIComment ocni, Method m) {
+private predicate ocniComment(OcniComment ocni, Method m) {
  // The associated callable must be marked as `native` ...
  m.isNative() and
  // ... and the comment has to be contained in `m`.
@@ -30,21 +33,27 @@ private predicate ocniComment(OCNIComment ocni, Method m) {
 * An Objective-C Native Interface (OCNI) comment that contains Objective-C code
 * implementing a native method.
 */
-class OCNIMethodComment extends OCNIComment {
-  OCNIMethodComment() { ocniComment(this, _) }
+class OcniMethodComment extends OcniComment {
+  OcniMethodComment() { ocniComment(this, _) }

  /** Gets the method implemented by this comment. */
  Method getImplementedMethod() { ocniComment(this, result) }
 }

+/** DEPRECATED: Alias for OcniMethodComment */
+deprecated class OCNIMethodComment = OcniMethodComment;
+
 /**
 * An Objective-C Native Interface (OCNI) native import comment.
 */
-class OCNIImport extends OCNIComment {
-  OCNIImport() {
+class OcniImport extends OcniComment {
+  OcniImport() {
    this.getAChild().getText().regexpMatch(".*#(import|include).*") and
    not exists(RefType rt | rt.getFile() = this.getFile() |
      rt.getLocation().getStartLine() < this.getLocation().getStartLine()
    )
  }
 }
+
+/** DEPRECATED: Alias for OcniImport */
+deprecated class OCNIImport = OcniImport;
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll
@@ -14,8 +14,8 @@ abstract class EJB extends Class {
 /**
 * A session EJB.
 */
-class SessionEJB extends EJB {
-  SessionEJB() {
+class SessionEjb extends EJB {
+  SessionEjb() {
    // Subtype of `javax.ejb.SessionBean`.
    this instanceof SessionBean or
    // EJB annotations.
@@ -50,8 +50,8 @@ class SessionEJB extends EJB {
   * using either an annotation or an XML deployment descriptor.
   */
  private BusinessInterface getAnExplicitBusinessInterface() {
-    result.(AnnotatedBusinessInterface).getAnEJB() = this or
-    result.(XmlSpecifiedBusinessInterface).getAnEJB() = this
+    result.(AnnotatedBusinessInterface).getAnEjb() = this or
+    result.(XmlSpecifiedBusinessInterface).getAnEjb() = this
  }

  /**
@@ -69,40 +69,40 @@ class SessionEJB extends EJB {
  LegacyEjbRemoteInterface getARemoteInterface() {
    result = this.getASupertype() and result instanceof ExtendedRemoteInterface
    or
-    exists(AnnotatedRemoteHomeInterface i | i.getAnEJB() = this |
+    exists(AnnotatedRemoteHomeInterface i | i.getAnEjb() = this |
      result = i.getAnAssociatedRemoteInterface()
    )
    or
-    result.(XmlSpecifiedRemoteInterface).getAnEJB() = this
+    result.(XmlSpecifiedRemoteInterface).getAnEjb() = this
  }

  /** Any remote home interfaces of this EJB. */
  LegacyEjbRemoteHomeInterface getARemoteHomeInterface() {
    result = this.getASupertype() and result instanceof ExtendedRemoteHomeInterface
    or
-    result.(AnnotatedRemoteHomeInterface).getAnEJB() = this
+    result.(AnnotatedRemoteHomeInterface).getAnEjb() = this
    or
-    result.(XmlSpecifiedRemoteHomeInterface).getAnEJB() = this
+    result.(XmlSpecifiedRemoteHomeInterface).getAnEjb() = this
  }

  /** Any local interfaces of this EJB. */
  LegacyEjbLocalInterface getALocalInterface() {
    result = this.getASupertype() and result instanceof ExtendedLocalInterface
    or
-    exists(AnnotatedLocalHomeInterface i | i.getAnEJB() = this |
+    exists(AnnotatedLocalHomeInterface i | i.getAnEjb() = this |
      result = i.getAnAssociatedLocalInterface()
    )
    or
-    result.(XmlSpecifiedLocalInterface).getAnEJB() = this
+    result.(XmlSpecifiedLocalInterface).getAnEjb() = this
  }

  /** Any local home interfaces of this EJB. */
  LegacyEjbLocalHomeInterface getALocalHomeInterface() {
    result = this.getASupertype() and result instanceof ExtendedLocalHomeInterface
    or
-    result.(AnnotatedLocalHomeInterface).getAnEJB() = this
+    result.(AnnotatedLocalHomeInterface).getAnEjb() = this
    or
-    result.(XmlSpecifiedLocalHomeInterface).getAnEJB() = this
+    result.(XmlSpecifiedLocalHomeInterface).getAnEjb() = this
  }

  /** Any `ejbCreate*` methods required for legacy remote or local home interfaces. */
@@ -112,11 +112,14 @@ class SessionEJB extends EJB {
  EjbAnnotatedInitMethod getAnAnnotatedInitMethod() { this.inherits(result) }
 }

+/** DEPRECATED: Alias for SessionEjb */
+deprecated class SessionEJB = SessionEjb;
+
 /**
 * A stateful session EJB.
 */
-class StatefulSessionEJB extends SessionEJB {
-  StatefulSessionEJB() {
+class StatefulSessionEjb extends SessionEjb {
+  StatefulSessionEjb() {
    // EJB annotations.
    this.getAnAnnotation().getType().hasName("Stateful")
    or
@@ -129,11 +132,14 @@ class StatefulSessionEJB extends SessionEJB {
  }
 }

+/** DEPRECATED: Alias for StatefulSessionEjb */
+deprecated class StatefulSessionEJB = StatefulSessionEjb;
+
 /**
 * A stateless session EJB.
 */
-class StatelessSessionEJB extends SessionEJB {
-  StatelessSessionEJB() {
+class StatelessSessionEjb extends SessionEjb {
+  StatelessSessionEjb() {
    // EJB annotations.
    this.getAnAnnotation().getType().hasName("Stateless")
    or
@@ -146,6 +152,9 @@ class StatelessSessionEJB extends SessionEJB {
  }
 }

+/** DEPRECATED: Alias for StatelessSessionEjb */
+deprecated class StatelessSessionEJB = StatelessSessionEjb;
+
 /**
 * A message-driven EJB.
 */
@@ -168,8 +177,8 @@ class MessageDrivenBean extends EJB {
 /**
 * An entity EJB (deprecated as of EJB 3.0).
 */
-class EntityEJB extends EJB {
-  EntityEJB() {
+class EntityEjb extends EJB {
+  EntityEjb() {
    // Subtype of `javax.ejb.EntityBean`.
    this instanceof EntityBean
    or
@@ -181,6 +190,9 @@ class EntityEJB extends EJB {
  }
 }

+/** DEPRECATED: Alias for EntityEjb */
+deprecated class EntityEJB = EntityEjb;
+
 /*
 * Business interfaces (applicable to session beans).
 */
@@ -231,7 +243,10 @@ class LocalAnnotation extends BusinessInterfaceAnnotation {
 */
 abstract class BusinessInterface extends Interface {
  /** Gets an EJB to which this business interface belongs. */
-  abstract SessionEJB getAnEJB();
+  abstract SessionEjb getAnEjb();
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }

  /** Holds if this business interface is declared local. */
  abstract predicate isDeclaredLocal();
@@ -251,7 +266,7 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface {
    )
  }

-  override SessionEJB getAnEJB() {
+  override SessionEjb getAnEjb() {
    exists(EjbJarXmlFile f, EjbJarSessionElement se |
      se = f.getASessionElement() and
      this.getQualifiedName() = se.getABusinessElement().getACharactersSet().getCharacters() and
@@ -259,6 +274,9 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface {
    )
  }

+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated override SessionEJB getAnEJB() { result = this.getAnEjb() }
+
  override predicate isDeclaredLocal() {
    exists(EjbJarXmlFile f |
      this.getQualifiedName() =
@@ -291,10 +309,13 @@ class AnnotatedBusinessInterface extends BusinessInterface {
   * Any class that has a `@Local` or `@Remote` annotation that names this interface
   * is an EJB to which this business interface belongs.
   */
-  override SessionEJB getAnEJB() {
+  override SessionEjb getAnEjb() {
    result.getAnAnnotation().(BusinessInterfaceAnnotation).getANamedType() = this
  }

+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated override SessionEJB getAnEJB() { result = this.getAnEjb() }
+
  override predicate isDeclaredLocal() { this instanceof LocalAnnotatedBusinessInterface }

  override predicate isDeclaredRemote() { this instanceof RemoteAnnotatedBusinessInterface }
@@ -338,7 +359,7 @@ class InitAnnotation extends Annotation {
 class EjbAnnotatedInitMethod extends Method {
  EjbAnnotatedInitMethod() {
    this.getAnAnnotation() instanceof InitAnnotation and
-    exists(SessionEJB ejb | ejb.inherits(this))
+    exists(SessionEjb ejb | ejb.inherits(this))
  }
 }

@@ -349,7 +370,7 @@ class EjbAnnotatedInitMethod extends Method {
 class EjbCreateMethod extends Method {
  EjbCreateMethod() {
    this.getName().matches("ejbCreate%") and
-    exists(SessionEJB ejb | ejb.inherits(this))
+    exists(SessionEjb ejb | ejb.inherits(this))
  }

  /** Gets the suffix of the method name without the `ejbCreate` prefix. */
@@ -405,8 +426,8 @@ abstract class LegacyEjbHomeInterface extends LegacyEjbInterface {
 /** A legacy remote interface. */
 abstract class LegacyEjbRemoteInterface extends LegacyEjbInterface { }

-/** A legacy remote interface that extends `javax.ejb.EJBObject`. */
-class ExtendedRemoteInterface extends LegacyEjbRemoteInterface, RemoteEJBInterface { }
+/** A legacy remote interface that extends `javax.ejb.EjbObject`. */
+class ExtendedRemoteInterface extends LegacyEjbRemoteInterface, RemoteEjbInterface { }

