Python: Autoformat everything

Of course, `StringLiteral` being much longer than `StrConst` meant a
bunch of files changed formatting.

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll

@@ -612,7 +612,8 @@ newtype TContent =
     key = any(Keyword kw).getArg()
     or
     // d["key"] = ...
-    key = any(SubscriptNode sub | sub.isStore() | sub.getIndex().getNode().(StringLiteral).getText())
+    key =
+      any(SubscriptNode sub | sub.isStore() | sub.getIndex().getNode().(StringLiteral).getText())
     or
     // d.setdefault("key", ...)
     exists(CallNode call | call.getFunction().(AttrNode).getName() = "setdefault" |

python/ql/lib/semmle/python/frameworks/Stdlib.qll

@@ -2908,7 +2908,8 @@ module StdlibPrivate {
       exists(string algorithmName | result.matchesName(algorithmName) |
         this.getDigestArg().asSink() = hashlibMember(algorithmName).asSource()
         or
-        this.getDigestArg().getAValueReachingSink().asExpr().(StringLiteral).getText() = algorithmName
+        this.getDigestArg().getAValueReachingSink().asExpr().(StringLiteral).getText() =
+          algorithmName
       )
     }
 

python/ql/lib/semmle/python/regexp/RegexTreeView.qll

@@ -230,7 +230,8 @@ module Impl implements RegexTreeViewSig {
       index > 0 and
       exists(int previousOffset | previousOffset = this.getPartOffset(index - 1) |
         result =
-          previousOffset + re.(StringLiteral).getImplicitlyConcatenatedPart(index - 1).getContentLength()
+          previousOffset +
+            re.(StringLiteral).getImplicitlyConcatenatedPart(index - 1).getContentLength()
       )
     }
 

python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll

@@ -88,7 +88,9 @@ module ServerSideRequestForgery {
       exists(BinaryExprNode add |
         add.getOp() instanceof Add and
         add.getRight() = this.asCfgNode() and
-        not add.getLeft().getNode().(StringLiteral).getText().toLowerCase() in ["http://", "https://"]
+        not add.getLeft().getNode().(StringLiteral).getText().toLowerCase() in [
+            "http://", "https://"
+          ]
       )
       or
       // % formatting

python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeySource.qll

@@ -25,7 +25,8 @@ class WebAppConstantSecretKeySource extends DataFlow::Node {
             API::moduleImport("os").getMember("environ").getMember("get").getACall()
           ] and
         cn.getNumArgument() = 2 and
-        DataFlow::localFlow(any(DataFlow::Node n | n.asExpr() instanceof StringLiteral), cn.getArg(1)) and
+        DataFlow::localFlow(any(DataFlow::Node n | n.asExpr() instanceof StringLiteral),
+          cn.getArg(1)) and
         this.asExpr() = cn.asExpr()
       )
     ) and

python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql

@@ -25,16 +25,22 @@ class UnicodeCompatibilityNormalize extends API::CallNode {
   UnicodeCompatibilityNormalize() {
     (
       this = API::moduleImport("unicodedata").getMember("normalize").getACall() and
-      this.getParameter(0).getAValueReachingSink().asExpr().(StringLiteral).getText() in ["NFKC", "NFKD"]
+      this.getParameter(0).getAValueReachingSink().asExpr().(StringLiteral).getText() in [
+          "NFKC", "NFKD"
+        ]
       or
       this = API::moduleImport("pyunormalize").getMember("normalize").getACall() and
-      this.getParameter(0).getAValueReachingSink().asExpr().(StringLiteral).getText() in ["NFKC", "NFKD"]
+      this.getParameter(0).getAValueReachingSink().asExpr().(StringLiteral).getText() in [
+          "NFKC", "NFKD"
+        ]
     ) and
     argIdx = 1
     or
     (
       this = API::moduleImport("textnorm").getMember("normalize_unicode").getACall() and
-      this.getParameter(1).getAValueReachingSink().asExpr().(StringLiteral).getText() in ["NFKC", "NFKD"]
+      this.getParameter(1).getAValueReachingSink().asExpr().(StringLiteral).getText() in [
+          "NFKC", "NFKD"
+        ]
       or
       this = API::moduleImport("unidecode").getMember("unidecode").getACall()
       or

