C++: Change the names of the new classes and predicates to match the upcoming 'CommandExecutionFunction' class.

Author: MathiasVP

cpp/ql/lib/semmle/code/cpp/models/implementations/MySql.qll

@@ -1,8 +1,8 @@
 private import semmle.code.cpp.models.interfaces.Sql
 private import semmle.code.cpp.models.interfaces.FunctionInputsAndOutputs
 
-private class MySqlSink extends SqlSink {
-  MySqlSink() { this.hasName(["mysql_query", "mysql_real_query"]) }
+private class MySqlExecutionFunction extends SqlExecutionFunction {
+  MySqlExecutionFunction() { this.hasName(["mysql_query", "mysql_real_query"]) }
 
-  override predicate getAnSqlParameter(FunctionInput input) { input.isParameterDeref(1) }
+  override predicate hasSqlArgument(FunctionInput input) { input.isParameterDeref(1) }
 }

cpp/ql/lib/semmle/code/cpp/models/implementations/PostgreSql.qll

@@ -45,8 +45,8 @@ private predicate pqxxEscapeArgument(string function, int arg) {
   function in ["esc", "esc_raw", "quote", "quote_raw", "quote_name", "quote_table", "esc_like"]
 }
 
-private class PostgreSqlSink extends SqlSink {
-  PostgreSqlSink() {
+private class PostgreSqlExecutionFunction extends SqlExecutionFunction {
+  PostgreSqlExecutionFunction() {
     exists(Class c |
       this.getDeclaringType() = c and
       // transaction exec and connection prepare variations
@@ -60,7 +60,7 @@ private class PostgreSqlSink extends SqlSink {
     )
   }
 
-  override predicate getAnSqlParameter(FunctionInput input) {
+  override predicate hasSqlArgument(FunctionInput input) {
     exists(int argIndex |
       pqxxTransactionSqlArgument(this.getName(), argIndex)
       or
@@ -71,8 +71,8 @@ private class PostgreSqlSink extends SqlSink {
   }
 }
 
-private class PostgreSqlBarrier extends SqlBarrier {
-  PostgreSqlBarrier() {
+private class PostgreSqlEscapeFunction extends SqlEscapeFunction {
+  PostgreSqlEscapeFunction() {
     exists(Class c |
       this.getDeclaringType() = c and
       // transaction and connection escape functions
@@ -84,7 +84,7 @@ private class PostgreSqlBarrier extends SqlBarrier {
     )
   }
 
-  override predicate getAnEscapedParameter(FunctionInput input, FunctionOutput output) {
+  override predicate escapesSqlArgument(FunctionInput input, FunctionOutput output) {
     exists(int argIndex |
       input.isParameterDeref(argIndex) and
       output.isReturnValueDeref()

cpp/ql/lib/semmle/code/cpp/models/implementations/SqLite3.qll

@@ -1,8 +1,8 @@
 private import semmle.code.cpp.models.interfaces.Sql
 private import semmle.code.cpp.models.interfaces.FunctionInputsAndOutputs
 
-private class SqLite3Sink extends SqlSink {
-  SqLite3Sink() { this.hasName("sqlite3_exec") }
+private class SqLite3ExecutionFunction extends SqlExecutionFunction {
+  SqLite3ExecutionFunction() { this.hasName("sqlite3_exec") }
 
-  override predicate getAnSqlParameter(FunctionInput input) { input.isParameterDeref(1) }
+  override predicate hasSqlArgument(FunctionInput input) { input.isParameterDeref(1) }
 }

cpp/ql/lib/semmle/code/cpp/models/interfaces/Sql.qll

@@ -1,30 +1,30 @@
 /**
  * Provides abstract classes for modeling functions that execute and escape SQL query strings.
- * To use this QL library, create a QL class extending `SqlSink` or `SqlBarrier` with a
- * characteristic predicate that selects the function or set of functions you are modeling.
+ * To use this QL library, create a QL class extending `SqlExecutionFunction` or `SqlEscapeFunction`
+ * with a characteristic predicate that selects the function or set of functions you are modeling.
  * Within that class, override the predicates provided by the class to match the way a
- * parameter flows into the function and, in the case of `SqlBarrier`, out of the function.
+ * parameter flows into the function and, in the case of `SqlEscapeFunction`, out of the function.
  */
 
 private import cpp
 
 /**
  * An abstract class that represents a function that executes an SQL query.
  */
-abstract class SqlSink extends Function {
+abstract class SqlExecutionFunction extends Function {
   /**
    * Holds if `input` to this function represents SQL code to be executed.
    */
-  abstract predicate getAnSqlParameter(FunctionInput input);
+  abstract predicate hasSqlArgument(FunctionInput input);
 }
 
 /**
  * An abstract class that represents a function that escapes an SQL query string.
  */
-abstract class SqlBarrier extends Function {
+abstract class SqlEscapeFunction extends Function {
   /**
    * Holds if the `output` escapes the SQL input `input` such that is it safe to pass to
-   * an `SqlSink`.
+   * an `SqlExecutionFunction`.
    */
-  abstract predicate getAnEscapedParameter(FunctionInput input, FunctionOutput output);
+  abstract predicate escapesSqlArgument(FunctionInput input, FunctionOutput output);
 }

cpp/ql/lib/semmle/code/cpp/security/Security.qll

@@ -35,10 +35,10 @@ class SecurityOptions extends string {
    * An argument to a function that is passed to a SQL server.
    */
   predicate sqlArgument(string function, int arg) {
-    exists(FunctionInput input, SqlSink sqlSink |
-      sqlSink.hasName(function) and
+    exists(FunctionInput input, SqlExecutionFunction sql |
+      sql.hasName(function) and
       input.isParameterDeref(arg) and
-      sqlSink.getAnSqlParameter(input)
+      sql.hasSqlArgument(input)
     )
   }
 

cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql

@@ -34,10 +34,10 @@ class Configuration extends TaintTrackingConfiguration {
     or
     e.getUnspecifiedType() instanceof IntegralType
     or
-    exists(SqlBarrier sqlFunc, int arg, FunctionInput input |
-      e = sqlFunc.getACallToThisFunction().getArgument(arg) and
+    exists(SqlEscapeFunction sql, int arg, FunctionInput input |
+      e = sql.getACallToThisFunction().getArgument(arg) and
       input.isParameterDeref(arg) and
-      sqlFunc.getAnEscapedParameter(input, _)
+      sql.escapesSqlArgument(input, _)
     )
   }
 }