 /** A legacy remote interface specified within an XML deployment descriptor. */
 class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface {
@@ -421,20 +442,23 @@ class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface {
   * Gets a session EJB specified in the XML deployment descriptor
   * for this legacy EJB remote interface.
   */
-  SessionEJB getAnEJB() {
+  SessionEjb getAnEjb() {
    exists(EjbJarXmlFile f, EjbJarSessionElement se |
      se = f.getASessionElement() and
      this.getQualifiedName() = se.getARemoteElement().getACharactersSet().getCharacters() and
      result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
    )
  }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
 }

 /** A legacy remote home interface. */
 abstract class LegacyEjbRemoteHomeInterface extends LegacyEjbHomeInterface { }

-/** A legacy remote home interface that extends `javax.ejb.EJBHome`. */
-class ExtendedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface, RemoteEJBHomeInterface { }
+/** A legacy remote home interface that extends `javax.ejb.EjbHome`. */
+class ExtendedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface, RemoteEjbHomeInterface { }

 /** A legacy remote home interface specified by means of a `@RemoteHome` annotation. */
 class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
@@ -444,7 +468,10 @@ class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
  }

  /** Gets an EJB to which this interface belongs. */
-  SessionEJB getAnEJB() { result.getAnAnnotation().(RemoteHomeAnnotation).getANamedType() = this }
+  SessionEjb getAnEjb() { result.getAnAnnotation().(RemoteHomeAnnotation).getANamedType() = this }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }

  /** Gets a remote interface associated with this legacy remote home interface. */
  Interface getAnAssociatedRemoteInterface() { result = this.getACreateMethod().getReturnType() }
@@ -460,20 +487,23 @@ class XmlSpecifiedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
  }

  /** Gets an EJB to which this interface belongs. */
-  SessionEJB getAnEJB() {
+  SessionEjb getAnEjb() {
    exists(EjbJarXmlFile f, EjbJarSessionElement se |
      se = f.getASessionElement() and
      this.getQualifiedName() = se.getARemoteHomeElement().getACharactersSet().getCharacters() and
      result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
    )
  }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
 }

 /** A legacy local interface. */
 abstract class LegacyEjbLocalInterface extends LegacyEjbInterface { }

 /** A legacy local interface that extends `javax.ejb.EJBLocalObject`. */
-class ExtendedLocalInterface extends LegacyEjbLocalInterface, LocalEJBInterface { }
+class ExtendedLocalInterface extends LegacyEjbLocalInterface, LocalEjbInterface { }

 /** A legacy local interface specified within an XML deployment descriptor. */
 class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface {
@@ -485,20 +515,23 @@ class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface {
  }

  /** Gets an EJB to which this interface belongs. */
-  SessionEJB getAnEJB() {
+  SessionEjb getAnEjb() {
    exists(EjbJarXmlFile f, EjbJarSessionElement se |
      se = f.getASessionElement() and
      this.getQualifiedName() = se.getALocalElement().getACharactersSet().getCharacters() and
      result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
    )
  }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
 }

 /** A legacy local home interface. */
 abstract class LegacyEjbLocalHomeInterface extends LegacyEjbHomeInterface { }

 /** A legacy local home interface that extends `javax.ejb.EJBLocalHome`. */
-class ExtendedLocalHomeInterface extends LegacyEjbLocalHomeInterface, LocalEJBHomeInterface { }
+class ExtendedLocalHomeInterface extends LegacyEjbLocalHomeInterface, LocalEjbHomeInterface { }

 /** A legacy local home interface specified by means of a `@LocalHome` annotation. */
 class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
@@ -508,7 +541,10 @@ class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
  }

  /** Gets an EJB to which this interface belongs. */
-  SessionEJB getAnEJB() { result.getAnAnnotation().(LocalHomeAnnotation).getANamedType() = this }
+  SessionEjb getAnEjb() { result.getAnAnnotation().(LocalHomeAnnotation).getANamedType() = this }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }

  /** Gets a local interface associated with this legacy local home interface. */
  Interface getAnAssociatedLocalInterface() { result = this.getACreateMethod().getReturnType() }
@@ -524,13 +560,16 @@ class XmlSpecifiedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
  }

  /** Gets an EJB to which this interface belongs. */
-  SessionEJB getAnEJB() {
+  SessionEjb getAnEjb() {
    exists(EjbJarXmlFile f, EjbJarSessionElement se |
      se = f.getASessionElement() and
      this.getQualifiedName() = se.getALocalHomeElement().getACharactersSet().getCharacters() and
      result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
    )
  }
+
+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
 }

 /**
@@ -541,19 +580,22 @@ class RemoteInterface extends Interface {
  RemoteInterface() {
    this instanceof RemoteAnnotatedBusinessInterface or
    this.(XmlSpecifiedBusinessInterface).isDeclaredRemote() or
-    exists(SessionEJB ejb | this = ejb.getARemoteInterface())
+    exists(SessionEjb ejb | this = ejb.getARemoteInterface())
  }

  /**
   * Any EJBs associated with this `RemoteInterface`
   * by means of annotations or `ejb-jar.xml` configuration files.
   */
-  SessionEJB getAnEJB() {
+  SessionEjb getAnEjb() {
    result.getAnAnnotation().(RemoteAnnotation).getANamedType() = this or
-    result = this.(XmlSpecifiedRemoteInterface).getAnEJB() or
+    result = this.(XmlSpecifiedRemoteInterface).getAnEjb() or
    result.getARemoteInterface() = this
  }

+  /** DEPRECATED: Alias for getAnEjb */
+  deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
+
  /**
   * A "remote method" is a method that is available on the remote
   * interface (either because it's declared or inherited).
@@ -585,8 +627,8 @@ class RemoteInterface extends Interface {
   * but the EJB is not a subtype of this remote interface.
   */
  Method getARemoteMethodImplementationUnchecked() {
-    exists(SessionEJB ejb, Method rm |
-      ejb = this.getAnEJB() and
+    exists(SessionEjb ejb, Method rm |
+      ejb = this.getAnEjb() and
      not ejb.getAnAncestor() = this and
      rm = this.getARemoteMethod() and
      result = getAnInheritedMatchingMethodIgnoreThrows(ejb, rm.getSignature()) and
@@ -648,13 +690,13 @@ private predicate throwsExplicitUncheckedException(Method m, Exception ex) {
 }

 /** Gets a method (inherited by `ejb`) matching the signature `sig`. (Ignores `throws` clauses.) */
-Method getAnInheritedMatchingMethodIgnoreThrows(SessionEJB ejb, string sig) {
+Method getAnInheritedMatchingMethodIgnoreThrows(SessionEjb ejb, string sig) {
  ejb.inherits(result) and
  sig = result.getSignature()
 }

 /** Holds if `ejb` inherits a method matching the given signature. (Ignores `throws` clauses.) */
-predicate inheritsMatchingMethodIgnoreThrows(SessionEJB ejb, string signature) {
+predicate inheritsMatchingMethodIgnoreThrows(SessionEjb ejb, string signature) {
  exists(getAnInheritedMatchingMethodIgnoreThrows(ejb, signature))
 }

@@ -662,7 +704,7 @@ predicate inheritsMatchingMethodIgnoreThrows(SessionEJB ejb, string signature) {
 * If `ejb` inherits a method matching the signature of `m` except for the `throws` clause,
 * then return any type in the `throws` clause that does not match.
 */
-Type inheritsMatchingMethodExceptThrows(SessionEJB ejb, Method m) {
+Type inheritsMatchingMethodExceptThrows(SessionEjb ejb, Method m) {
  exists(Method n, string sig |
    ejb.inherits(n) and
    sig = n.getSignature() and
@@ -679,7 +721,7 @@ Type inheritsMatchingMethodExceptThrows(SessionEJB ejb, Method m) {
 * (Ignores `throws` clauses.)
 */
 predicate inheritsMatchingCreateMethodIgnoreThrows(
-  StatefulSessionEJB ejb, EjbInterfaceCreateMethod icm
+  StatefulSessionEjb ejb, EjbInterfaceCreateMethod icm
 ) {
  exists(EjbCreateMethod cm | cm = ejb.getAnEjbCreateMethod() |
    cm.getMethodSuffix() = icm.getMethodSuffix() and
@@ -705,7 +747,7 @@ predicate inheritsMatchingCreateMethodIgnoreThrows(
 * If `ejb` inherits an `ejbCreate` or `@Init` method matching `create` method `m` except for the `throws` clause,
 * then return any type in the `throws` clause that does not match.
 */
-Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEJB ejb, EjbInterfaceCreateMethod icm) {
+Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEjb ejb, EjbInterfaceCreateMethod icm) {
  exists(EjbCreateMethod cm | cm = ejb.getAnEjbCreateMethod() |
    cm.getMethodSuffix() = icm.getMethodSuffix() and
    cm.getNumberOfParameters() = icm.getNumberOfParameters() and
@@ -814,10 +856,13 @@ class DependsOnAnnotation extends Annotation {
 /**
 * A `@javax.ejb.EJB` annotation.
 */
-class EJBAnnotation extends Annotation {
-  EJBAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") }
+class EjbAnnotation extends Annotation {
+  EjbAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") }
 }

+/** DEPRECATED: Alias for EjbAnnotation */
+deprecated class EJBAnnotation = EjbAnnotation;
+
 /**
 * A `@javax.ejb.EJBs` annotation.
 */
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringBean.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringBean.qll
@@ -16,7 +16,7 @@ class SpringBean extends SpringXmlElement {
  SpringBean() {
    this.getName() = "bean" and
    // Do not capture Camel beans, which are different
-    not this.getNamespace().getURI() = "http://camel.apache.org/schema/spring"
+    not this.getNamespace().getUri() = "http://camel.apache.org/schema/spring"
  }

  override string toString() { result = this.getBeanIdentifier() }
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll
@@ -10,7 +10,7 @@ import semmle.code.java.frameworks.spring.SpringBean
 * An Apache Camel element in a Spring Beans file.
 */
 class SpringCamelXmlElement extends SpringXmlElement {
-  SpringCamelXmlElement() { getNamespace().getURI() = "http://camel.apache.org/schema/spring" }
+  SpringCamelXmlElement() { getNamespace().getUri() = "http://camel.apache.org/schema/spring" }
 }

 /** DEPRECATED: Alias for SpringCamelXmlElement */
@@ -114,7 +114,10 @@ class SpringCamelXmlToElement extends SpringCamelXmlRouteElement {
  /**
   * Gets the URI attribute for this `<to>` element.
   */
-  string getURI() { result = getAttribute("uri").getValue() }
+  string getUri() { result = getAttribute("uri").getValue() }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = getUri() }
 }

