Python: rename concept

yoff · yoff · commit 12dab88ec7bf · 2023-09-20T15:49:35.000+02:00
`NoSqlQuery` -&gt; `NoSqlExecution`
diff --git a/python/ql/lib/semmle/python/Concepts.qll b/python/ql/lib/semmle/python/Concepts.qll
@@ -379,7 +379,7 @@ module SqlExecution {
 }
 
 /** Provides a class for modeling NoSql execution APIs. */
-module NoSqlQuery {
+module NoSqlExecution {
   /**
    * A data-flow node that executes NoSQL queries.
    *
@@ -404,7 +404,7 @@ module NoSqlQuery {
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `NoSQLQuery::Range` instead.
  */
-class NoSqlQuery extends DataFlow::Node instanceof NoSqlQuery::Range {
+class NoSqlExecution extends DataFlow::Node instanceof NoSqlExecution::Range {
   /** Gets the argument that specifies the NoSql query to be executed. */
   DataFlow::Node getQuery() { result = super.getQuery() }
 
diff --git a/python/ql/lib/semmle/python/frameworks/NoSQL.qll b/python/ql/lib/semmle/python/frameworks/NoSQL.qll
@@ -110,7 +110,7 @@ private module NoSql {
    *
    * `mongo.db.user.find({'name': safe_search})` would be a collection method call.
    */
-  private class MongoCollectionCall extends DataFlow::CallCfgNode, NoSqlQuery::Range {
+  private class MongoCollectionCall extends DataFlow::CallCfgNode, NoSqlExecution::Range {
     MongoCollectionCall() {
       this = mongoCollection().getMember(mongoCollectionMethodName()).getACall()
     }
@@ -122,7 +122,7 @@ private module NoSql {
     override predicate vulnerableToStrings() { none() }
   }
 
-  private class MongoCollectionAggregation extends API::CallNode, NoSqlQuery::Range {
+  private class MongoCollectionAggregation extends API::CallNode, NoSqlExecution::Range {
     MongoCollectionAggregation() { this = mongoCollection().getMember("aggregate").getACall() }
 
     override DataFlow::Node getQuery() { result = this.getParameter(0).getASubscript().asSink() }
@@ -132,7 +132,7 @@ private module NoSql {
     override predicate vulnerableToStrings() { none() }
   }
 
-  private class MongoMapReduce extends API::CallNode, NoSqlQuery::Range {
+  private class MongoMapReduce extends API::CallNode, NoSqlExecution::Range {
     MongoMapReduce() { this = mongoCollection().getMember("map_reduce").getACall() }
 
     override DataFlow::Node getQuery() { result in [this.getArg(0), this.getArg(1)] }
@@ -142,7 +142,7 @@ private module NoSql {
     override predicate vulnerableToStrings() { any() }
   }
 
-  private class MongoMapReduceQuery extends API::CallNode, NoSqlQuery::Range {
+  private class MongoMapReduceQuery extends API::CallNode, NoSqlExecution::Range {
     MongoMapReduceQuery() { this = mongoCollection().getMember("map_reduce").getACall() }
 
     override DataFlow::Node getQuery() { result in [this.getArgByName("query")] }
@@ -248,7 +248,7 @@ private module NoSql {
    *
    * `Movie.objects(__raw__=json_search)` would be the result.
    */
-  private class MongoEngineObjectsCall extends DataFlow::CallCfgNode, NoSqlQuery::Range {
+  private class MongoEngineObjectsCall extends DataFlow::CallCfgNode, NoSqlExecution::Range {
     MongoEngineObjectsCall() {
       this =
         [mongoEngine(), flask_MongoEngine()]
diff --git a/python/ql/lib/semmle/python/security/dataflow/NoSQLInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/NoSQLInjectionCustomizations.qll
@@ -60,17 +60,17 @@ module NoSqlInjection {
   class RemoteFlowSourceAsStringSource extends RemoteFlowSource, StringSource { }
 
   /** A NoSQL query that is vulnerable to user controlled strings. */
-  class NoSqlQueryAsStringSink extends StringSink {
-    NoSqlQueryAsStringSink() {
-      exists(NoSqlQuery noSqlQuery | this = noSqlQuery.getQuery() |
-        noSqlQuery.vulnerableToStrings()
+  class NoSqlExecutionAsStringSink extends StringSink {
+    NoSqlExecutionAsStringSink() {
+      exists(NoSqlExecution noSqlExecution | this = noSqlExecution.getQuery() |
+        noSqlExecution.vulnerableToStrings()
       )
     }
   }
 
   /** A NoSQL query that is vulnerable to user controlled dictionaries. */
-  class NoSqlQueryAsDictSink extends DictSink {
-    NoSqlQueryAsDictSink() { this = any(NoSqlQuery noSqlQuery).getQuery() }
+  class NoSqlExecutionAsDictSink extends DictSink {
+    NoSqlExecutionAsDictSink() { this = any(NoSqlExecution noSqlExecution).getQuery() }
   }
 
   /** A JSON decoding converts a string to a dictionary. */

Original file line number	Diff line number	Diff line change
`@@ -60,17 +60,17 @@ module NoSqlInjection {`
`60`	`60`	`class RemoteFlowSourceAsStringSource extends RemoteFlowSource, StringSource { }`
`61`	`61`
`62`	`62`	`/** A NoSQL query that is vulnerable to user controlled strings. */`
`63`		`- class NoSqlQueryAsStringSink extends StringSink {`
`64`		`- NoSqlQueryAsStringSink() {`
`65`		`- exists(NoSqlQuery noSqlQuery \| this = noSqlQuery.getQuery() \|`
`66`		`- noSqlQuery.vulnerableToStrings()`
	`63`	`+ class NoSqlExecutionAsStringSink extends StringSink {`
	`64`	`+ NoSqlExecutionAsStringSink() {`
	`65`	`+ exists(NoSqlExecution noSqlExecution \| this = noSqlExecution.getQuery() \|`
	`66`	`+ noSqlExecution.vulnerableToStrings()`
`67`	`67`	`)`
`68`	`68`	`}`
`69`	`69`	`}`
`70`	`70`
`71`	`71`	`/** A NoSQL query that is vulnerable to user controlled dictionaries. */`
`72`		`- class NoSqlQueryAsDictSink extends DictSink {`
`73`		`- NoSqlQueryAsDictSink() { this = any(NoSqlQuery noSqlQuery).getQuery() }`
	`72`	`+ class NoSqlExecutionAsDictSink extends DictSink {`
	`73`	`+ NoSqlExecutionAsDictSink() { this = any(NoSqlExecution noSqlExecution).getQuery() }`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`/** A JSON decoding converts a string to a dictionary. */`