Swift: Standardize on 'AdditionalFlowStep' as well.

geoffw0 · geoffw0 · commit c5178de3f4d1 · 2023-05-05T10:21:57.000+01:00
diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
@@ -12,14 +12,14 @@ abstract class CleartextLoggingSink extends DataFlow::Node { }
 abstract class CleartextLoggingBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  *
- * Extend this class to add additional taint steps that should apply to paths related to
+ * Extend this class to add additional flow steps that should apply to paths related to
  * cleartext logging of sensitive data vulnerabilities.
  */
-class CleartextLoggingAdditionalTaintStep extends Unit {
+class CleartextLoggingAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `n1` to `n2` should be considered a taint
+   * Holds if the step from `n1` to `n2` should be considered a flow
    * step for flows related to cleartext logging of sensitive data vulnerabilities.
    */
   abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingQuery.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingQuery.qll
@@ -23,7 +23,7 @@ module CleartextLoggingConfig implements DataFlow::ConfigSig {
   predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 
   predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
-    any(CleartextLoggingAdditionalTaintStep s).step(n1, n2)
+    any(CleartextLoggingAdditionalFlowStep s).step(n1, n2)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll
@@ -20,11 +20,11 @@ abstract class CleartextStorageDatabaseSink extends DataFlow::Node { }
 abstract class CleartextStorageDatabaseBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class CleartextStorageDatabaseAdditionalTaintStep extends Unit {
+class CleartextStorageDatabaseAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to cleartext database storage vulnerabilities.
    */
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
@@ -123,7 +123,7 @@ private class CleartextStorageDatabaseEncryptionBarrier extends CleartextStorage
 /**
  * An additional taint step for cleartext database storage vulnerabilities.
  */
-private class CleartextStorageDatabaseArrayAdditionalTaintStep extends CleartextStorageDatabaseAdditionalTaintStep
+private class CleartextStorageDatabaseArrayAdditionalFlowStep extends CleartextStorageDatabaseAdditionalFlowStep
 {
   override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     // needed until we have proper content flow through arrays.
diff --git a/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseQuery.qll b/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseQuery.qll
@@ -18,12 +18,10 @@ module CleartextStorageDatabaseConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof CleartextStorageDatabaseSink }
 
-  predicate isBarrier(DataFlow::Node barrier) {
-    barrier instanceof CleartextStorageDatabaseBarrier
-  }
+  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CleartextStorageDatabaseBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(CleartextStorageDatabaseAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(CleartextStorageDatabaseAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 
   predicate isBarrierIn(DataFlow::Node node) {
diff --git a/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll
@@ -23,11 +23,11 @@ abstract class CleartextStoragePreferencesSink extends DataFlow::Node {
 abstract class CleartextStoragePreferencesBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class CleartextStoragePreferencesAdditionalTaintStep extends Unit {
+class CleartextStoragePreferencesAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to cleartext preferences storage vulnerabilities.
    */
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
diff --git a/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesQuery.qll b/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesQuery.qll
@@ -23,7 +23,7 @@ module CleartextStoragePreferencesConfig implements DataFlow::ConfigSig {
   }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(CleartextStoragePreferencesAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(CleartextStoragePreferencesAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 
   predicate isBarrierIn(DataFlow::Node node) {
diff --git a/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll
@@ -20,11 +20,11 @@ abstract class CleartextTransmissionSink extends DataFlow::Node { }
 abstract class CleartextTransmissionBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class CleartextTransmissionAdditionalTaintStep extends Unit {
+class CleartextTransmissionAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to cleartext transmission vulnerabilities.
    */
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
diff --git a/swift/ql/lib/codeql/swift/security/CleartextTransmissionQuery.qll b/swift/ql/lib/codeql/swift/security/CleartextTransmissionQuery.qll
@@ -21,7 +21,7 @@ module CleartextTransmissionConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CleartextTransmissionBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(CleartextTransmissionAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(CleartextTransmissionAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 
   predicate isBarrierIn(DataFlow::Node node) {
diff --git a/swift/ql/lib/codeql/swift/security/ConstantPasswordExtensions.qll b/swift/ql/lib/codeql/swift/security/ConstantPasswordExtensions.qll
@@ -19,11 +19,11 @@ abstract class ConstantPasswordSink extends DataFlow::Node { }
 abstract class ConstantPasswordBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class ConstantPasswordAdditionalTaintStep extends Unit {
+class ConstantPasswordAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to constant password vulnerabilities.
    */
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
diff --git a/swift/ql/lib/codeql/swift/security/ConstantPasswordQuery.qll b/swift/ql/lib/codeql/swift/security/ConstantPasswordQuery.qll
@@ -31,7 +31,7 @@ module ConstantPasswordConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { node instanceof ConstantPasswordBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(ConstantPasswordAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(ConstantPasswordAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/ConstantSaltExtensions.qll b/swift/ql/lib/codeql/swift/security/ConstantSaltExtensions.qll
@@ -19,11 +19,11 @@ abstract class ConstantSaltSink extends DataFlow::Node { }
 abstract class ConstantSaltBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class ConstantSaltAdditionalTaintStep extends Unit {
+class ConstantSaltAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to constant salt vulnerabilities.
