Python: Rename more XML classes to follow convention

- `XMLEtree` to `XmlEtree`
- `XMLSax` to `XmlSax`
- `LXML` to `Lxml`
- `XMLParser` to `XmlParser`

Author: RasmusWL

python/ql/lib/semmle/python/frameworks/Lxml.qll

@@ -109,15 +109,15 @@ private module Lxml {
    *
    * See https://lxml.de/apidoc/lxml.etree.html?highlight=xmlparser#lxml.etree.XMLParser
    */
-  module XMLParser {
+  module XmlParser {
     /**
      * A source of instances of `lxml.etree` parsers, extend this class to model new instances.
      *
      * This can include instantiations of the class, return values from function
      * calls, or a special parameter that will be set when functions are called by an external
      * library.
      *
-     * Use the predicate `XMLParser::instance()` to get references to instances of `lxml.etree` parsers.
+     * Use the predicate `XmlParser::instance()` to get references to instances of `lxml.etree` parsers.
      */
     abstract class InstanceSource extends DataFlow::LocalSourceNode {
       /** Holds if this instance is vulnerable to `kind`. */
@@ -129,8 +129,8 @@ private module Lxml {
      *
      * See https://lxml.de/apidoc/lxml.etree.html?highlight=xmlparser#lxml.etree.XMLParser
      */
-    private class LXMLParser extends InstanceSource, DataFlow::CallCfgNode {
-      LXMLParser() {
+    private class LxmlParser extends InstanceSource, DataFlow::CallCfgNode {
+      LxmlParser() {
         this = API::moduleImport("lxml").getMember("etree").getMember("XMLParser").getACall()
       }
 
@@ -159,8 +159,8 @@ private module Lxml {
      *
      * See https://lxml.de/apidoc/lxml.etree.html?highlight=xmlparser#lxml.etree.get_default_parser
      */
-    private class LXMLDefaultParser extends InstanceSource, DataFlow::CallCfgNode {
-      LXMLDefaultParser() {
+    private class LxmlDefaultParser extends InstanceSource, DataFlow::CallCfgNode {
+      LxmlDefaultParser() {
         this =
           API::moduleImport("lxml").getMember("etree").getMember("get_default_parser").getACall()
       }
@@ -196,8 +196,8 @@ private module Lxml {
     /**
      * A call to the `feed` method of an `lxml` parser.
      */
-    private class LXMLParserFeedCall extends DataFlow::MethodCallNode, XML::XmlParsing::Range {
-      LXMLParserFeedCall() { this.calls(instance(_), "feed") }
+    private class LxmlParserFeedCall extends DataFlow::MethodCallNode, XML::XmlParsing::Range {
+      LxmlParserFeedCall() { this.calls(instance(_), "feed") }
 
       override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("data")] }
 
@@ -233,8 +233,8 @@ private module Lxml {
    * - https://lxml.de/apidoc/lxml.etree.html?highlight=parseids#lxml.etree.parse
    * - https://lxml.de/apidoc/lxml.etree.html?highlight=parseids#lxml.etree.parseid
    */
-  private class LXMLParsing extends DataFlow::CallCfgNode, XML::XmlParsing::Range {
-    LXMLParsing() {
+  private class LxmlParsing extends DataFlow::CallCfgNode, XML::XmlParsing::Range {
+    LxmlParsing() {
       this =
         API::moduleImport("lxml")
             .getMember("etree")
@@ -257,7 +257,7 @@ private module Lxml {
     DataFlow::Node getParserArg() { result in [this.getArg(1), this.getArgByName("parser")] }
 
     override predicate vulnerableTo(XML::XmlParsingVulnerabilityKind kind) {
-      this.getParserArg() = XMLParser::instanceVulnerableTo(kind)
+      this.getParserArg() = XmlParser::instanceVulnerableTo(kind)
       or
       kind.isXxe() and
       not exists(this.getParserArg())
@@ -284,8 +284,8 @@ private module Lxml {
    * - https://lxml.de/apidoc/lxml.etree.html?highlight=parseids#lxml.etree.parse
    * - https://lxml.de/apidoc/lxml.etree.html?highlight=parseids#lxml.etree.parseid
    */
-  private class FileAccessFromLXMLParsing extends LXMLParsing, FileSystemAccess::Range {
-    FileAccessFromLXMLParsing() {
+  private class FileAccessFromLxmlParsing extends LxmlParsing, FileSystemAccess::Range {
+    FileAccessFromLxmlParsing() {
       this = API::moduleImport("lxml").getMember("etree").getMember(["parse", "parseid"]).getACall()
       // I considered whether we should try to reduce FPs from people passing file-like
       // objects, which will not be a file system access (and couldn't cause a
@@ -305,9 +305,9 @@ private module Lxml {
    * See
    * - https://lxml.de/apidoc/lxml.etree.html?highlight=parseids#lxml.etree.iterparse
    */
-  private class LXMLIterparseCall extends DataFlow::CallCfgNode, XML::XmlParsing::Range,
+  private class LxmlIterparseCall extends DataFlow::CallCfgNode, XML::XmlParsing::Range,
     FileSystemAccess::Range {
-    LXMLIterparseCall() {
+    LxmlIterparseCall() {
       this = API::moduleImport("lxml").getMember("etree").getMember("iterparse").getACall()
     }
 

