patch upper-case acronyms to be PascalCase

javascript/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql

@@ -11,7 +11,7 @@
 import javascript
 import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery
 
-from ExternalAPIUsedWithUntrustedData externalAPI
-select externalAPI, count(externalAPI.getUntrustedDataNode()) as numberOfUses,
-  externalAPI.getNumberOfUntrustedSources() as numberOfUntrustedSources order by
+from ExternalApiUsedWithUntrustedData externalApi
+select externalApi, count(externalApi.getUntrustedDataNode()) as numberOfUses,
+  externalApi.getNumberOfUntrustedSources() as numberOfUntrustedSources order by
     numberOfUntrustedSources desc

javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql

@@ -23,7 +23,7 @@ newtype TRegExpPatternMistake =
    * by `mistake`.
    */
   TIdentityEscapeInStringMistake(
-    RegExpPatternSource src, string char, string mistake, ASTNode rawStringNode, int index
+    RegExpPatternSource src, string char, string mistake, AstNode rawStringNode, int index
   ) {
     char = getALikelyRegExpPatternMistake(src, mistake, rawStringNode, index)
   } or
@@ -32,7 +32,7 @@ newtype TRegExpPatternMistake =
    * regular expression string `src`, indicating intent to use the
    * word-boundary assertion '\b'.
    */
-  TBackspaceInStringMistake(RegExpPatternSource src, ASTNode rawStringNode, int index) {
+  TBackspaceInStringMistake(RegExpPatternSource src, AstNode rawStringNode, int index) {
     exists(string raw, string cooked |
       exists(StringLiteral lit | lit = rawStringNode |
         rawStringNode = src.asExpr() and
@@ -91,7 +91,7 @@ class RegExpPatternMistake extends TRegExpPatternMistake {
   /** Gets a textual representation of this element. */
   string toString() { result = getMessage() }
 
-  abstract ASTNode getRawStringNode();
+  abstract AstNode getRawStringNode();
 
   abstract RegExpPatternSource getSrc();
 
@@ -109,7 +109,7 @@ class IdentityEscapeInStringMistake extends RegExpPatternMistake, TIdentityEscap
   string char;
   string mistake;
   int index;
-  ASTNode rawStringNode;
+  AstNode rawStringNode;
 
   IdentityEscapeInStringMistake() {
     this = TIdentityEscapeInStringMistake(src, char, mistake, rawStringNode, index)
@@ -123,7 +123,7 @@ class IdentityEscapeInStringMistake extends RegExpPatternMistake, TIdentityEscap
 
   override RegExpPatternSource getSrc() { result = src }
 
-  override ASTNode getRawStringNode() { result = rawStringNode }
+  override AstNode getRawStringNode() { result = rawStringNode }
 }
 
 /**
@@ -133,7 +133,7 @@ class IdentityEscapeInStringMistake extends RegExpPatternMistake, TIdentityEscap
 class BackspaceInStringMistake extends RegExpPatternMistake, TBackspaceInStringMistake {
   RegExpPatternSource src;
   int index;
-  ASTNode rawStringNode;
+  AstNode rawStringNode;
 
   BackspaceInStringMistake() { this = TBackspaceInStringMistake(src, rawStringNode, index) }
 
@@ -145,7 +145,7 @@ class BackspaceInStringMistake extends RegExpPatternMistake, TBackspaceInStringM
 
   override RegExpPatternSource getSrc() { result = src }
 
-  override ASTNode getRawStringNode() { result = rawStringNode }
+  override AstNode getRawStringNode() { result = rawStringNode }
 }
 
 from RegExpPatternMistake mistake

javascript/ql/src/Security/CWE-116/BadTagFilter.ql

@@ -18,6 +18,6 @@
 
 import semmle.javascript.security.BadTagFilterQuery
 
-from HTMLMatchingRegExp regexp, string msg
+from HtmlMatchingRegExp regexp, string msg
 where msg = min(string m | isBadRegexpFilter(regexp, m) | m order by m.length(), m) // there might be multiple, we arbitrarily pick the shortest one
 select regexp, msg

javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql

@@ -69,7 +69,7 @@ DataFlow::Node getANodeModulePath(string path) {
  * Gets a folder that contains a `package.json` file.
  */
 pragma[noinline]
-Folder getAPackageJSONFolder() { result = any(PackageJSON json).getFile().getParentContainer() }
+Folder getAPackageJsonFolder() { result = any(PackageJson json).getFile().getParentContainer() }
 
 /**
  * Gets a reference to `dirname`, the home folder, the current working folder, or the root folder.
@@ -82,7 +82,7 @@ Folder getAPackageJSONFolder() { result = any(PackageJSON json).getFile().getPar
  */
 DataFlow::Node getALeakingFolder(string description) {
   exists(ModuleScope ms | result.asExpr() = ms.getVariable("__dirname").getAnAccess()) and
-  result.getFile().getParentContainer() = getAPackageJSONFolder() and
+  result.getFile().getParentContainer() = getAPackageJsonFolder() and
   (
     if result.getFile().getParentContainer().getRelativePath().trim() != ""
     then description = "the folder " + result.getFile().getParentContainer().getRelativePath()

javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql

@@ -16,7 +16,7 @@
 
 import javascript
 
-from PackageJSON pack, JSONString val
+from PackageJson pack, JsonString val
 where
   [pack.getDependencies(), pack.getDevDependencies()].getPropValue(_) = val and
   val.getValue().regexpMatch("(http|ftp)://.*")

javascript/ql/src/Security/CWE-730/ServerCrash.ql

@@ -130,7 +130,7 @@ class AsyncCallback extends Function {
  *
  * This is the primary extension point for this query.
  */
-abstract class LikelyExceptionThrower extends ASTNode { }
+abstract class LikelyExceptionThrower extends AstNode { }
 
 /**
  * A `throw` statement.
@@ -152,7 +152,7 @@ class CompilerConfusingExceptionThrower extends LikelyExceptionThrower {
  * - step 3. exception follows the call graph backwards until an async callee is encountered
  * - step 4. (at this point, the program crashes)
  */
-query predicate edges(ASTNode pred, ASTNode succ) {
+query predicate edges(AstNode pred, AstNode succ) {
   exists(LikelyExceptionThrower thrower | main(_, _, _, thrower) |
     pred = thrower and
     succ = thrower.getContainer()
@@ -174,7 +174,7 @@ query predicate edges(ASTNode pred, ASTNode succ) {
 /**
  * Holds if `node` is in the `edge/2` relation above.
  */
-query predicate nodes(ASTNode node) {
+query predicate nodes(AstNode node) {
   edges(node, _) or
   edges(_, node)
 }