 /** DEPRECATED: Alias for SpringCamelXmlToElement */
--- a/java/ql/lib/semmle/code/java/security/Encryption.qll
+++ b/java/ql/lib/semmle/code/java/security/Encryption.qll
@@ -4,8 +4,8 @@

 import java

-class SSLClass extends RefType {
-  SSLClass() {
+class SslClass extends RefType {
+  SslClass() {
    exists(Class c | this.getAnAncestor() = c |
      c.hasQualifiedName("javax.net.ssl", _) or
      c.hasQualifiedName("javax.rmi.ssl", _)
@@ -13,6 +13,9 @@ class SSLClass extends RefType {
  }
 }

+/** DEPRECATED: Alias for SslClass */
+deprecated class SSLClass = SslClass;
+
 class X509TrustManager extends RefType {
  X509TrustManager() { this.hasQualifiedName("javax.net.ssl", "X509TrustManager") }
 }
@@ -25,34 +28,52 @@ class HttpsUrlConnection extends RefType {
 /** DEPRECATED: Alias for HttpsUrlConnection */
 deprecated class HttpsURLConnection = HttpsUrlConnection;

-class SSLSocketFactory extends RefType {
-  SSLSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") }
+class SslSocketFactory extends RefType {
+  SslSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") }
 }

-class SSLContext extends RefType {
-  SSLContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") }
+/** DEPRECATED: Alias for SslSocketFactory */
+deprecated class SSLSocketFactory = SslSocketFactory;
+
+class SslContext extends RefType {
+  SslContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") }
 }

-/** The `javax.net.ssl.SSLSession` class. */
-class SSLSession extends RefType {
-  SSLSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") }
+/** DEPRECATED: Alias for SslContext */
+deprecated class SSLContext = SslContext;
+
+/** The `javax.net.ssl.SslSession` class. */
+class SslSession extends RefType {
+  SslSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") }
 }

-/** The `javax.net.ssl.SSLEngine` class. */
-class SSLEngine extends RefType {
-  SSLEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") }
+/** DEPRECATED: Alias for SslSession */
+deprecated class SSLSession = SslSession;
+
+/** The `javax.net.ssl.SslEngine` class. */
+class SslEngine extends RefType {
+  SslEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") }
 }

-/** The `javax.net.ssl.SSLSocket` class. */
-class SSLSocket extends RefType {
-  SSLSocket() { this.hasQualifiedName("javax.net.ssl", "SSLSocket") }
+/** DEPRECATED: Alias for SslEngine */
+deprecated class SSLEngine = SslEngine;
+
+/** The `javax.net.ssl.SslSocket` class. */
+class SslSocket extends RefType {
+  SslSocket() { this.hasQualifiedName("javax.net.ssl", "SSLSocket") }
 }

-/** The `javax.net.ssl.SSLParameters` class. */
-class SSLParameters extends RefType {
-  SSLParameters() { this.hasQualifiedName("javax.net.ssl", "SSLParameters") }
+/** DEPRECATED: Alias for SslSocket */
+deprecated class SSLSocket = SslSocket;
+
+/** The `javax.net.ssl.SslParameters` class. */
+class SslParameters extends RefType {
+  SslParameters() { this.hasQualifiedName("javax.net.ssl", "SSLParameters") }
 }

+/** DEPRECATED: Alias for SslParameters */
+deprecated class SSLParameters = SslParameters;
+
 class HostnameVerifier extends RefType {
  HostnameVerifier() { this.hasQualifiedName("javax.net.ssl", "HostnameVerifier") }
 }
@@ -73,7 +94,7 @@ class HostnameVerifierVerify extends Method {
    this.hasName("verify") and
    this.getDeclaringType().getAnAncestor() instanceof HostnameVerifier and
    this.getParameterType(0) instanceof TypeString and
-    this.getParameterType(1) instanceof SSLSession
+    this.getParameterType(1) instanceof SslSession
  }
 }

@@ -87,22 +108,22 @@ class TrustManagerCheckMethod extends Method {
 class CreateSocket extends Method {
  CreateSocket() {
    this.hasName("createSocket") and
-    this.getDeclaringType() instanceof SSLSocketFactory
+    this.getDeclaringType() instanceof SslSocketFactory
  }
 }

 class GetSocketFactory extends Method {
  GetSocketFactory() {
    this.hasName("getSocketFactory") and
-    this.getDeclaringType() instanceof SSLContext
+    this.getDeclaringType() instanceof SslContext
  }
 }

-/** The `createSSLEngine` method of the class `javax.net.ssl.SSLContext`. */
+/** The `createSSLEngine` method of the class `javax.net.ssl.SslContext`. */
 class CreateSslEngineMethod extends Method {
  CreateSslEngineMethod() {
    this.hasName("createSSLEngine") and
-    this.getDeclaringType() instanceof SSLContext
+    this.getDeclaringType() instanceof SslContext
  }
 }

@@ -128,35 +149,35 @@ class SetDefaultHostnameVerifierMethod extends Method {
  }
 }

-/** The `beginHandshake` method of the class `javax.net.ssl.SSLEngine`. */
+/** The `beginHandshake` method of the class `javax.net.ssl.SslEngine`. */
 class BeginHandshakeMethod extends Method {
  BeginHandshakeMethod() {
    this.hasName("beginHandshake") and
-    this.getDeclaringType().getAnAncestor() instanceof SSLEngine
+    this.getDeclaringType().getAnAncestor() instanceof SslEngine
  }
 }

-/** The `wrap` method of the class `javax.net.ssl.SSLEngine`. */
+/** The `wrap` method of the class `javax.net.ssl.SslEngine`. */
 class SslWrapMethod extends Method {
  SslWrapMethod() {
    this.hasName("wrap") and
-    this.getDeclaringType().getAnAncestor() instanceof SSLEngine
+    this.getDeclaringType().getAnAncestor() instanceof SslEngine
  }
 }

-/** The `unwrap` method of the class `javax.net.ssl.SSLEngine`. */
+/** The `unwrap` method of the class `javax.net.ssl.SslEngine`. */
 class SslUnwrapMethod extends Method {
  SslUnwrapMethod() {
    this.hasName("unwrap") and
-    this.getDeclaringType().getAnAncestor() instanceof SSLEngine
+    this.getDeclaringType().getAnAncestor() instanceof SslEngine
  }
 }

-/** The `getSession` method of the class `javax.net.ssl.SSLSession`. */
+/** The `getSession` method of the class `javax.net.ssl.SslSession`. */
 class GetSslSessionMethod extends Method {
  GetSslSessionMethod() {
    this.hasName("getSession") and
-    this.getDeclaringType().getAnAncestor() instanceof SSLSession
+    this.getDeclaringType().getAnAncestor() instanceof SslSession
  }
 }

--- a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll
+++ b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll
@@ -126,7 +126,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;

+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
  TExternalApiParameter(Method m, int index) {
    exists(UntrustedExternalApiDataNode n |
      m = n.getMethod() and
--- a/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll
+++ b/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll
@@ -26,7 +26,7 @@ private class DefaultInsecureTrustManagerSink extends InsecureTrustManagerSink {
  DefaultInsecureTrustManagerSink() {
    exists(MethodAccess ma, Method m |
      m.hasName("init") and
-      m.getDeclaringType() instanceof SSLContext and
+      m.getDeclaringType() instanceof SslContext and
      ma.getMethod() = m
    |
      ma.getArgument(1) = this.asExpr()
--- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -41,5 +41,5 @@ class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
    sanitizer.getType() instanceof TypeType
  }

-  override predicate isSanitizerIn(Node node) { isSource(node) }
+  override predicate isSanitizerIn(Node node) { this.isSource(node) }
 }
--- a/java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll
+++ b/java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll
@@ -56,7 +56,7 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer {
  SslEngineServerMode() {
    exists(MethodAccess ma, Method m |
      m.hasName("setUseClientMode") and
-      m.getDeclaringType().getAnAncestor() instanceof SSLEngine and
+      m.getDeclaringType().getAnAncestor() instanceof SslEngine and
      ma.getMethod() = m and
      ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = false and
      this.asExpr() = ma.getQualifier()
@@ -69,9 +69,9 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer {
 * or the qualifier of `createSocket` is an instance of `SSLSocketFactory`.
 */
 private predicate isSslSocket(MethodAccess createSocket) {
-  createSocket = any(CastExpr ce | ce.getType() instanceof SSLSocket).getExpr()
+  createSocket = any(CastExpr ce | ce.getType() instanceof SslSocket).getExpr()
  or
-  createSocket.getQualifier().getType().(RefType).getAnAncestor() instanceof SSLSocketFactory
+  createSocket.getQualifier().getType().(RefType).getAnAncestor() instanceof SslSocketFactory
 }

 /**
--- a/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll
@@ -44,7 +44,7 @@ private class SafeSslParametersFlowConfig extends DataFlow2::Configuration {
  }

  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodAccess ma, RefType t | t instanceof SSLSocket or t instanceof SSLEngine |
+    exists(MethodAccess ma, RefType t | t instanceof SslSocket or t instanceof SslEngine |
      ma.getMethod().hasName("setSSLParameters") and
      ma.getMethod().getDeclaringType().getAnAncestor() = t and
      ma.getArgument(0) = sink.asExpr()
@@ -58,7 +58,7 @@ private class SafeSslParametersFlowConfig extends DataFlow2::Configuration {
 private class SafeSetEndpointIdentificationAlgorithm extends MethodAccess {
  SafeSetEndpointIdentificationAlgorithm() {
    this.getMethod().hasName("setEndpointIdentificationAlgorithm") and
-    this.getMethod().getDeclaringType() instanceof SSLParameters and
+    this.getMethod().getDeclaringType() instanceof SslParameters and
    not this.getArgument(0) instanceof NullLiteral and
    not this.getArgument(0).(CompileTimeConstantExpr).getStringValue() = ""
  }
--- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll
+++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll
@@ -324,7 +324,7 @@ Expr configOptionIsSupportingExternalEntities() {
 /**
 * An `XmlInputFactory` specific expression that indicates whether DTD is supported.
 */
-Expr configOptionSupportDTD() {
+Expr configOptionSupportDtd() {
  result.(ConstantStringExpr).getStringValue() = "javax.xml.stream.supportDTD"
  or
  exists(Field f |
@@ -334,6 +334,9 @@ Expr configOptionSupportDTD() {
  )
 }

