patch upper-case acronyms to be PascalCase

cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql

@@ -11,7 +11,7 @@
 import cpp
 import ExternalAPIs
 
-from ExternalAPIUsedWithUntrustedData externalAPI
-select externalAPI, count(externalAPI.getUntrustedDataNode()) as numberOfUses,
-  externalAPI.getNumberOfUntrustedSources() as numberOfUntrustedSources order by
+from ExternalApiUsedWithUntrustedData externalApi
+select externalApi, count(externalApi.getUntrustedDataNode()) as numberOfUses,
+  externalApi.getNumberOfUntrustedSources() as numberOfUntrustedSources order by
     numberOfUntrustedSources desc

cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll

@@ -9,28 +9,31 @@ private import semmle.code.cpp.models.interfaces.Taint
 import ExternalAPIsSpecific
 
 /** A node representing untrusted data being passed to an external API. */
-class UntrustedExternalAPIDataNode extends ExternalAPIDataNode {
-  UntrustedExternalAPIDataNode() { any(UntrustedDataToExternalAPIConfig c).hasFlow(_, this) }
+class UntrustedExternalApiDataNode extends ExternalApiDataNode {
+  UntrustedExternalApiDataNode() { any(UntrustedDataToExternalApiConfig c).hasFlow(_, this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() {
-    any(UntrustedDataToExternalAPIConfig c).hasFlow(result, this)
+    any(UntrustedDataToExternalApiConfig c).hasFlow(result, this)
   }
 }
 
-private newtype TExternalAPI =
-  TExternalAPIParameter(Function f, int index) {
-    exists(UntrustedExternalAPIDataNode n |
+/** DEPRECATED: Alias for UntrustedExternalApiDataNode */
+deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
+
+private newtype TExternalApi =
+  TExternalApiParameter(Function f, int index) {
+    exists(UntrustedExternalApiDataNode n |
       f = n.getExternalFunction() and
       index = n.getIndex()
     )
   }
 
 /** An external API which is used with untrusted data. */
-class ExternalAPIUsedWithUntrustedData extends TExternalAPI {
+class ExternalApiUsedWithUntrustedData extends TExternalApi {
   /** Gets a possibly untrusted use of this external API. */
-  UntrustedExternalAPIDataNode getUntrustedDataNode() {
-    this = TExternalAPIParameter(result.getExternalFunction(), result.getIndex())
+  UntrustedExternalApiDataNode getUntrustedDataNode() {
+    this = TExternalApiParameter(result.getExternalFunction(), result.getIndex())
   }
 
   /** Gets the number of untrusted sources used with this external API. */
@@ -43,8 +46,11 @@ class ExternalAPIUsedWithUntrustedData extends TExternalAPI {
     exists(Function f, int index, string indexString |
       if index = -1 then indexString = "qualifier" else indexString = "param " + index
     |
-      this = TExternalAPIParameter(f, index) and
+      this = TExternalApiParameter(f, index) and
       result = f.toString() + " [" + indexString + "]"
     )
   }
 }
+
+/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
+deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;

cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll

@@ -8,11 +8,11 @@ import semmle.code.cpp.models.interfaces.DataFlow
 import SafeExternalAPIFunction
 
 /** A node representing untrusted data being passed to an external API. */
-class ExternalAPIDataNode extends DataFlow::Node {
+class ExternalApiDataNode extends DataFlow::Node {
   Call call;
   int i;
 
-  ExternalAPIDataNode() {
+  ExternalApiDataNode() {
     // Argument to call to a function
     (
       this.asExpr() = call.getArgument(i)
@@ -27,7 +27,7 @@ class ExternalAPIDataNode extends DataFlow::Node {
       not f instanceof DataFlowFunction and
       not f instanceof TaintFunction and
       // Not a call to a known safe external API
-      not f instanceof SafeExternalAPIFunction
+      not f instanceof SafeExternalApiFunction
     )
   }
 
@@ -41,9 +41,12 @@ class ExternalAPIDataNode extends DataFlow::Node {
   string getFunctionDescription() { result = this.getExternalFunction().toString() }
 }
 
-/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalAPIDataNode`s. */
-class UntrustedDataToExternalAPIConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalAPIConfig() { this = "UntrustedDataToExternalAPIConfig" }
+/** DEPRECATED: Alias for ExternalApiDataNode */
+deprecated class ExternalAPIDataNode = ExternalApiDataNode;
+
+/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
+class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
+  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
 
   override predicate isSource(DataFlow::Node source) {
     exists(RemoteFlowSourceFunction remoteFlow |
@@ -52,5 +55,8 @@ class UntrustedDataToExternalAPIConfig extends TaintTracking::Configuration {
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalAPIDataNode }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
+
+/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */
+deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig;

cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql

@@ -11,7 +11,7 @@
 import cpp
 import ir.ExternalAPIs
 
-from ExternalAPIUsedWithUntrustedData externalAPI
-select externalAPI, count(externalAPI.getUntrustedDataNode()) as numberOfUses,
-  externalAPI.getNumberOfUntrustedSources() as numberOfUntrustedSources order by
+from ExternalApiUsedWithUntrustedData externalApi
+select externalApi, count(externalApi.getUntrustedDataNode()) as numberOfUses,
+  externalApi.getNumberOfUntrustedSources() as numberOfUntrustedSources order by
     numberOfUntrustedSources desc

cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql

@@ -15,8 +15,8 @@ import ir.ExternalAPIs
 import semmle.code.cpp.security.FlowSources
 import DataFlow::PathGraph
 
-from UntrustedDataToExternalAPIConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
+from UntrustedDataToExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink, source, sink,
-  "Call to " + sink.getNode().(ExternalAPIDataNode).getExternalFunction().toString() +
+  "Call to " + sink.getNode().(ExternalApiDataNode).getExternalFunction().toString() +
     " with untrusted data from $@.", source, source.getNode().(RemoteFlowSource).getSourceType()

cpp/ql/src/Security/CWE/CWE-020/SafeExternalAPIFunction.qll

@@ -8,11 +8,14 @@ private import semmle.code.cpp.models.interfaces.SideEffect
 /**
  * A `Function` that is considered a "safe" external API from a security perspective.
  */
-abstract class SafeExternalAPIFunction extends Function { }
+abstract class SafeExternalApiFunction extends Function { }
+
+/** DEPRECATED: Alias for SafeExternalApiFunction */
+deprecated class SafeExternalAPIFunction = SafeExternalApiFunction;
 
 /** The default set of "safe" external APIs. */
-private class DefaultSafeExternalAPIFunction extends SafeExternalAPIFunction {
-  DefaultSafeExternalAPIFunction() {
+private class DefaultSafeExternalApiFunction extends SafeExternalApiFunction {
+  DefaultSafeExternalApiFunction() {
     // If a function does not write to any of its arguments, we consider it safe to
     // pass untrusted data to it. This means that string functions such as `strcmp`
     // and `strlen`, as well as memory functions such as `memcmp`, are considered safe.

cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql

@@ -14,8 +14,8 @@ import semmle.code.cpp.dataflow.TaintTracking
 import ExternalAPIs
 import DataFlow::PathGraph
 
-from UntrustedDataToExternalAPIConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
+from UntrustedDataToExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink, source, sink,
-  "Call to " + sink.getNode().(ExternalAPIDataNode).getExternalFunction().toString() +
+  "Call to " + sink.getNode().(ExternalApiDataNode).getExternalFunction().toString() +
     " with untrusted data from $@.", source, source.toString()

cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll

@@ -9,28 +9,31 @@ private import semmle.code.cpp.models.interfaces.Taint
 import ExternalAPIsSpecific
 
 /** A node representing untrusted data being passed to an external API. */
-class UntrustedExternalAPIDataNode extends ExternalAPIDataNode {
-  UntrustedExternalAPIDataNode() { any(UntrustedDataToExternalAPIConfig c).hasFlow(_, this) }
+class UntrustedExternalApiDataNode extends ExternalApiDataNode {
+  UntrustedExternalApiDataNode() { any(UntrustedDataToExternalApiConfig c).hasFlow(_, this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() {
-    any(UntrustedDataToExternalAPIConfig c).hasFlow(result, this)
+    any(UntrustedDataToExternalApiConfig c).hasFlow(result, this)
   }
 }
 
-private newtype TExternalAPI =
-  TExternalAPIParameter(Function f, int index) {
-    exists(UntrustedExternalAPIDataNode n |
+/** DEPRECATED: Alias for UntrustedExternalApiDataNode */
+deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
+
+private newtype TExternalApi =
+  TExternalApiParameter(Function f, int index) {
+    exists(UntrustedExternalApiDataNode n |
       f = n.getExternalFunction() and
       index = n.getIndex()
     )
   }
 
 /** An external API which is used with untrusted data. */
-class ExternalAPIUsedWithUntrustedData extends TExternalAPI {
+class ExternalApiUsedWithUntrustedData extends TExternalApi {
   /** Gets a possibly untrusted use of this external API. */
-  UntrustedExternalAPIDataNode getUntrustedDataNode() {
-    this = TExternalAPIParameter(result.getExternalFunction(), result.getIndex())
+  UntrustedExternalApiDataNode getUntrustedDataNode() {
+    this = TExternalApiParameter(result.getExternalFunction(), result.getIndex())
   }
 
   /** Gets the number of untrusted sources used with this external API. */
@@ -43,8 +46,11 @@ class ExternalAPIUsedWithUntrustedData extends TExternalAPI {
     exists(Function f, int index, string indexString |
       if index = -1 then indexString = "qualifier" else indexString = "param " + index
     |
-      this = TExternalAPIParameter(f, index) and
+      this = TExternalApiParameter(f, index) and
       result = f.toString() + " [" + indexString + "]"
     )
   }
 }
+
+/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
+deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;

cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIsSpecific.qll

@@ -8,11 +8,11 @@ private import semmle.code.cpp.models.interfaces.DataFlow
 import SafeExternalAPIFunction
 
