Rename to insecure basic auth

Author: luchua-bc

java/ql/src/experimental/Security/CWE/CWE-522/UnsecureBasicAuth.java renamed to java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.java

@@ -1,4 +1,4 @@
-public class UnsecureBasicAuth {
+public class InsecureBasicAuth {
   /**
    * Test basic authentication with Apache HTTP request.
    */	

java/ql/src/experimental/Security/CWE/CWE-522/UnsecureBasicAuth.qhelp renamed to java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.qhelp

@@ -11,7 +11,7 @@
 
   <example>
     <p>The following example shows two ways of using basic authentication. In the 'BAD' case, the credentials are transmitted over HTTP. In the 'GOOD' case, the credentials are transmitted over HTTPS.</p>
-    <sample src="UnsecureBasicAuth.java" />
+    <sample src="InsecureBasicAuth.java" />
   </example>
 
   <references>

java/ql/src/experimental/Security/CWE/CWE-522/UnsecureBasicAuth.ql renamed to java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.ql

@@ -1,8 +1,8 @@
 /**
- * @name Unsecure basic authentication
+ * @name Insecure basic authentication
  * @description Basic authentication only obfuscates username/password in Base64 encoding, which can be easily recognized and reversed. Transmission of sensitive information not over HTTPS is vulnerable to packet sniffing.
  * @kind problem
- * @id java/unsecure-basic-auth
+ * @id java/insecure-basic-auth
  * @tags security
  *       external/cwe-522
  *       external/cwe-319
@@ -181,7 +181,7 @@ class OpenHttpURLTaintStep extends TaintTracking::AdditionalTaintStep {
 
 class HttpStringToHttpURLOpenMethodFlowConfig extends TaintTracking::Configuration {
   HttpStringToHttpURLOpenMethodFlowConfig() {
-    this = "UnsecureBasicAuth::HttpStringToHttpURLOpenMethodFlowConfig"
+    this = "InsecureBasicAuth::HttpStringToHttpURLOpenMethodFlowConfig"
   }
 
   override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof HttpString }

java/ql/test/experimental/query-tests/security/CWE-522/InsecureBasicAuth.expected

@@ -0,0 +1,16 @@
+edges
+| InsecureBasicAuth.java:94:19:94:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:99:3:99:6 | conn |
+| InsecureBasicAuth.java:94:19:94:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:100:3:100:6 | conn |
+| InsecureBasicAuth.java:94:19:94:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:101:3:101:6 | conn |
+nodes
+| InsecureBasicAuth.java:94:19:94:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
+| InsecureBasicAuth.java:99:3:99:6 | conn | semmle.label | conn |
+| InsecureBasicAuth.java:100:3:100:6 | conn | semmle.label | conn |
+| InsecureBasicAuth.java:101:3:101:6 | conn | semmle.label | conn |
+#select
+| InsecureBasicAuth.java:28:3:28:59 | addHeader(...) | Insecure basic authentication |
+| InsecureBasicAuth.java:38:3:38:108 | setHeader(...) | Insecure basic authentication |
+| InsecureBasicAuth.java:54:3:54:59 | addHeader(...) | Insecure basic authentication |
+| InsecureBasicAuth.java:70:3:70:59 | addHeader(...) | Insecure basic authentication |
+| InsecureBasicAuth.java:87:3:87:59 | addHeader(...) | Insecure basic authentication |
+| InsecureBasicAuth.java:101:3:101:63 | setRequestProperty(...) | Insecure basic authentication |

java/ql/test/experimental/query-tests/security/CWE-522/UnsecureBasicAuth.java renamed to java/ql/test/experimental/query-tests/security/CWE-522/InsecureBasicAuth.java

@@ -11,7 +11,7 @@
 import java.net.URLConnection;
 import java.util.Base64;
 
-public class UnsecureBasicAuth {
+public class InsecureBasicAuth {
 	/**
 	 * Test basic authentication with Apache HTTP POST request using string constructor.
 	 */

java/ql/test/experimental/query-tests/security/CWE-522/InsecureBasicAuth.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-522/InsecureBasicAuth.ql