+/** DEPRECATED: Alias for configOptionSupportDtd */
+deprecated Expr configOptionSupportDTD() { result = configOptionSupportDtd() }
+
 /**
 * A safely configured `XmlInputFactory`.
 */
@@ -345,7 +348,7 @@ class SafeXmlInputFactory extends VarAccess {
        config.disables(configOptionIsSupportingExternalEntities())
      ) and
      exists(XmlInputFactoryConfig config | config.getQualifier() = v.getAnAccess() |
-        config.disables(configOptionSupportDTD())
+        config.disables(configOptionSupportDtd())
      )
    )
  }
@@ -907,7 +910,7 @@ class XmlConstants extends RefType {
 }

 /** A configuration specific for transformers and schema. */
-Expr configAccessExternalDTD() {
+Expr configAccessExternalDtd() {
  result.(ConstantStringExpr).getStringValue() =
    "http://javax.xml.XMLConstants/property/accessExternalDTD"
  or
@@ -918,6 +921,9 @@ Expr configAccessExternalDTD() {
  )
 }

+/** DEPRECATED: Alias for configAccessExternalDtd */
+deprecated Expr configAccessExternalDTD() { result = configAccessExternalDtd() }
+
 /** A configuration specific for transformers. */
 Expr configAccessExternalStyleSheet() {
  result.(ConstantStringExpr).getStringValue() =
@@ -1040,7 +1046,7 @@ class SafeTransformerFactory extends VarAccess {
  SafeTransformerFactory() {
    exists(Variable v | v = this.getVariable() |
      exists(TransformerFactoryConfig config | config.getQualifier() = v.getAnAccess() |
-        config.disables(configAccessExternalDTD())
+        config.disables(configAccessExternalDtd())
      ) and
      exists(TransformerFactoryConfig config | config.getQualifier() = v.getAnAccess() |
        config.disables(configAccessExternalStyleSheet())
@@ -1141,7 +1147,7 @@ class SafeSchemaFactory extends VarAccess {
  SafeSchemaFactory() {
    exists(Variable v | v = this.getVariable() |
      exists(SchemaFactoryConfig config | config.getQualifier() = v.getAnAccess() |
-        config.disables(configAccessExternalDTD())
+        config.disables(configAccessExternalDtd())
      ) and
      exists(SchemaFactoryConfig config | config.getQualifier() = v.getAnAccess() |
        config.disables(configAccessExternalSchema())
--- a/java/ql/lib/semmle/code/xml/XML.qll
+++ b/java/ql/lib/semmle/code/xml/XML.qll
@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
  XmlElement getARootElement() { result = this.getAChild() }

  /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }

 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
 * <!ELEMENT lastName (#PCDATA)>
 * ```
 */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
  /** Gets the name of the root element of this DTD. */
  string getRoot() { xmlDTDs(this, result, _, _, _) }

@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
  }
 }

-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;

 /**
 * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
  string getPrefix() { xmlNs(this, result, _, _) }

  /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }

  /** Holds if this namespace has no prefix. */
  predicate isDefault() { this.getPrefix() = "" }

  override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
    or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
  }
 }

--- a/Bugs/Serialization/NonSerializableField.ql
+++ b/Bugs/Serialization/NonSerializableField.ql
@@ -81,7 +81,7 @@ predicate exceptions(Class c, Field f) {
    // Stateless session beans are not normally serialized during their usual life-cycle
    // but are forced by their expected supertype to be serializable.
    // Arguably, warnings for their non-serializable fields can therefore be suppressed in practice.
-    c instanceof StatelessSessionEJB
+    c instanceof StatelessSessionEjb
    or
    // Enum types are serialized by name, so it doesn't matter if they have non-serializable fields.
    c instanceof EnumType
--- a/java/ql/src/Security/CWE/CWE-319/UseSSL.ql
+++ b/java/ql/src/Security/CWE/CWE-319/UseSSL.ql
@@ -33,10 +33,10 @@ where
    or
    c instanceof Socket and type = "socket"
  ) and
-  not c instanceof SSLClass and
+  not c instanceof SslClass and
  not exists(RefType t |
    exprTypeFlow(m.getQualifier(), t, _) and
-    t instanceof SSLClass
+    t instanceof SslClass
  ) and
  (
    m.getMethod().getName() = "getInputStream" or
--- a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql
+++ b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql
@@ -65,7 +65,7 @@ predicate query(MethodAccess m, Method def, int paramNo, string message, Element
    // an SSL factory, ...
    usesFactory(def, paramNo) and
    evidence = m.getArgument(paramNo) and
-    not evidence.(Expr).getType() instanceof SSLClass and
+    not evidence.(Expr).getType() instanceof SslClass and
    message = "has a non-SSL factory argument "
    or
    // ... or there is an overloaded method on the same type that does take a factory,
--- a/Practice/Comments/CommentedCode.qll
+++ b/Practice/Comments/CommentedCode.qll
@@ -107,8 +107,8 @@ class CommentedOutCode extends JavadocFirst {
  CommentedOutCode() {
    anyCount(this) > 0 and
    codeCount(this).(float) / anyCount(this).(float) > 0.5 and
-    not this instanceof JSNIComment and
-    not this instanceof OCNIComment
+    not this instanceof JsniComment and
+    not this instanceof OcniComment
  }

  /**
--- a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql
@@ -87,7 +87,7 @@ predicate isTestMethod(MethodAccess ma) {
 }

 /** Holds if `MethodAccess` ma disables SSL endpoint check. */
-predicate isInsecureSSLEndpoint(MethodAccess ma) {
+predicate isInsecureSslEndpoint(MethodAccess ma) {
  (
    ma.getMethod() instanceof SetSystemPropertyMethod and
    isPropertyDisableLdapEndpointId(ma.getArgument(0)) and
@@ -105,6 +105,6 @@ predicate isInsecureSSLEndpoint(MethodAccess ma) {

 from MethodAccess ma
 where
-  isInsecureSSLEndpoint(ma) and
+  isInsecureSslEndpoint(ma) and
  not isTestMethod(ma)
 select ma, "LDAPS configuration allows insecure endpoint identification"
--- a/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll
@@ -27,7 +27,7 @@ class UnsafeTlsVersionConfig extends TaintTracking::Configuration {
 class SslContextGetInstanceSink extends DataFlow::ExprNode {
  SslContextGetInstanceSink() {
    exists(StaticMethodAccess ma, Method m | m = ma.getMethod() |
-      m.getDeclaringType() instanceof SSLContext and
+      m.getDeclaringType() instanceof SslContext and
      m.hasName("getInstance") and
      ma.getArgument(0) = asExpr()
    )
@@ -40,7 +40,7 @@ class SslContextGetInstanceSink extends DataFlow::ExprNode {
 */
 class CreateSslParametersSink extends DataFlow::ExprNode {
  CreateSslParametersSink() {
-    exists(ConstructorCall cc | cc.getConstructedType() instanceof SSLParameters |
+    exists(ConstructorCall cc | cc.getConstructedType() instanceof SslParameters |
      cc.getArgument(1) = asExpr()
    )
  }
@@ -53,7 +53,7 @@ class CreateSslParametersSink extends DataFlow::ExprNode {
 class SslParametersSetProtocolsSink extends DataFlow::ExprNode {
  SslParametersSetProtocolsSink() {
    exists(MethodAccess ma, Method m | m = ma.getMethod() |
-      m.getDeclaringType() instanceof SSLParameters and
+      m.getDeclaringType() instanceof SslParameters and
      m.hasName("setProtocols") and
      ma.getArgument(0) = asExpr()
    )
@@ -70,9 +70,9 @@ class SetEnabledProtocolsSink extends DataFlow::ExprNode {
      m = ma.getMethod() and type = m.getDeclaringType()
    |
      (
-        type instanceof SSLSocket or
-        type instanceof SSLServerSocket or
-        type instanceof SSLEngine
+        type instanceof SslSocket or
+        type instanceof SslServerSocket or
+        type instanceof SslEngine
      ) and
      m.hasName("setEnabledProtocols") and
      ma.getArgument(0) = asExpr()
@@ -94,6 +94,6 @@ class UnsafeTlsVersion extends StringLiteral {
  }
 }

-class SSLServerSocket extends RefType {
-  SSLServerSocket() { hasQualifiedName("javax.net.ssl", "SSLServerSocket") }
+class SslServerSocket extends RefType {
+  SslServerSocket() { hasQualifiedName("javax.net.ssl", "SSLServerSocket") }
 }
--- a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql
@@ -125,7 +125,7 @@ predicate isBasicAuthEnv(MethodAccess ma) {
 /**
 * Holds if `ma` sets `java.naming.security.protocol` (also known as `Context.SECURITY_PROTOCOL`) to `ssl` in some `Hashtable`.
 */
-predicate isSSLEnv(MethodAccess ma) {
+predicate isSslEnv(MethodAccess ma) {
  hasFieldValueEnv(ma, "java.naming.security.protocol", "ssl") or
  hasFieldNameEnv(ma, "SECURITY_PROTOCOL", "ssl")
 }
@@ -182,13 +182,13 @@ class BasicAuthFlowConfig extends DataFlow::Configuration {
 /**
 * A taint-tracking configuration for `ssl` configuration in LDAP authentication.
 */
-class SSLFlowConfig extends DataFlow::Configuration {
-  SSLFlowConfig() { this = "InsecureLdapAuth:SSLFlowConfig" }
+class SslFlowConfig extends DataFlow::Configuration {
+  SslFlowConfig() { this = "InsecureLdapAuth:SSLFlowConfig" }

  /** Source of `ssl` configuration. */
  override predicate isSource(DataFlow::Node src) {
    exists(MethodAccess ma |
-      isSSLEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr()
+      isSslEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr()
    )
  }

@@ -205,6 +205,6 @@ from DataFlow::PathNode source, DataFlow::PathNode sink, InsecureUrlFlowConfig c
 where
  config.hasFlowPath(source, sink) and
  exists(BasicAuthFlowConfig bc | bc.hasFlowTo(sink.getNode())) and
-  not exists(SSLFlowConfig sc | sc.hasFlowTo(sink.getNode()))
+  not exists(SslFlowConfig sc | sc.hasFlowTo(sink.getNode()))
 select sink.getNode(), source, sink, "Insecure LDAP authentication from $@.", source.getNode(),
  "LDAP connection string"
--- a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql
@@ -25,7 +25,7 @@ class UnsafeUrlForwardFlowConfig extends TaintTracking::Configuration {
    source instanceof RemoteFlowSource and
    not exists(MethodAccess ma, Method m | ma.getMethod() = m |
      (
-        m instanceof HttpServletRequestGetRequestURIMethod or
+        m instanceof HttpServletRequestGetRequestUriMethod or
        m instanceof HttpServletRequestGetRequestUrlMethod or
        m instanceof HttpServletRequestGetPathMethod
      ) and
--- a/java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll
@@ -73,7 +73,7 @@ class SafeValidator extends VarAccess {
  SafeValidator() {
    exists(Variable v | v = this.getVariable() |
      exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() |
-        config.disables(configAccessExternalDTD())
+        config.disables(configAccessExternalDtd())
      ) and
      exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() |
        config.disables(configAccessExternalSchema())
--- a/java/ql/test/library-tests/gwt/JSNI.ql
+++ b/java/ql/test/library-tests/gwt/JSNI.ql
@@ -1,5 +1,5 @@
 import java
 import semmle.code.java.frameworks.gwt.GWT

-from JSNIComment jsni
+from JsniComment jsni
 select jsni, jsni.getImplementedMethod()
--- a/java/ql/test/library-tests/j2objc/OCNIComment.expected
+++ b/java/ql/test/library-tests/j2objc/OCNIComment.expected
@@ -1,13 +1,13 @@
-| IosRSASignature | 39 | 1 | 60 | 4 | /* -[ ... */ | OCNIImport |
-| IosRSASignature | 78 | 62 | 80 | 6 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 137 | 3 | 173 | 6 | /* -[ ... */ | OCNIComment |
-| IosRSASignature | 177 | 62 | 189 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 192 | 82 | 205 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 210 | 62 | 222 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 225 | 82 | 238 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 243 | 62 | 255 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 258 | 82 | 271 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 276 | 62 | 288 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 291 | 82 | 304 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 309 | 62 | 321 | 8 | /* -[ ... */ | OCNIMethodComment |
-| IosRSASignature | 324 | 82 | 337 | 8 | /* -[ ... */ | OCNIMethodComment |
+| IosRSASignature | 39 | 1 | 60 | 4 | /* -[ ... */ | OcniImport |
+| IosRSASignature | 78 | 62 | 80 | 6 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 137 | 3 | 173 | 6 | /* -[ ... */ | OcniComment |
+| IosRSASignature | 177 | 62 | 189 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 192 | 82 | 205 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 210 | 62 | 222 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 225 | 82 | 238 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 243 | 62 | 255 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 258 | 82 | 271 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 276 | 62 | 288 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 291 | 82 | 304 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 309 | 62 | 321 | 8 | /* -[ ... */ | OcniMethodComment |
+| IosRSASignature | 324 | 82 | 337 | 8 | /* -[ ... */ | OcniMethodComment |
--- a/java/ql/test/library-tests/j2objc/OCNIComment.ql
+++ b/java/ql/test/library-tests/j2objc/OCNIComment.ql
@@ -1,6 +1,6 @@
 import semmle.code.java.frameworks.j2objc.J2ObjC

-from OCNIComment ocni
+from OcniComment ocni
 select ocni.getFile().getStem(), ocni.getLocation().getStartLine(),
  ocni.getLocation().getStartColumn(), ocni.getLocation().getEndLine(),
  ocni.getLocation().getEndColumn(), ocni.toString(), ocni.getAQlClass()
--- a/javascript/ql/lib/change-notes/2022-08-22-xml-rename.md
+++ b/javascript/ql/lib/change-notes/2022-08-22-xml-rename.md
@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
  The old name still exists as a deprecated alias.
--- a/javascript/ql/lib/semmle/javascript/XML.qll
+++ b/javascript/ql/lib/semmle/javascript/XML.qll
@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
  XmlElement getARootElement() { result = this.getAChild() }

  /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }

 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
 * <!ELEMENT lastName (#PCDATA)>
 * ```
 */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
  /** Gets the name of the root element of this DTD. */
  string getRoot() { xmlDTDs(this, result, _, _, _) }

