patch upper-case acronyms to be PascalCase

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/DebugResultInclusion.ql

@@ -33,7 +33,7 @@ string getDescriptionForAlertCandidate(
 ) {
   result = "excluded[reason=" + getAReasonSinkExcluded(sinkCandidate, query) + "]"
   or
-  getATMCfg(query).isKnownSink(sinkCandidate) and
+  getAtmCfg(query).isKnownSink(sinkCandidate) and
   result = "excluded[reason=known-sink]"
   or
   not exists(getAReasonSinkExcluded(sinkCandidate, query)) and

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/CountSourcesAndSinks.ql

@@ -20,7 +20,7 @@ import semmle.javascript.security.dataflow.DeepObjectResourceExhaustionQuery as
 import semmle.javascript.security.dataflow.DifferentKindsComparisonBypassQuery as DifferentKindsComparisonBypass
 import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss
 import semmle.javascript.security.dataflow.ExceptionXssQuery as ExceptionXss
-import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery as ExternalAPIUsedWithUntrustedData
+import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery as ExternalApiUsedWithUntrustedData
 import semmle.javascript.security.dataflow.FileAccessToHttpQuery as FileAccessToHttp
 import semmle.javascript.security.dataflow.HardcodedCredentialsQuery as HardcodedCredentials
 import semmle.javascript.security.dataflow.HardcodedDataInterpretedAsCodeQuery as HardcodedDataInterpretedAsCode

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll

@@ -23,17 +23,20 @@ import NoFeaturizationRestrictionsConfig
 import Queries
 
 /** Gets the ATM configuration object for the specified query. */
-ATMConfig getATMCfg(Query query) {
+AtmConfig getAtmCfg(Query query) {
   query instanceof NosqlInjectionQuery and
-  result instanceof NosqlInjectionATM::NosqlInjectionATMConfig
+  result instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
   or
-  query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::SqlInjectionATMConfig
+  query instanceof SqlInjectionQuery and result instanceof SqlInjectionATM::SqlInjectionAtmConfig
   or
-  query instanceof TaintedPathQuery and result instanceof TaintedPathATM::TaintedPathATMConfig
+  query instanceof TaintedPathQuery and result instanceof TaintedPathATM::TaintedPathAtmConfig
   or
-  query instanceof XssQuery and result instanceof XssATM::DomBasedXssATMConfig
+  query instanceof XssQuery and result instanceof XssATM::DomBasedXssAtmConfig
 }
 
+/** DEPRECATED: Alias for getAtmCfg */
+deprecated ATMConfig getATMCfg(Query query) { result = getAtmCfg(query) }
+
 /** Gets the ATM data flow configuration for the specified query. */
 DataFlow::Configuration getDataFlowCfg(Query query) {
   query instanceof NosqlInjectionQuery and result instanceof NosqlInjectionATM::Configuration
@@ -47,7 +50,7 @@ DataFlow::Configuration getDataFlowCfg(Query query) {
 
 /** Gets a known sink for the specified query. */
 private DataFlow::Node getASink(Query query) {
-  getATMCfg(query).isKnownSink(result) and
+  getAtmCfg(query).isKnownSink(result) and
   // Only consider the source code for the project being analyzed.
   exists(result.getFile().getRelativePath())
 }
@@ -72,8 +75,8 @@ private DataFlow::Node getANotASink(NotASinkReason reason) {
  */
 private DataFlow::Node getAnUnknown(Query query) {
   (
-    getATMCfg(query).isEffectiveSink(result) or
-    getATMCfg(query).isEffectiveSinkWithOverridingScore(result, _, _)
+    getAtmCfg(query).isEffectiveSink(result) or
+    getAtmCfg(query).isEffectiveSinkWithOverridingScore(result, _, _)
   ) and
   not result = getASink(query) and
   // Only consider the source code for the project being analyzed.

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql

@@ -4,19 +4,19 @@ import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathATM
 import experimental.adaptivethreatmodeling.XssATM as XssATM
 import experimental.adaptivethreatmodeling.AdaptiveThreatModeling
 
-from string queryName, ATMConfig c, EndpointType e
+from string queryName, AtmConfig c, EndpointType e
 where
   (
     queryName = "SqlInjectionATM.ql" and
-    c instanceof SqlInjectionATM::SqlInjectionATMConfig
+    c instanceof SqlInjectionATM::SqlInjectionAtmConfig
     or
     queryName = "NosqlInjectionATM.ql" and
-    c instanceof NosqlInjectionATM::NosqlInjectionATMConfig
+    c instanceof NosqlInjectionATM::NosqlInjectionAtmConfig
     or
     queryName = "TaintedPathInjectionATM.ql" and
-    c instanceof TaintedPathATM::TaintedPathATMConfig
+    c instanceof TaintedPathATM::TaintedPathAtmConfig
     or
-    queryName = "XssATM.ql" and c instanceof XssATM::DomBasedXssATMConfig
+    queryName = "XssATM.ql" and c instanceof XssATM::DomBasedXssAtmConfig
   ) and
   e = c.getASinkEndpointType()
 select queryName, e.getEncoding() as endpointTypeEncoded

javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractMisclassifiedEndpointFeatures.ql

@@ -19,8 +19,8 @@ EndpointType getEndpointType() { result instanceof NosqlInjectionSinkType }
 DataFlow::Node getAPositiveEndpoint() { result instanceof NosqlInjection::Sink }
 
 /** An ATM configuration to find misclassified endpoints of type `getEndpointType()`. */
-class ExtractMisclassifiedEndpointsATMConfig extends ATMConfig {
-  ExtractMisclassifiedEndpointsATMConfig() { this = "ExtractMisclassifiedEndpointsATMConfig" }
+class ExtractMisclassifiedEndpointsAtmConfig extends AtmConfig {
+  ExtractMisclassifiedEndpointsAtmConfig() { this = "ExtractMisclassifiedEndpointsATMConfig" }
 
   override predicate isEffectiveSink(DataFlow::Node sinkCandidate) {
     sinkCandidate = getAPositiveEndpoint()
@@ -31,7 +31,7 @@ class ExtractMisclassifiedEndpointsATMConfig extends ATMConfig {
 
 /** Get an endpoint from `getAPositiveEndpoint()` that is incorrectly excluded from the results. */
 DataFlow::Node getAMisclassifedEndpoint() {
-  any(ExtractMisclassifiedEndpointsATMConfig config).isEffectiveSink(result) and
+  any(ExtractMisclassifiedEndpointsAtmConfig config).isEffectiveSink(result) and
   not any(ScoringResults results).shouldResultBeIncluded(_, result)
 }