Python: Don't use UntrustedStringKind in web lib

If I wanted to use my own TaintKind and not have any interaction with
`UntrustedStringKind` that wouldn't be possible today since these standard http
libraries import it directly. (also, I wouldn't get any sources of my custom
TaintKind from turbogears or bottle). I changed them to use the same pattern of
`ExternalStringKind` as everything else does.

Author: RasmusWL

python/ql/src/semmle/python/web/bottle/Request.qll

@@ -1,6 +1,6 @@
 import python
 import semmle.python.dataflow.TaintTracking
-import semmle.python.security.strings.Untrusted
+import semmle.python.security.strings.External
 import semmle.python.web.Http
 import semmle.python.web.bottle.General
 
@@ -13,7 +13,7 @@ class BottleRequestKind extends TaintKind {
         result instanceof BottleFormsDict and
         (name = "cookies" or name = "query" or name = "form")
         or
-        result instanceof UntrustedStringKind and
+        result instanceof ExternalStringKind and
         (name = "query_string" or name = "url_args")
         or
         result.(DictKind).getValue() instanceof FileUpload and
@@ -34,27 +34,27 @@ class BottleFormsDict extends TaintKind {
         /* Cannot use `getTaintOfAttribute(name)` as it wouldn't bind `name` */
         exists(string name |
             fromnode = tonode.(AttrNode).getObject(name) and
-            result instanceof UntrustedStringKind
+            result instanceof ExternalStringKind
         |
             name != "get" and name != "getunicode" and name != "getall"
         )
     }
 
     override TaintKind getTaintOfMethodResult(string name) {
         (name = "get" or name = "getunicode") and
-        result instanceof UntrustedStringKind
+        result instanceof ExternalStringKind
         or
-        name = "getall" and result.(SequenceKind).getItem() instanceof UntrustedStringKind
+        name = "getall" and result.(SequenceKind).getItem() instanceof ExternalStringKind
     }
 }
 
 class FileUpload extends TaintKind {
     FileUpload() { this = "bottle.FileUpload" }
 
     override TaintKind getTaintOfAttribute(string name) {
-        name = "filename" and result instanceof UntrustedStringKind
+        name = "filename" and result instanceof ExternalStringKind
         or
-        name = "raw_filename" and result instanceof UntrustedStringKind
+        name = "raw_filename" and result instanceof ExternalStringKind
         or
         name = "file" and result instanceof UntrustedFile
     }
@@ -74,7 +74,7 @@ class BottleRequestParameter extends HttpRequestTaintSource {
         exists(BottleRoute route | route.getANamedArgument() = this.(ControlFlowNode).getNode())
     }
 
-    override predicate isSourceOf(TaintKind kind) { kind instanceof UntrustedStringKind }
+    override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind }
 
     override string toString() { result = "bottle handler function argument" }
 }

python/ql/src/semmle/python/web/turbogears/Request.qll

@@ -1,5 +1,5 @@
 import python
-import semmle.python.security.strings.Untrusted
+import semmle.python.security.strings.External
 import semmle.python.web.Http
 import TurboGears
 
@@ -22,5 +22,5 @@ class UnvalidatedControllerMethodParameter extends HttpRequestTaintSource {
         )
     }
 
-    override predicate isSourceOf(TaintKind kind) { kind instanceof UntrustedStringKind }
+    override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind }
 }