python/ql/lib/semmle/python/frameworks/Stdlib.qll

@@ -3191,15 +3191,15 @@ private module StdlibPrivate {
    * - https://docs.python.org/3.10/library/xml.etree.elementtree.html#xml.etree.ElementTree.XMLParser
    * - https://docs.python.org/3.10/library/xml.etree.elementtree.html#xml.etree.ElementTree.XMLPullParser
    */
-  module XMLParser {
+  module XmlParser {
     /**
      * A source of instances of `xml.etree` parsers, extend this class to model new instances.
      *
      * This can include instantiations of the class, return values from function
      * calls, or a special parameter that will be set when functions are called by an external
      * library.
      *
-     * Use the predicate `XMLParser::instance()` to get references to instances of `xml.etree` parsers.
+     * Use the predicate `XmlParser::instance()` to get references to instances of `xml.etree` parsers.
      */
     abstract class InstanceSource extends DataFlow::LocalSourceNode { }
 
@@ -3236,8 +3236,8 @@ private module StdlibPrivate {
     /**
      * A call to the `feed` method of an `xml.etree` parser.
      */
-    private class XMLEtreeParserFeedCall extends DataFlow::MethodCallNode, XML::XmlParsing::Range {
-      XMLEtreeParserFeedCall() { this.calls(instance(), "feed") }
+    private class XmlEtreeParserFeedCall extends DataFlow::MethodCallNode, XML::XmlParsing::Range {
+      XmlEtreeParserFeedCall() { this.calls(instance(), "feed") }
 
       override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("data")] }
 
@@ -3274,8 +3274,8 @@ private module StdlibPrivate {
    * - https://docs.python.org/3/library/xml.etree.elementtree.html#xml.etree.ElementTree.parse
    * - https://docs.python.org/3/library/xml.etree.elementtree.html#xml.etree.ElementTree.iterparse
    */
-  private class XMLEtreeParsing extends DataFlow::CallCfgNode, XML::XmlParsing::Range {
-    XMLEtreeParsing() {
+  private class XmlEtreeParsing extends DataFlow::CallCfgNode, XML::XmlParsing::Range {
+    XmlEtreeParsing() {
       this =
         API::moduleImport("xml")
             .getMember("etree")
@@ -3325,8 +3325,8 @@ private module StdlibPrivate {
    * - https://docs.python.org/3/library/xml.etree.elementtree.html#xml.etree.ElementTree.parse
    * - https://docs.python.org/3/library/xml.etree.elementtree.html#xml.etree.ElementTree.iterparse
    */
-  private class FileAccessFromXMLEtreeParsing extends XMLEtreeParsing, FileSystemAccess::Range {
-    FileAccessFromXMLEtreeParsing() {
+  private class FileAccessFromXmlEtreeParsing extends XmlEtreeParsing, FileSystemAccess::Range {
+    FileAccessFromXmlEtreeParsing() {
       this =
         API::moduleImport("xml")
             .getMember("etree")
@@ -3445,9 +3445,9 @@ private module StdlibPrivate {
    *
    * See https://docs.python.org/3/library/xml.sax.reader.html#xml.sax.xmlreader.XMLReader.parse
    */
-  private class XMLSaxInstanceParsing extends DataFlow::MethodCallNode, XML::XmlParsing::Range,
+  private class XmlSaxInstanceParsing extends DataFlow::MethodCallNode, XML::XmlParsing::Range,
     FileSystemAccess::Range {
-    XMLSaxInstanceParsing() {
+    XmlSaxInstanceParsing() {
       this =
         API::moduleImport("xml")
             .getMember("sax")
@@ -3496,8 +3496,8 @@ private module StdlibPrivate {
    * - https://docs.python.org/3.10/library/xml.sax.html#xml.sax.parse
    * - https://docs.python.org/3.10/library/xml.sax.html#xml.sax.parseString
    */
-  private class XMLSaxParsing extends DataFlow::CallCfgNode, XML::XmlParsing::Range {
-    XMLSaxParsing() {
+  private class XmlSaxParsing extends DataFlow::CallCfgNode, XML::XmlParsing::Range {
+    XmlSaxParsing() {
       this =
         API::moduleImport("xml").getMember("sax").getMember(["parse", "parseString"]).getACall()
     }
@@ -3535,8 +3535,8 @@ private module StdlibPrivate {
    * - https://docs.python.org/3/library/xml.etree.elementtree.html#xml.etree.ElementTree.parse
    * - https://docs.python.org/3/library/xml.etree.elementtree.html#xml.etree.ElementTree.iterparse
    */
-  private class FileAccessFromXMLSaxParsing extends XMLSaxParsing, FileSystemAccess::Range {
-    FileAccessFromXMLSaxParsing() {
+  private class FileAccessFromXmlSaxParsing extends XmlSaxParsing, FileSystemAccess::Range {
+    FileAccessFromXmlSaxParsing() {
       this = API::moduleImport("xml").getMember("sax").getMember("parse").getACall()
       // I considered whether we should try to reduce FPs from people passing file-like
       // objects, which will not be a file system access (and couldn't cause a