Java: Rename to EnvReadMethod

java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql

@@ -129,7 +129,7 @@ private class FlagToGuardFlow extends DataFlow::Configuration {
   override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof Guard }
 
   override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(MethodAccess ma | ma.getMethod() = any(EnvTaintedMethod m) |
+    exists(MethodAccess ma | ma.getMethod() = any(EnvReadMethod m) |
       ma = node2.asExpr() and ma.getAnArgument() = node1.asExpr()
     )
     or

java/ql/src/semmle/code/java/dataflow/FlowSources.qll

@@ -226,7 +226,7 @@ class EnvInput extends LocalUserInput {
     )
     or
     // Results from various specific methods.
-    this.asExpr().(MethodAccess).getMethod() instanceof EnvTaintedMethod
+    this.asExpr().(MethodAccess).getMethod() instanceof EnvReadMethod
     or
     // Access to `System.in`.
     exists(Field f | this.asExpr() = f.getAnAccess() | f instanceof SystemIn)
@@ -292,9 +292,9 @@ private class SpringWebRequestGetMethod extends Method {
   }
 }
 
-/** Models methods that are tainted by the environment of the user, such as `System.getProperty` or `System.getenv()`. */
-class EnvTaintedMethod extends Method {
-  EnvTaintedMethod() {
+/** A method that reads from the environment, such as `System.getProperty` or `System.getenv`. */
+class EnvReadMethod extends Method {
+  EnvReadMethod() {
     this instanceof MethodSystemGetenv or
     this instanceof PropertiesGetPropertyMethod or
     this instanceof MethodSystemGetProperty