python/ql/src/experimental/semmle/python/frameworks/Sendgrid.qll

@@ -122,8 +122,12 @@ private module Sendgrid {
         contentElement =
           this.getKeywordParameter("request_body").getSubscript("content").getASubscript()
       |
-        contentElement.getSubscript("type").getAValueReachingSink().asExpr().(StringLiteral).getText() =
+        contentElement
-          ["text/html", "text/x-amp-html"] and
+            .getSubscript("type")
+            .getAValueReachingSink()
+            .asExpr()
+            .(StringLiteral)
+            .getText() = ["text/html", "text/x-amp-html"] and
         result = contentElement.getSubscript("value").getAValueReachingSink()
       )
       or

python/ql/src/experimental/semmle/python/libraries/SmtpLib.qll

@@ -23,7 +23,8 @@ module SmtpLib {
 
   private DataFlow::CallCfgNode mimeText(string mimetype) {
     result = smtpMimeTextInstance().getACall() and
-    [result.getArg(1), result.getArgByName("_subtype")].asExpr().(StringLiteral).getText() = mimetype
+    [result.getArg(1), result.getArgByName("_subtype")].asExpr().(StringLiteral).getText() =
+      mimetype
   }
 
   /**

python/ql/src/experimental/semmle/python/security/DecompressionBomb.qll

@@ -260,7 +260,12 @@ module Gzip {
         this = gzipCall.getParameter(0, "filename").asSink() and
         (
           not exists(
-            gzipCall.getParameter(1, "mode").getAValueReachingSink().asExpr().(StringLiteral).getText()
+            gzipCall
+                .getParameter(1, "mode")
+                .getAValueReachingSink()
+                .asExpr()
+                .(StringLiteral)
+                .getText()
           ) or
           gzipCall
               .getParameter(1, "mode")
@@ -297,7 +302,12 @@ module Bz2 {
         this = bz2Call.getParameter(0, "filename").asSink() and
         (
           not exists(
-            bz2Call.getParameter(1, "mode").getAValueReachingSink().asExpr().(StringLiteral).getText()
+            bz2Call
+                .getParameter(1, "mode")
+                .getAValueReachingSink()
+                .asExpr()
+                .(StringLiteral)
+                .getText()
           ) or
           bz2Call
               .getParameter(1, "mode")
@@ -334,7 +344,12 @@ module Lzma {
         this = lzmaCall.getParameter(0, "filename").asSink() and
         (
           not exists(
-            lzmaCall.getParameter(1, "mode").getAValueReachingSink().asExpr().(StringLiteral).getText()
+            lzmaCall
+                .getParameter(1, "mode")
+                .getAValueReachingSink()
+                .asExpr()
+                .(StringLiteral)
+                .getText()
           ) or
           lzmaCall
               .getParameter(1, "mode")

python/ql/src/experimental/semmle/python/security/TimingAttack.qll

@@ -204,8 +204,11 @@ abstract class ClientSuppliedSecret extends DataFlow::CallCfgNode { }
 private class FlaskClientSuppliedSecret extends ClientSuppliedSecret {
   FlaskClientSuppliedSecret() {
     this = Flask::request().getMember("headers").getMember(["get", "get_all", "getlist"]).getACall() and
-    [this.getArg(0), this.getArgByName(["key", "name"])].asExpr().(StringLiteral).getText().toLowerCase() =
+    [this.getArg(0), this.getArgByName(["key", "name"])]
-      sensitiveheaders()
+        .asExpr()
+        .(StringLiteral)
+        .getText()
+        .toLowerCase() = sensitiveheaders()
   }
 }
 
@@ -243,8 +246,11 @@ private class WerkzeugClientSuppliedSecret extends ClientSuppliedSecret {
   WerkzeugClientSuppliedSecret() {
     this =
       headers().getMember(["headers", "META"]).getMember(["get", "get_all", "getlist"]).getACall() and
-    [this.getArg(0), this.getArgByName(["key", "name"])].asExpr().(StringLiteral).getText().toLowerCase() =
+    [this.getArg(0), this.getArgByName(["key", "name"])]
-      sensitiveheaders()
+        .asExpr()
+        .(StringLiteral)
+        .getText()
+        .toLowerCase() = sensitiveheaders()
   }
 }