@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
  }
 }

-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;

 /**
 * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
  string getPrefix() { xmlNs(this, result, _, _) }

  /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }

  /** Holds if this namespace has no prefix. */
  predicate isDefault() { this.getPrefix() = "" }

  override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
    or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
  }
 }

--- a/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll
@@ -4,9 +4,9 @@

 import javascript

-/** Provides classes for modeling NoSQL query sinks. */
+/** Provides classes for modeling NoSql query sinks. */
 module NoSql {
-  /** An expression that is interpreted as a NoSQL query. */
+  /** An expression that is interpreted as a NoSql query. */
  abstract class Query extends Expr {
    /** Gets an expression that is interpreted as a code operator in this query. */
    DataFlow::Node getACodeOperator() { none() }
--- a/javascript/ql/lib/semmle/javascript/frameworks/ServerLess.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/ServerLess.qll
@@ -14,15 +14,15 @@ private module ServerLess {
   * Holds if the `.yml` file `ymlFile` contains a serverless configuration with `handler` and `codeURI` properties.
   * `codeURI` defaults to the empty string if no explicit value is set in the configuration.
   */
-  private predicate hasServerlessHandler(File ymlFile, string handler, string codeURI) {
+  private predicate hasServerlessHandler(File ymlFile, string handler, string codeUri) {
    exists(YAMLMapping resource | ymlFile = resource.getFile() |
      // There exists at least "AWS::Serverless::Function" and "Aliyun::Serverless::Function"
      resource.lookup("Type").(YAMLScalar).getValue().regexpMatch(".*::Serverless::Function") and
      exists(YAMLMapping properties | properties = resource.lookup("Properties") |
        handler = properties.lookup("Handler").(YAMLScalar).getValue() and
        if exists(properties.lookup("CodeUri"))
-        then codeURI = properties.lookup("CodeUri").(YAMLScalar).getValue()
-        else codeURI = ""
+        then codeUri = properties.lookup("CodeUri").(YAMLScalar).getValue()
+        else codeUri = ""
      )
      or
      // The `serverless` library, which specifies a top-level `functions` property
@@ -30,7 +30,7 @@ private module ServerLess {
        functions = resource.lookup("functions") and
        not exists(resource.getParentNode()) and
        handler = functions.getValue(_).(YAMLMapping).lookup("handler").(YAMLScalar).getValue() and
-        codeURI = ""
+        codeUri = ""
      )
    )
  }
@@ -58,9 +58,9 @@ private module ServerLess {
   *
   * For example if `codeURI` is "function/." and `file` is "index", then the result becomes "function/index.js".
   */
-  bindingset[codeURI, file]
-  private string getPathFromHandlerProperties(string codeURI, string file) {
-    exists(string folder | folder = removeLeadingDotSlash(removeTrailingDot(codeURI)) |
+  bindingset[codeUri, file]
+  private string getPathFromHandlerProperties(string codeUri, string file) {
+    exists(string folder | folder = removeLeadingDotSlash(removeTrailingDot(codeUri)) |
      result = folder + file + ".js"
    )
  }
@@ -69,8 +69,8 @@ private module ServerLess {
   * Holds if `file` has a serverless handler function with name `func`.
   */
  private predicate hasServerlessHandler(File file, string func) {
-    exists(File ymlFile, string handler, string codeURI, string fileName |
-      hasServerlessHandler(ymlFile, handler, codeURI) and
+    exists(File ymlFile, string handler, string codeUri, string fileName |
+      hasServerlessHandler(ymlFile, handler, codeUri) and
      // Splits a `handler` into two components. The `fileName` to the left of the dot, and the `func` to the right.
      // E.g. if `handler` is "index.foo", then `fileName` is "index" and `func` is "foo".
      exists(string pattern | pattern = "(.*)\\.(.*)" |
@@ -80,7 +80,7 @@ private module ServerLess {
    |
      file.getAbsolutePath() =
        ymlFile.getParentContainer().getAbsolutePath() + "/" +
-          getPathFromHandlerProperties(codeURI, fileName)
+          getPathFromHandlerProperties(codeUri, fileName)
    )
  }

--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
@@ -177,7 +177,7 @@ module ClientSideUrlRedirect {
      )
      or
      // e.g. node.setAttribute("href", sink)
-      any(DomMethodCallExpr call).interpretsArgumentsAsURL(this.asExpr())
+      any(DomMethodCallExpr call).interpretsArgumentsAsUrl(this.asExpr())
    }

    override predicate isXssSink() { any() }
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
@@ -86,7 +86,7 @@ class DomMethodCallExpr extends MethodCallExpr {
  /**
   * Holds if `arg` is an argument that is used as an URL.
   */
-  predicate interpretsArgumentsAsURL(Expr arg) {
+  predicate interpretsArgumentsAsUrl(Expr arg) {
    exists(int argPos, string name |
      arg = this.getArgument(argPos) and
      name = this.getMethodName()
@@ -103,6 +103,9 @@ class DomMethodCallExpr extends MethodCallExpr {
    )
  }

+  /** DEPRECATED: Alias for interpretsArgumentsAsUrl */
+  deprecated predicate interpretsArgumentsAsURL(Expr arg) { this.interpretsArgumentsAsUrl(arg) }
+
  /** DEPRECATED: Alias for interpretsArgumentsAsHtml */
  deprecated predicate interpretsArgumentsAsHTML(Expr arg) { this.interpretsArgumentsAsHtml(arg) }
 }
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
@@ -23,13 +23,16 @@ deprecated class JQueryHtmlOrSelectorInjectionConfiguration = Configuration;
 * A sink that is not a URL write or a JQuery selector,
 * assumed to be a value that is interpreted as HTML.
 */
-class HTMLSink extends DataFlow::Node instanceof Sink {
-  HTMLSink() {
+class HtmlSink extends DataFlow::Node instanceof Sink {
+  HtmlSink() {
    not this instanceof WriteUrlSink and
    not this instanceof JQueryHtmlOrSelectorSink
  }
 }

