jorgectf
diff --git a/‎javascript/change-notes/2021-08-16-query-suffix-convention2.md
Lines changed: 6 additions & 0 deletions b/‎javascript/change-notes/2021-08-16-query-suffix-convention2.md
Lines changed: 6 additions & 0 deletions
diff --git a/‎javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql
Lines changed: 4 additions & 5 deletions b/‎javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql
Lines changed: 4 additions & 5 deletions
diff --git a/‎javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql
Lines changed: 4 additions & 5 deletions b/‎javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql
Lines changed: 4 additions & 5 deletions
diff --git a/‎javascript/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/CWE-022/TaintedPath.ql
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-022/TaintedPath.ql
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/CWE-022/ZipSlip.ql
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-022/ZipSlip.ql
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/CWE-078/CommandInjection.ql
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-078/CommandInjection.ql
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,6 @@
+lgtm,codescanning
+* Some library files have been deprecated, which may affect custom queries.
+  Queries importing a data-flow configuration from `semmle.javascript.security.dataflow` should
+  ensure that the imported file ends with `Query`, and only import its top-level module.
+  For example, a query that imported `DomBasedXss::DomBasedXss` should from now on import `DomBasedXssQuery`
+  instead.
@@ -8,8 +8,7 @@
  */
 
 import javascript
-import DataFlow
-import semmle.javascript.security.dataflow.StoredXss
+import semmle.javascript.security.dataflow.StoredXssQuery
 import DataFlow::PathGraph
 
 /**
@@ -21,17 +20,17 @@ import DataFlow::PathGraph
  * connection.query(..., (e, data) => { ... });
  * ```
  */
-class MysqlSource extends StoredXss::Source {
+class MysqlSource extends Source {
   MysqlSource() {
     this =
-      moduleImport("mysql")
+      DataFlow::moduleImport("mysql")
           .getAMemberCall("createConnection")
           .getAMethodCall("query")
           .getCallback(1)
           .getParameter(1)
   }
 }
 
-from StoredXss::Configuration cfg, PathNode source, PathNode sink
+from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value."
@@ -9,16 +9,15 @@
  */
 
 import javascript
-import DataFlow
-import semmle.javascript.security.dataflow.StoredXss
+import semmle.javascript.security.dataflow.StoredXssQuery
 import DataFlow::PathGraph
 
 /**
  * An instance of `mysql.createConnection()`, tracked globally.
  */
 DataFlow::SourceNode mysqlConnection(DataFlow::TypeTracker t) {
   t.start() and
-  result = moduleImport("mysql").getAMemberCall("createConnection")
+  result = DataFlow::moduleImport("mysql").getAMemberCall("createConnection")
   or
   exists(DataFlow::TypeTracker t2 | result = mysqlConnection(t2).track(t2, t))
 }
@@ -42,10 +41,10 @@ DataFlow::SourceNode mysqlConnection() { result = mysqlConnection(DataFlow::Type
  * }
  * ```
  */
-class MysqlSource extends StoredXss::Source {
+class MysqlSource extends Source {
   MysqlSource() { this = mysqlConnection().getAMethodCall("query").getCallback(1).getParameter(1) }
 }
 
-from StoredXss::Configuration cfg, PathNode source, PathNode sink
+from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value."
@@ -9,7 +9,7 @@
  */
 
 import javascript
-import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedData::ExternalAPIUsedWithUntrustedData
+import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery
 
 from ExternalAPIUsedWithUntrustedData externalAPI
 select externalAPI, count(externalAPI.getUntrustedDataNode()) as numberOfUses,
 
@@ -10,7 +10,7 @@
  */
 
 import javascript
-import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedData::ExternalAPIUsedWithUntrustedData
+import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery
 import DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 
@@ -16,7 +16,7 @@
  */
 
 import javascript
-import semmle.javascript.security.dataflow.TaintedPath::TaintedPath
+import semmle.javascript.security.dataflow.TaintedPathQuery
 import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 
@@ -13,7 +13,7 @@
  */
 
 import javascript
-import semmle.javascript.security.dataflow.ZipSlip::ZipSlip
+import semmle.javascript.security.dataflow.ZipSlipQuery
 import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 
@@ -13,7 +13,7 @@
 
 import javascript
 import DataFlow::PathGraph
-import semmle.javascript.security.dataflow.TemplateObjectInjection::TemplateObjectInjection
+import semmle.javascript.security.dataflow.TemplateObjectInjectionQuery
 
 from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
 
@@ -14,7 +14,7 @@
  */
 
 import javascript
-import semmle.javascript.security.dataflow.CommandInjection::CommandInjection
+import semmle.javascript.security.dataflow.CommandInjectionQuery
 import DataFlow::PathGraph
 
 from
 
@@ -16,7 +16,7 @@
 
 import javascript
 import DataFlow::PathGraph
-import semmle.javascript.security.dataflow.IndirectCommandInjection::IndirectCommandInjection
+import semmle.javascript.security.dataflow.IndirectCommandInjectionQuery
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight
 where