Merge pull request #10312 from erik-krogh/fix-caseDiff

ensure consistent casing of names

python/ql/src/Security/CWE-295/RequestWithoutValidation.ql

@@ -15,7 +15,7 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.Concepts
 
 from
-  HTTP::Client::Request request, DataFlow::Node disablingNode, DataFlow::Node origin, string ending
+  Http::Client::Request request, DataFlow::Node disablingNode, DataFlow::Node origin, string ending
 where
   request.disablesCertificateValidation(disablingNode, origin) and
   // Showing the origin is only useful when it's a different node than the one disabling

python/ql/src/Security/CWE-352/CSRFProtectionDisabled.ql

@@ -14,24 +14,24 @@
 import python
 import semmle.python.Concepts
 
-predicate relevantSetting(HTTP::Server::CsrfProtectionSetting s) {
+predicate relevantSetting(Http::Server::CsrfProtectionSetting s) {
   // rule out test code as this is a common place to turn off CSRF protection.
   // We don't use normal `TestScope` to find test files, since we also want to match
   // a settings file such as `.../integration-tests/settings.py`
   not s.getLocation().getFile().getAbsolutePath().matches("%test%")
 }
 
-predicate vulnerableSetting(HTTP::Server::CsrfProtectionSetting s) {
+predicate vulnerableSetting(Http::Server::CsrfProtectionSetting s) {
   s.getVerificationSetting() = false and
-  not exists(HTTP::Server::CsrfLocalProtectionSetting p | p.csrfEnabled()) and
+  not exists(Http::Server::CsrfLocalProtectionSetting p | p.csrfEnabled()) and
   relevantSetting(s)
 }
 
-from HTTP::Server::CsrfProtectionSetting setting
+from Http::Server::CsrfProtectionSetting setting
 where
   vulnerableSetting(setting) and
   // We have seen examples of dummy projects with vulnerable settings alongside a main
   // project with a protecting settings file. We want to rule out this scenario, so we
   // require all non-test settings to be vulnerable.
-  forall(HTTP::Server::CsrfProtectionSetting s | relevantSetting(s) | vulnerableSetting(s))
+  forall(Http::Server::CsrfProtectionSetting s | relevantSetting(s) | vulnerableSetting(s))
 select setting, "Potential CSRF vulnerability due to forgery protection being disabled or weakened."

python/ql/src/Security/CWE-918/FullServerSideRequestForgery.ql

@@ -16,7 +16,7 @@ import DataFlow::PathGraph
 
 from
   FullServerSideRequestForgeryConfiguration fullConfig, DataFlow::PathNode source,
-  DataFlow::PathNode sink, HTTP::Client::Request request
+  DataFlow::PathNode sink, Http::Client::Request request
 where
   request = sink.getNode().(Sink).getRequest() and
   fullConfig.hasFlowPath(source, sink) and

python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql

@@ -16,7 +16,7 @@ import DataFlow::PathGraph
 
 from
   PartialServerSideRequestForgeryConfiguration partialConfig, DataFlow::PathNode source,
-  DataFlow::PathNode sink, HTTP::Client::Request request
+  DataFlow::PathNode sink, Http::Client::Request request
 where
   request = sink.getNode().(Sink).getRequest() and
   partialConfig.hasFlowPath(source, sink) and

python/ql/src/experimental/semmle/python/Concepts.qll

@@ -416,7 +416,7 @@ class CsvWriter extends DataFlow::Node {
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `Cookie::Range` instead.
  */
-class Cookie extends HTTP::Server::CookieWrite instanceof Cookie::Range {
+class Cookie extends Http::Server::CookieWrite instanceof Cookie::Range {
   /**
    * Holds if this cookie is secure.
    */
@@ -441,7 +441,7 @@ module Cookie {
    * Extend this class to model new APIs. If you want to refine existing API models,
    * extend `Cookie` instead.
    */
-  abstract class Range extends HTTP::Server::CookieWrite::Range {
+  abstract class Range extends Http::Server::CookieWrite::Range {
     /**
      * Holds if this cookie is secure.
      */

python/ql/src/experimental/semmle/python/frameworks/Django.qll

@@ -15,7 +15,7 @@ private module ExperimentalPrivateDjango {
   private module DjangoMod {
     API::Node http() { result = API::moduleImport("django").getMember("http") }
 
-    module Http {
+    module DjangoHttp {
       API::Node response() { result = http().getMember("response") }
 
       API::Node request() { result = http().getMember("request") }
@@ -54,7 +54,7 @@ private module ExperimentalPrivateDjango {
            *
            * Use the predicate `HttpResponse::instance()` to get references to instances of `django.http.response.HttpResponse`.
            */
-          abstract class InstanceSource extends HTTP::Server::HttpResponse::Range, DataFlow::Node {
+          abstract class InstanceSource extends Http::Server::HttpResponse::Range, DataFlow::Node {
           }
 
           /** A direct instantiation of `django.http.response.HttpResponse`. */
@@ -156,7 +156,7 @@ private module ExperimentalPrivateDjango {
            */
           class DjangoResponseSetCookieCall extends DataFlow::MethodCallNode, Cookie::Range {
             DjangoResponseSetCookieCall() {
-              this.calls(PrivateDjango::DjangoImpl::Http::Response::HttpResponse::instance(),
+              this.calls(PrivateDjango::DjangoImpl::DjangoHttp::Response::HttpResponse::instance(),
                 "set_cookie")
             }
 

python/ql/src/meta/alerts/RequestHandlers.ql

@@ -13,7 +13,7 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.Concepts
 private import meta.MetaMetrics
 
-from HTTP::Server::RequestHandler requestHandler, string title
+from Http::Server::RequestHandler requestHandler, string title
 where
   not requestHandler.getLocation().getFile() instanceof IgnoredFile and
   if requestHandler.isMethod()