+/** DEPRECATED: Alias for HtmlSink */
+deprecated class HTMLSink = HtmlSink;
+
 /**
 * A taint-tracking configuration for reasoning about XSS.
 * Both ordinary HTML sinks, URL sinks, and JQuery selector based sinks.
@@ -55,7 +58,7 @@ class Configuration extends TaintTracking::Configuration {
  }

  override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
-    sink instanceof HTMLSink and
+    sink instanceof HtmlSink and
    label = [TaintedUrlSuffix::label(), prefixLabel(), DataFlow::FlowLabel::taint()]
    or
    sink instanceof JQueryHtmlOrSelectorSink and
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll
@@ -1,10 +1,10 @@
-/** DEPRECATED. Import `ExternalAPIUsedWithUntrustedDataQuery` instead. */
+/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */

 import javascript
-private import ExternalAPIUsedWithUntrustedDataQuery as ExternalAPIUsedWithUntrustedDataQuery // ignore-query-import
+private import ExternalAPIUsedWithUntrustedDataQuery as ExternalApiUsedWithUntrustedDataQuery // ignore-query-import

-/** DEPRECATED. Import `ExternalAPIUsedWithUntrustedDataQuery` instead. */
-deprecated module ExternalApiUsedWithUntrustedData = ExternalAPIUsedWithUntrustedDataQuery;
+/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */
+deprecated module ExternalApiUsedWithUntrustedData = ExternalApiUsedWithUntrustedDataQuery;

 /** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
 deprecated module ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll
@@ -81,6 +81,7 @@ deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
 * Name of an external API sink, boxed in a newtype for consistency with other languages.
 */
 private newtype TExternalApi =
+  /** An external API sink with `name`. */
  MkExternalApiNode(string name) {
    exists(Sink sink |
      any(Configuration c).hasFlow(_, sink) and
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll
@@ -62,7 +62,7 @@ module Shared {
    }
  }

-  private import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHTML
+  private import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHtml

  /**
   * A guard that checks if a string can contain quotes, which is a guard for strings that are inside a HTML attribute.
@@ -72,7 +72,7 @@ module Shared {
      this.getSubstring().mayHaveStringValue("\"") and
      this.getBaseString()
          .getALocalSource()
-          .flowsTo(any(IncompleteHTML::HtmlAttributeConcatenation attributeConcat))
+          .flowsTo(any(IncompleteHtml::HtmlAttributeConcatenation attributeConcat))
    }

    override predicate sanitizes(boolean outcome, Expr e) {
--- a/python/ql/lib/change-notes/2022-08-22-xml-rename.md
+++ b/python/ql/lib/change-notes/2022-08-22-xml-rename.md
@@ -1,5 +1,5 @@
 ---
 category: deprecated
 ---
-* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. 
+* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. 
  The old name still exists as a deprecated alias.
--- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll
+++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll
@@ -1854,16 +1854,22 @@ private module StdlibPrivate {
  deprecated API::Node cgiHTTPServer() { result = cgiHttpServer() }

  /** Provides models for the `CGIHTTPServer` module. */
-  module CGIHTTPServer {
+  module CgiHttpServer {
    /**
     * Provides models for the `CGIHTTPServer.CGIHTTPRequestHandler` class (Python 2 only).
     */
-    module CGIHTTPRequestHandler {
-      /** Gets a reference to the `CGIHTTPServer.CGIHTTPRequestHandler` class. */
+    module CgiHttpRequestHandler {
+      /** Gets a reference to the `CGIHTTPServer.CgiHttpRequestHandler` class. */
      API::Node classRef() { result = cgiHttpServer().getMember("CGIHTTPRequestHandler") }
    }
+
+    /** DEPRECATED: Alias for CgiHttpRequestHandler */
+    deprecated module CGIHTTPRequestHandler = CgiHttpRequestHandler;
  }

+  /** DEPRECATED: Alias for CgiHttpServer */
+  deprecated module CGIHTTPServer = CgiHttpServer;
+
  // ---------------------------------------------------------------------------
  // http (Python 3 only)
  // ---------------------------------------------------------------------------
@@ -1911,10 +1917,13 @@ private module StdlibPrivate {
       *
       * See https://docs.python.org/3.9/library/http.server.html#http.server.CGIHTTPRequestHandler.
       */
-      module CGIHTTPRequestHandler {
+      module CgiHttpRequestHandler {
        /** Gets a reference to the `http.server.CGIHTTPRequestHandler` class. */
        API::Node classRef() { result = server().getMember("CGIHTTPRequestHandler") }
      }
+
+      /** DEPRECATED: Alias for CgiHttpRequestHandler */
+      deprecated module CGIHTTPRequestHandler = CgiHttpRequestHandler;
    }
  }

@@ -1933,11 +1942,11 @@ private module StdlibPrivate {
          // Python 2
          BaseHttpServer::BaseHttpRequestHandler::classRef(),
          SimpleHttpServer::SimpleHttpRequestHandler::classRef(),
-          CGIHTTPServer::CGIHTTPRequestHandler::classRef(),
+          CgiHttpServer::CgiHttpRequestHandler::classRef(),
          // Python 3
          Http::Server::BaseHttpRequestHandler::classRef(),
          Http::Server::SimpleHttpRequestHandler::classRef(),
-          Http::Server::CGIHTTPRequestHandler::classRef()
+          Http::Server::CgiHttpRequestHandler::classRef()
        ].getASubclass*()
    }

--- a/python/ql/lib/semmle/python/xml/XML.qll
+++ b/python/ql/lib/semmle/python/xml/XML.qll
@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
  XmlElement getARootElement() { result = this.getAChild() }

  /** Gets a DTD associated with this XML file. */
-  XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
+  XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
+
+  /** DEPRECATED: Alias for getADtd */
+  deprecated XmlDtd getADTD() { result = this.getADtd() }
 }

