rename JsonSerializeCall to JsonStringifyCall

Author: erik-krogh

javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql

@@ -67,7 +67,7 @@ predicate isBackslashEscape(StringReplaceCall mce, DataFlow::RegExpLiteralNode r
  */
 predicate allBackslashesEscaped(DataFlow::Node nd) {
   // `JSON.stringify` escapes backslashes
-  nd instanceof JsonSerializeCall
+  nd instanceof JsonStringifyCall
   or
   // check whether `nd` itself escapes backslashes
   exists(DataFlow::RegExpLiteralNode rel | isBackslashEscape(nd, rel) |

javascript/ql/src/javascript.qll

@@ -34,7 +34,7 @@ import semmle.javascript.InclusionTests
 import semmle.javascript.JSDoc
 import semmle.javascript.JSON
 import semmle.javascript.JsonParsers
-import semmle.javascript.JsonSerializers
+import semmle.javascript.JsonStringifiers
 import semmle.javascript.JSX
 import semmle.javascript.Lines
 import semmle.javascript.Locations

javascript/ql/src/semmle/javascript/JsonSerializers.qll renamed to javascript/ql/src/semmle/javascript/JsonStringifiers.qll

@@ -5,10 +5,10 @@
 import javascript
 
 /**
- * A call to a JSON serializer such as `JSON.stringify` or `require("util").inspect`.
+ * A call to a JSON stringifier such as `JSON.stringify` or `require("util").inspect`.
  */
-class JsonSerializeCall extends DataFlow::CallNode {
-  JsonSerializeCall() {
+class JsonStringifyCall extends DataFlow::CallNode {
+  JsonStringifyCall() {
     exists(DataFlow::SourceNode callee | this = callee.getACall() |
       callee = DataFlow::globalVarRef("JSON").getAPropertyRead("stringify") or
       callee = DataFlow::moduleMember("json3", "stringify") or
@@ -23,7 +23,7 @@ class JsonSerializeCall extends DataFlow::CallNode {
   }
 
   /**
-   * Gets the data flow node holding the input object to be serialized.
+   * Gets the data flow node holding the input object to be stringified.
    */
   DataFlow::Node getInput() { result = getArgument(0) }
 

javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll

@@ -544,7 +544,7 @@ module TaintTracking {
    * A taint propagating data flow edge arising from JSON unparsing.
    */
   private class JsonStringifyTaintStep extends AdditionalTaintStep, DataFlow::CallNode {
-    JsonStringifyTaintStep() { this instanceof JsonSerializeCall }
+    JsonStringifyTaintStep() { this instanceof JsonStringifyCall }
 
     override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
       pred = getArgument(0) and succ = this

javascript/ql/src/semmle/javascript/heuristics/AdditionalSources.qll

@@ -28,7 +28,7 @@ private class RemoteFlowPassword extends HeuristicSource, RemoteFlowSource {
  */
 private class JSONStringifyAsCommandInjectionSource extends HeuristicSource,
   CommandInjection::Source {
-  JSONStringifyAsCommandInjectionSource() { this instanceof JsonSerializeCall }
+  JSONStringifyAsCommandInjectionSource() { this instanceof JsonStringifyCall }
 
   override string getSourceType() { result = "a string from JSON.stringify" }
 }

javascript/ql/src/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll

@@ -202,7 +202,7 @@ module CleartextLogging {
     exists(DataFlow::PropWrite write, DataFlow::PropRead read |
       read = write.getRhs()
       or
-      exists(JsonSerializeCall stringify |
+      exists(JsonStringifyCall stringify |
         stringify.getOutput() = write.getRhs() and
         stringify.getInput() = read
       )

javascript/ql/src/semmle/javascript/security/dataflow/ImproperCodeSanitizationCustomizations.qll

@@ -36,7 +36,7 @@ module ImproperCodeSanitization {
    * A call to `JSON.stringify()` seen as a source for improper code sanitization
    */
   class JSONStringifyAsSource extends Source {
-    JSONStringifyAsSource() { this instanceof JsonSerializeCall }
+    JSONStringifyAsSource() { this instanceof JsonStringifyCall }
   }
 
   /**

javascript/ql/src/semmle/javascript/security/dataflow/PostMessageStar.qll

@@ -49,7 +49,7 @@ module PostMessageStar {
       exists(DataFlow::InvokeNode toString | toString = trg |
         toString.(DataFlow::MethodCallNode).calls(src, "toString")
         or
-        src = toString.(JsonSerializeCall).getInput()
+        src = toString.(JsonStringifyCall).getInput()
       ) and
       inlbl instanceof PartiallyTaintedObject and
       outlbl.isTaint()