 /** A node representing untrusted data being passed to an external API. */
-class ExternalAPIDataNode extends DataFlow::Node {
+class ExternalApiDataNode extends DataFlow::Node {
   Call call;
   int i;
 
-  ExternalAPIDataNode() {
+  ExternalApiDataNode() {
     // Argument to call to a function
     (
       this.asExpr() = call.getArgument(i)
@@ -27,7 +27,7 @@ class ExternalAPIDataNode extends DataFlow::Node {
       not f instanceof DataFlowFunction and
       not f instanceof TaintFunction and
       // Not a call to a known safe external API
-      not f instanceof SafeExternalAPIFunction
+      not f instanceof SafeExternalApiFunction
     )
   }
 
@@ -41,11 +41,17 @@ class ExternalAPIDataNode extends DataFlow::Node {
   string getFunctionDescription() { result = this.getExternalFunction().toString() }
 }
 
-/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalAPIDataNode`s. */
-class UntrustedDataToExternalAPIConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalAPIConfig() { this = "UntrustedDataToExternalAPIConfigIR" }
+/** DEPRECATED: Alias for ExternalApiDataNode */
+deprecated class ExternalAPIDataNode = ExternalApiDataNode;
+
+/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
+class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
+  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfigIR" }
 
   override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalAPIDataNode }
+  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
+
+/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */
+deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig;

cpp/ql/src/Security/CWE/CWE-020/ir/SafeExternalAPIFunction.qll

@@ -8,11 +8,14 @@ private import semmle.code.cpp.models.interfaces.SideEffect
 /**
  * A `Function` that is considered a "safe" external API from a security perspective.
  */
-abstract class SafeExternalAPIFunction extends Function { }
+abstract class SafeExternalApiFunction extends Function { }
+
+/** DEPRECATED: Alias for SafeExternalApiFunction */
+deprecated class SafeExternalAPIFunction = SafeExternalApiFunction;
 
 /** The default set of "safe" external APIs. */
-private class DefaultSafeExternalAPIFunction extends SafeExternalAPIFunction {
-  DefaultSafeExternalAPIFunction() {
+private class DefaultSafeExternalApiFunction extends SafeExternalApiFunction {
+  DefaultSafeExternalApiFunction() {
     // If a function does not write to any of its arguments, we consider it safe to
     // pass untrusted data to it. This means that string functions such as `strcmp`
     // and `strlen`, as well as memory functions such as `memcmp`, are considered safe.

cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql

@@ -18,15 +18,15 @@ import semmle.code.cpp.security.FunctionWithWrappers
 import semmle.code.cpp.security.TaintTracking
 import TaintedWithPath
 
-class SQLLikeFunction extends FunctionWithWrappers {
-  SQLLikeFunction() { sqlArgument(this.getName(), _) }
+class SqlLikeFunction extends FunctionWithWrappers {
+  SqlLikeFunction() { sqlArgument(this.getName(), _) }
 
   override predicate interestingArg(int arg) { sqlArgument(this.getName(), arg) }
 }
 
 class Configuration extends TaintTrackingConfiguration {
   override predicate isSink(Element tainted) {
-    exists(SQLLikeFunction runSql | runSql.outermostWrapperFunctionCall(tainted, _))
+    exists(SqlLikeFunction runSql | runSql.outermostWrapperFunctionCall(tainted, _))
   }
 
   override predicate isBarrier(Expr e) {
@@ -43,7 +43,7 @@ class Configuration extends TaintTrackingConfiguration {
 }
 
 from
-  SQLLikeFunction runSql, Expr taintedArg, Expr taintSource, PathNode sourceNode, PathNode sinkNode,
+  SqlLikeFunction runSql, Expr taintedArg, Expr taintSource, PathNode sourceNode, PathNode sinkNode,
   string taintCause, string callChain
 where
   runSql.outermostWrapperFunctionCall(taintedArg, callChain) and

cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql

@@ -46,8 +46,8 @@ class EnvData extends SystemData {
 /**
  * Data originating from a call to `mysql_get_client_info()`.
  */
-class SQLClientInfo extends SystemData {
-  SQLClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") }
+class SqlClientInfo extends SystemData {
+  SqlClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") }
 
   override Expr getAnExpr() { result = this }
 }
@@ -63,8 +63,8 @@ private predicate sqlConnectInfo(FunctionCall source, VariableAccess use) {
 /**
  * Data passed into an SQL connect function.
  */
-class SQLConnectInfo extends SystemData {
-  SQLConnectInfo() { sqlConnectInfo(this, _) }
+class SqlConnectInfo extends SystemData {
+  SqlConnectInfo() { sqlConnectInfo(this, _) }
 
   override Expr getAnExpr() { sqlConnectInfo(this, result) }
 }