 /** DEPRECATED: Alias for XmlFile */
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
 * <!ELEMENT lastName (#PCDATA)>
 * ```
 */
-class XmlDTD extends XmlLocatable, @xmldtd {
+class XmlDtd extends XmlLocatable, @xmldtd {
  /** Gets the name of the root element of this DTD. */
  string getRoot() { xmlDTDs(this, result, _, _, _) }

@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
  }
 }

-/** DEPRECATED: Alias for XmlDTD */
-deprecated class XMLDTD = XmlDTD;
+/** DEPRECATED: Alias for XmlDtd */
+deprecated class XMLDTD = XmlDtd;

 /**
 * An XML element in an XML file.
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
  string getPrefix() { xmlNs(this, result, _, _) }

  /** Gets the URI of this namespace. */
-  string getURI() { xmlNs(this, _, result, _) }
+  string getUri() { xmlNs(this, _, result, _) }
+
+  /** DEPRECATED: Alias for getUri */
+  deprecated string getURI() { result = this.getUri() }

  /** Holds if this namespace has no prefix. */
  predicate isDefault() { this.getPrefix() = "" }

  override string toString() {
-    this.isDefault() and result = this.getURI()
+    this.isDefault() and result = this.getUri()
    or
-    not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
+    not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
  }
 }

--- a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
+++ b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
@@ -129,7 +129,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */
 deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;

+/** An external API which is used with untrusted data. */
 private newtype TExternalApi =
+  /** An untrusted API method `m` where untrusted data is passed at `index`. */
  TExternalApiParameter(DataFlowPrivate::DataFlowCallable callable, int index) {
    exists(UntrustedExternalApiDataNode n |
      callable = n.getCallable() and
--- a/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql
+++ b/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql
@@ -19,14 +19,14 @@ private API::Node unsafe_paramiko_policy(string name) {
  result = API::moduleImport("paramiko").getMember("client").getMember(name)
 }

-private API::Node paramikoSSHClientInstance() {
+private API::Node paramikoSshClientInstance() {
  result = API::moduleImport("paramiko").getMember("client").getMember("SSHClient").getReturn()
 }

 from DataFlow::CallCfgNode call, DataFlow::Node arg, string name
 where
  // see http://docs.paramiko.org/en/stable/api/client.html#paramiko.client.SSHClient.set_missing_host_key_policy
-  call = paramikoSSHClientInstance().getMember("set_missing_host_key_policy").getACall() and
+  call = paramikoSshClientInstance().getMember("set_missing_host_key_policy").getACall() and
  arg in [call.getArg(0), call.getArgByName("policy")] and
  (
    arg = unsafe_paramiko_policy(name).getAValueReachableFromSource() or
--- a/python/ql/src/Security/CWE-327/PyOpenSSL.qll
+++ b/python/ql/src/Security/CWE-327/PyOpenSSL.qll
@@ -7,13 +7,13 @@ private import python
 private import semmle.python.ApiGraphs
 import TlsLibraryModel

-class PyOpenSSLContextCreation extends ContextCreation, DataFlow::CallCfgNode {
-  PyOpenSSLContextCreation() {
+class PyOpenSslContextCreation extends ContextCreation, DataFlow::CallCfgNode {
+  PyOpenSslContextCreation() {
    this = API::moduleImport("OpenSSL").getMember("SSL").getMember("Context").getACall()
  }

  override string getProtocol() {
-    exists(DataFlow::Node protocolArg, PyOpenSSL pyo |
+    exists(DataFlow::Node protocolArg, PyOpenSsl pyo |
      protocolArg in [this.getArg(0), this.getArgByName("method")]
    |
      protocolArg in [
@@ -51,12 +51,12 @@ class SetOptionsCall extends ProtocolRestriction, DataFlow::CallCfgNode {
  }
 }

-class UnspecificPyOpenSSLContextCreation extends PyOpenSSLContextCreation, UnspecificContextCreation {
-  UnspecificPyOpenSSLContextCreation() { library instanceof PyOpenSSL }
+class UnspecificPyOpenSslContextCreation extends PyOpenSslContextCreation, UnspecificContextCreation {
+  UnspecificPyOpenSslContextCreation() { library instanceof PyOpenSsl }
 }

-class PyOpenSSL extends TlsLibrary {
-  PyOpenSSL() { this = "pyOpenSSL" }
+class PyOpenSsl extends TlsLibrary {
+  PyOpenSsl() { this = "pyOpenSSL" }

  override string specific_version_name(ProtocolVersion version) { result = version + "_METHOD" }

@@ -70,7 +70,7 @@ class PyOpenSSL extends TlsLibrary {
  override ContextCreation default_context_creation() { none() }

  override ContextCreation specific_context_creation() {
-    result instanceof PyOpenSSLContextCreation
+    result instanceof PyOpenSslContextCreation
  }

  override DataFlow::Node insecure_connection_creation(ProtocolVersion version) { none() }
@@ -80,6 +80,6 @@ class PyOpenSSL extends TlsLibrary {
  override ProtocolRestriction protocol_restriction() { result instanceof SetOptionsCall }

  override ProtocolUnrestriction protocol_unrestriction() {
-    result instanceof UnspecificPyOpenSSLContextCreation
+    result instanceof UnspecificPyOpenSslContextCreation
  }
 }
--- a/python/ql/src/Security/CWE-327/Ssl.qll
+++ b/python/ql/src/Security/CWE-327/Ssl.qll
@@ -7,8 +7,8 @@ private import python
 private import semmle.python.ApiGraphs
 import TlsLibraryModel

-class SSLContextCreation extends ContextCreation, DataFlow::CallCfgNode {
-  SSLContextCreation() { this = API::moduleImport("ssl").getMember("SSLContext").getACall() }
+class SslContextCreation extends ContextCreation, DataFlow::CallCfgNode {
+  SslContextCreation() { this = API::moduleImport("ssl").getMember("SSLContext").getACall() }

  override string getProtocol() {
    exists(DataFlow::Node protocolArg, Ssl ssl |
@@ -27,8 +27,8 @@ class SSLContextCreation extends ContextCreation, DataFlow::CallCfgNode {
  }
 }

-class SSLDefaultContextCreation extends ContextCreation {
-  SSLDefaultContextCreation() {
+class SslDefaultContextCreation extends ContextCreation {
+  SslDefaultContextCreation() {
    this = API::moduleImport("ssl").getMember("create_default_context").getACall()
  }

@@ -161,8 +161,8 @@ class ContextSetVersion extends ProtocolRestriction, ProtocolUnrestriction, Data
  }
 }

-class UnspecificSSLContextCreation extends SSLContextCreation, UnspecificContextCreation {
-  UnspecificSSLContextCreation() { library instanceof Ssl }
+class UnspecificSslContextCreation extends SslContextCreation, UnspecificContextCreation {
+  UnspecificSslContextCreation() { library instanceof Ssl }

  override ProtocolVersion getUnrestriction() {
    result = UnspecificContextCreation.super.getUnrestriction() and
@@ -172,7 +172,7 @@ class UnspecificSSLContextCreation extends SSLContextCreation, UnspecificContext
  }
 }

-class UnspecificSSLDefaultContextCreation extends SSLDefaultContextCreation, ProtocolUnrestriction {
+class UnspecificSslDefaultContextCreation extends SslDefaultContextCreation, ProtocolUnrestriction {
  override DataFlow::Node getContext() { result = this }

  // see https://docs.python.org/3/library/ssl.html#ssl.create_default_context
@@ -195,10 +195,10 @@ class Ssl extends TlsLibrary {
  override API::Node version_constants() { result = API::moduleImport("ssl") }

  override ContextCreation default_context_creation() {
-    result instanceof SSLDefaultContextCreation
+    result instanceof SslDefaultContextCreation
  }

-  override ContextCreation specific_context_creation() { result instanceof SSLContextCreation }
+  override ContextCreation specific_context_creation() { result instanceof SslContextCreation }

  override DataFlow::CallCfgNode insecure_connection_creation(ProtocolVersion version) {
    result = API::moduleImport("ssl").getMember("wrap_socket").getACall() and
@@ -220,8 +220,8 @@ class Ssl extends TlsLibrary {
    or
    result instanceof ContextSetVersion
    or
-    result instanceof UnspecificSSLContextCreation
+    result instanceof UnspecificSslContextCreation
    or
-    result instanceof UnspecificSSLDefaultContextCreation
+    result instanceof UnspecificSslDefaultContextCreation
  }
 }
--- a/python/ql/src/experimental/Security/CWE-091/Xslt.ql
+++ b/python/ql/src/experimental/Security/CWE-091/Xslt.ql
@@ -17,8 +17,8 @@ import semmle.python.web.HttpRequest
 /* Sinks */
 import experimental.semmle.python.security.injection.XSLT

-class XSLTInjectionConfiguration extends TaintTracking::Configuration {
-  XSLTInjectionConfiguration() { this = "XSLT injection configuration" }
+class XsltInjectionConfiguration extends TaintTracking::Configuration {
+  XsltInjectionConfiguration() { this = "XSLT injection configuration" }

  deprecated override predicate isSource(TaintTracking::Source source) {
    source instanceof HttpRequestTaintSource
@@ -29,7 +29,7 @@ class XSLTInjectionConfiguration extends TaintTracking::Configuration {
  }
 }

-from XSLTInjectionConfiguration config, TaintedPathSource src, TaintedPathSink sink
+from XsltInjectionConfiguration config, TaintedPathSource src, TaintedPathSink sink
 where config.hasFlowPath(src, sink)
 select sink.getSink(), src, sink, "This XSLT query depends on $@.", src.getSource(),
  "a user-provided value"
--- a/python/ql/src/experimental/semmle/python/Concepts.qll
+++ b/python/ql/src/experimental/semmle/python/Concepts.qll
@@ -182,7 +182,10 @@ module LdapBind {
    /**
     * Holds if the binding process use SSL.
     */
-    abstract predicate useSSL();
+    abstract predicate useSsl();
+
+    /** DEPRECATED: Alias for useSsl */
+    deprecated predicate useSSL() { useSsl() }
  }
 }

@@ -213,7 +216,10 @@ class LdapBind extends DataFlow::Node {
  /**
   * Holds if the binding process use SSL.
   */
-  predicate useSSL() { range.useSSL() }
+  predicate useSsl() { range.useSsl() }
+
+  /** DEPRECATED: Alias for useSsl */
+  deprecated predicate useSSL() { useSsl() }
 }

 /** DEPRECATED: Alias for LdapBind */
--- a/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll
@@ -12,13 +12,13 @@ private import semmle.python.ApiGraphs
 /**
 * Provides models for Python's ldap-related libraries.
 */
-private module LDAP {
+private module Ldap {
  /**
   * Provides models for the `python-ldap` PyPI package (imported as `ldap`).
   *
   * See https://www.python-ldap.org/en/python-ldap-3.3.0/index.html
   */
-  private module LDAP2 {
+  private module Ldap2 {
    /** Gets a reference to the `ldap` module. */
    API::Node ldap() { result = API::moduleImport("ldap") }

@@ -38,8 +38,8 @@ private module LDAP {
     *
     * See https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#functions
     */
-    private class LDAP2QueryMethods extends string {
-      LDAP2QueryMethods() {
+    private class Ldap2QueryMethods extends string {
+      Ldap2QueryMethods() {
        this in ["search", "search_s", "search_st", "search_ext", "search_ext_s"]
      }
    }
@@ -52,7 +52,7 @@ private module LDAP {
    /** Gets a reference to a `ldap` query. */
    private DataFlow::Node ldapQuery() {
      result = ldapOperation() and
-      result.(DataFlow::AttrRead).getAttributeName() instanceof LDAP2QueryMethods
+      result.(DataFlow::AttrRead).getAttributeName() instanceof Ldap2QueryMethods
    }

    /**
@@ -60,8 +60,8 @@ private module LDAP {
     *
     * See `LDAP2QueryMethods`
     */
-    private class LDAP2Query extends DataFlow::CallCfgNode, LdapQuery::Range {
-      LDAP2Query() { this.getFunction() = ldapQuery() }
+    private class Ldap2Query extends DataFlow::CallCfgNode, LdapQuery::Range {
+      Ldap2Query() { this.getFunction() = ldapQuery() }

      override DataFlow::Node getQuery() {
        result in [this.getArg(0), this.getArg(2), this.getArgByName("filterstr")]
@@ -73,8 +73,8 @@ private module LDAP {
     *
     * See https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#functions
     */
-    private class LDAP2BindMethods extends string {
-      LDAP2BindMethods() {
+    private class Ldap2BindMethods extends string {
+      Ldap2BindMethods() {
        this in [
            "bind", "bind_s", "simple_bind", "simple_bind_s", "sasl_interactive_bind_s",
            "sasl_non_interactive_bind_s", "sasl_external_bind_s", "sasl_gssapi_bind_s"
@@ -85,12 +85,12 @@ private module LDAP {
    /** Gets a reference to a `ldap` bind. */
    private DataFlow::Node ldapBind() {
      result = ldapOperation() and
-      result.(DataFlow::AttrRead).getAttributeName() instanceof LDAP2BindMethods
+      result.(DataFlow::AttrRead).getAttributeName() instanceof Ldap2BindMethods
    }

    /**List of SSL-demanding options */
-    private class LDAPSSLOptions extends DataFlow::Node {
-      LDAPSSLOptions() {
+    private class LdapSslOptions extends DataFlow::Node {
+      LdapSslOptions() {
        this = ldap().getMember("OPT_X_TLS_" + ["DEMAND", "HARD"]).getAValueReachableFromSource()
      }
    }
@@ -100,8 +100,8 @@ private module LDAP {
     *
     * See `LDAP2BindMethods`
     */
-    private class LDAP2Bind extends DataFlow::CallCfgNode, LdapBind::Range {
-      LDAP2Bind() { this.getFunction() = ldapBind() }
+    private class Ldap2Bind extends DataFlow::CallCfgNode, LdapBind::Range {
+      Ldap2Bind() { this.getFunction() = ldapBind() }

      override DataFlow::Node getPassword() {
        result in [this.getArg(1), this.getArgByName("cred")]
@@ -115,11 +115,11 @@ private module LDAP {
        )
      }

-      override predicate useSSL() {
+      override predicate useSsl() {
        // use initialize to correlate `this` and so avoid FP in several instances
        exists(DataFlow::CallCfgNode initialize |
          // ldap.set_option(ldap.OPT_X_TLS_%s)
-          ldap().getMember("set_option").getACall().getArg(_) instanceof LDAPSSLOptions
+          ldap().getMember("set_option").getACall().getArg(_) instanceof LdapSslOptions
          or
          this.getFunction().(DataFlow::AttrRead).getObject().getALocalSource() = initialize and
          initialize = ldapInitialize().getACall() and
@@ -136,7 +136,7 @@ private module LDAP {
              setOption.getFunction().(DataFlow::AttrRead).getObject().getALocalSource() =
                initialize and
              setOption.getFunction().(DataFlow::AttrRead).getAttributeName() = "set_option" and
-              setOption.getArg(0) instanceof LDAPSSLOptions and
+              setOption.getArg(0) instanceof LdapSslOptions and
              not DataFlow::exprNode(any(False falseExpr))
                  .(DataFlow::LocalSourceNode)
                  .flowsTo(setOption.getArg(1))
@@ -144,6 +144,9 @@ private module LDAP {
          )
        )
      }
+
+      /** DEPRECATED: Alias for useSsl */
+      deprecated override predicate useSSL() { this.useSsl() }
    }

    /**
@@ -151,8 +154,8 @@ private module LDAP {
     *
     * See https://github.com/python-ldap/python-ldap/blob/7ce471e238cdd9a4dd8d17baccd1c9e05e6f894a/Lib/ldap/dn.py#L17
     */
-    private class LDAP2EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range {
-      LDAP2EscapeDNCall() { this = ldap().getMember("dn").getMember("escape_dn_chars").getACall() }
+    private class Ldap2EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range {
+      Ldap2EscapeDNCall() { this = ldap().getMember("dn").getMember("escape_dn_chars").getACall() }

      override DataFlow::Node getAnInput() { result = this.getArg(0) }
    }
@@ -162,8 +165,8 @@ private module LDAP {
     *
     * See https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap-filter.html#ldap.filter.escape_filter_chars
     */
-    private class LDAP2EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range {
-      LDAP2EscapeFilterCall() {
+    private class Ldap2EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range {
+      Ldap2EscapeFilterCall() {
        this = ldap().getMember("filter").getMember("escape_filter_chars").getACall()
      }

@@ -176,7 +179,7 @@ private module LDAP {
   *
   * See https://pypi.org/project/ldap3/
   */
-  private module LDAP3 {
+  private module Ldap3 {
    /** Gets a reference to the `ldap3` module. */
    API::Node ldap3() { result = API::moduleImport("ldap3") }

@@ -192,8 +195,8 @@ private module LDAP {
    /**
     * A class to find `ldap3` methods executing a query.
     */
-    private class LDAP3Query extends DataFlow::CallCfgNode, LdapQuery::Range {
-      LDAP3Query() {
+    private class Ldap3Query extends DataFlow::CallCfgNode, LdapQuery::Range {
+      Ldap3Query() {
        this.getFunction().(DataFlow::AttrRead).getObject().getALocalSource() =
          ldap3Connection().getACall() and
        this.getFunction().(DataFlow::AttrRead).getAttributeName() = "search"
@@ -205,8 +208,8 @@ private module LDAP {
    /**
     * A class to find `ldap3` methods binding a connection.
     */
-    class LDAP3Bind extends DataFlow::CallCfgNode, LdapBind::Range {
-      LDAP3Bind() { this = ldap3Connection().getACall() }
+    class Ldap3Bind extends DataFlow::CallCfgNode, LdapBind::Range {
+      Ldap3Bind() { this = ldap3Connection().getACall() }

      override DataFlow::Node getPassword() {
        result in [this.getArg(2), this.getArgByName("password")]
@@ -220,7 +223,7 @@ private module LDAP {
        )
      }

-      override predicate useSSL() {
+      override predicate useSsl() {
        exists(DataFlow::CallCfgNode serverCall |
          serverCall = ldap3Server().getACall() and
          this.getArg(0).getALocalSource() = serverCall and
@@ -236,6 +239,9 @@ private module LDAP {
          startTLS.getObject().getALocalSource() = this
        )
      }
+
+      /** DEPRECATED: Alias for useSsl */
+      deprecated override predicate useSSL() { this.useSsl() }
    }

    /**
@@ -243,8 +249,8 @@ private module LDAP {
     *
     * See https://github.com/cannatag/ldap3/blob/4d33166f0869b929f59c6e6825a1b9505eb99967/ldap3/utils/dn.py#L390
     */
-    private class LDAP3EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range {
-      LDAP3EscapeDNCall() { this = ldap3Utils().getMember("dn").getMember("escape_rdn").getACall() }
+    private class Ldap3EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range {
+      Ldap3EscapeDNCall() { this = ldap3Utils().getMember("dn").getMember("escape_rdn").getACall() }

      override DataFlow::Node getAnInput() { result = this.getArg(0) }
    }
@@ -254,8 +260,8 @@ private module LDAP {
     *
     * See https://github.com/cannatag/ldap3/blob/4d33166f0869b929f59c6e6825a1b9505eb99967/ldap3/utils/conv.py#L91
     */
-    private class LDAP3EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range {
-      LDAP3EscapeFilterCall() {
+    private class Ldap3EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range {
+      Ldap3EscapeFilterCall() {
        this = ldap3Utils().getMember("conv").getMember("escape_filter_chars").getACall()
      }

--- a/python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll
+++ b/python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll
@@ -122,7 +122,7 @@ class LdapInsecureAuthConfig extends TaintTracking::Configuration {
  }

  override predicate isSink(DataFlow::Node sink) {
-    exists(LdapBind ldapBind | not ldapBind.useSSL() and sink = ldapBind.getHost())
+    exists(LdapBind ldapBind | not ldapBind.useSsl() and sink = ldapBind.getHost())
  }
 }

--- a/python/ql/src/experimental/semmle/python/security/injection/XSLT.qll
+++ b/python/ql/src/experimental/semmle/python/security/injection/XSLT.qll
@@ -11,12 +11,15 @@ import semmle.python.dataflow.TaintTracking
 import semmle.python.web.HttpRequest

 /** Models XSLT Injection related classes and functions */
-module XSLTInjection {
+module XsltInjection {
  /** Returns a class value which refers to `lxml.etree` */
  Value etree() { result = Value::named("lxml.etree") }

  /** A generic taint sink that is vulnerable to XSLT injection. */
-  abstract class XSLTInjectionSink extends TaintSink { }
+  abstract class XsltInjectionSink extends TaintSink { }
+
+  /** DEPRECATED: Alias for XsltInjectionSink */
+  deprecated class XSLTInjectionSink = XsltInjectionSink;

  /**
   * A kind of "taint", representing an untrusted XML string
@@ -73,10 +76,10 @@ module XSLTInjection {
   *    root = etree.XML("<xmlContent>")
   *    find_text = etree.XSLT("`sink`")
   */
-  private class EtreeXSLTArgument extends XSLTInjectionSink {
+  private class EtreeXsltArgument extends XsltInjectionSink {
    override string toString() { result = "lxml.etree.XSLT" }

-    EtreeXSLTArgument() {
+    EtreeXsltArgument() {
      exists(CallNode call | call.getFunction().(AttrNode).getObject("XSLT").pointsTo(etree()) |
        call.getArg(0) = this
      )
@@ -94,10 +97,10 @@ module XSLTInjection {
   *    tree = etree.parse(f)
   *    result_tree = tree.xslt(`sink`)
   */
-  private class ParseXSLTArgument extends XSLTInjectionSink {
+  private class ParseXsltArgument extends XsltInjectionSink {
    override string toString() { result = "lxml.etree.parse.xslt" }

-    ParseXSLTArgument() {
+    ParseXsltArgument() {
      exists(
        CallNode parseCall, CallNode xsltCall, ControlFlowNode obj, Variable var, AssignStmt assign
      |
@@ -113,3 +116,6 @@ module XSLTInjection {
    override predicate sinks(TaintKind kind) { kind instanceof ExternalXmlKind }
  }
 }
+
+/** DEPRECATED: Alias for XsltInjection */
+deprecated module XSLTInjection = XsltInjection;
--- a/python/ql/test/experimental/query-tests/Security/CWE-091/XsltSinks.ql
+++ b/python/ql/test/experimental/query-tests/Security/CWE-091/XsltSinks.ql
@@ -1,6 +1,6 @@
 import python
 import experimental.semmle.python.security.injection.XSLT

-from XSLTInjection::XSLTInjectionSink sink, TaintKind kind
+from XsltInjection::XsltInjectionSink sink, TaintKind kind
 where sink.sinks(kind)
 select sink, kind
--- a/ruby/ql/lib/codeql/ruby/Concepts.qll
+++ b/ruby/ql/lib/codeql/ruby/Concepts.qll
@@ -714,7 +714,7 @@ module PersistentWriteAccess {
 * Extend this class to refine existing API models. If you want to model new APIs,
 * extend `CSRFProtectionSetting::Range` instead.
 */
-class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSetting::Range {
+class CsrfProtectionSetting extends DataFlow::Node instanceof CsrfProtectionSetting::Range {
  /**
   * Gets the boolean value corresponding to if CSRF protection is enabled
   * (`true`) or disabled (`false`) by this node.
@@ -722,8 +722,11 @@ class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSett
  boolean getVerificationSetting() { result = super.getVerificationSetting() }
 }

+/** DEPRECATED: Alias for CsrfProtectionSetting */
+deprecated class CSRFProtectionSetting = CsrfProtectionSetting;
+
 /** Provides a class for modeling new CSRF protection setting APIs. */
-module CSRFProtectionSetting {
+module CsrfProtectionSetting {
  /**
   * A data-flow node that may set or unset Cross-site request forgery protection.
   *
@@ -739,6 +742,9 @@ module CSRFProtectionSetting {
  }
 }

+/** DEPRECATED: Alias for CsrfProtectionSetting */
+deprecated module CSRFProtectionSetting = CsrfProtectionSetting;
+
 /** Provides classes for modeling path-related APIs. */
 module Path {
  /**
--- a/Show More
+++ b/Show More