    */
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
diff --git a/swift/ql/lib/codeql/swift/security/ConstantSaltQuery.qll b/swift/ql/lib/codeql/swift/security/ConstantSaltQuery.qll
@@ -32,7 +32,7 @@ module ConstantSaltConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { node instanceof ConstantSaltBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(ConstantSaltAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(ConstantSaltAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/ECBEncryptionExtensions.qll b/swift/ql/lib/codeql/swift/security/ECBEncryptionExtensions.qll
@@ -27,11 +27,11 @@ abstract class EcbEncryptionSink extends DataFlow::Node { }
 abstract class EcbEncryptionBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class EcbEncryptionAdditionalTaintStep extends Unit {
+class EcbEncryptionAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to ECB encryption vulnerabilities.
    */
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
diff --git a/swift/ql/lib/codeql/swift/security/ECBEncryptionQuery.qll b/swift/ql/lib/codeql/swift/security/ECBEncryptionQuery.qll
@@ -20,7 +20,7 @@ module EcbEncryptionConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { node instanceof EcbEncryptionBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(EcbEncryptionAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(EcbEncryptionAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyExtensions.qll b/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyExtensions.qll
@@ -19,11 +19,11 @@ abstract class HardcodedEncryptionKeySink extends DataFlow::Node { }
 abstract class HardcodedEncryptionKeyBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class HardcodedEncryptionKeyAdditionalTaintStep extends Unit {
+class HardcodedEncryptionKeyAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to hard-coded encryption key vulnerabilities.
    */
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
diff --git a/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyQuery.qll b/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyQuery.qll
@@ -37,7 +37,7 @@ module HardcodedKeyConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { node instanceof HardcodedEncryptionKeyBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(HardcodedEncryptionKeyAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(HardcodedEncryptionKeyAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/InsecureTLSExtensions.qll b/swift/ql/lib/codeql/swift/security/InsecureTLSExtensions.qll
@@ -25,11 +25,11 @@ abstract class InsecureTlsExtensionsSink extends DataFlow::Node { }
 abstract class InsecureTlsExtensionsBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class InsecureTlsExtensionsAdditionalTaintStep extends Unit {
+class InsecureTlsExtensionsAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to insecure TLS configuration vulnerabilities.
    */
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
diff --git a/swift/ql/lib/codeql/swift/security/InsecureTLSQuery.qll b/swift/ql/lib/codeql/swift/security/InsecureTLSQuery.qll
@@ -19,7 +19,7 @@ module InsecureTlsConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { node instanceof InsecureTlsExtensionsBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(InsecureTlsExtensionsAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(InsecureTlsExtensionsAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/InsufficientHashIterationsExtensions.qll b/swift/ql/lib/codeql/swift/security/InsufficientHashIterationsExtensions.qll
@@ -20,11 +20,11 @@ abstract class InsufficientHashIterationsSink extends DataFlow::Node { }
 abstract class InsufficientHashIterationsBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class InsufficientHashIterationsAdditionalTaintStep extends Unit {
+class InsufficientHashIterationsAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to insufficient hash interation vulnerabilities.
    */
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
diff --git a/swift/ql/lib/codeql/swift/security/InsufficientHashIterationsQuery.qll b/swift/ql/lib/codeql/swift/security/InsufficientHashIterationsQuery.qll
@@ -32,7 +32,7 @@ module InsufficientHashIterationsConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { node instanceof InsufficientHashIterationsBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(InsufficientHashIterationsAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(InsufficientHashIterationsAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
@@ -16,14 +16,14 @@ abstract class PathInjectionSink extends DataFlow::Node { }
 abstract class PathInjectionBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  *
- * Extend this class to add additional taint steps that should apply to paths related to
+ * Extend this class to add additional flow steps that should apply to paths related to
  * path injection vulnerabilities.
  */
-class PathInjectionAdditionalTaintStep extends Unit {
+class PathInjectionAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to path injection vulnerabilities.
    */
   abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll b/swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll
@@ -21,7 +21,7 @@ module PathInjectionConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node barrier) { barrier instanceof PathInjectionBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(PathInjectionAdditionalTaintStep s).step(node1, node2)
+    any(PathInjectionAdditionalFlowStep s).step(node1, node2)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll
@@ -11,14 +11,14 @@ abstract class PredicateInjectionSink extends DataFlow::Node { }
 abstract class PredicateInjectionBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  *
- * Extend this class to add additional taint steps that should apply to paths related to
+ * Extend this class to add additional flow steps that should apply to paths related to
  * predicate injection vulnerabilities.
  */
-class PredicateInjectionAdditionalTaintStep extends Unit {
+class PredicateInjectionAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to predicate injection vulnerabilities.
    */
   abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
diff --git a/swift/ql/lib/codeql/swift/security/PredicateInjectionQuery.qll b/swift/ql/lib/codeql/swift/security/PredicateInjectionQuery.qll
@@ -20,7 +20,7 @@ module PredicateInjectionConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node barrier) { barrier instanceof PredicateInjectionBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
-    any(PredicateInjectionAdditionalTaintStep s).step(n1, n2)
+    any(PredicateInjectionAdditionalFlowStep s).step(n1, n2)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll
@@ -19,9 +19,9 @@ abstract class SqlInjectionSink extends DataFlow::Node { }
 abstract class SqlInjectionBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class SqlInjectionAdditionalTaintStep extends Unit {
+class SqlInjectionAdditionalFlowStep extends Unit {
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/SqlInjectionQuery.qll b/swift/ql/lib/codeql/swift/security/SqlInjectionQuery.qll
@@ -21,7 +21,7 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node barrier) { barrier instanceof SqlInjectionBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(SqlInjectionAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(SqlInjectionAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/StaticInitializationVectorExtensions.qll b/swift/ql/lib/codeql/swift/security/StaticInitializationVectorExtensions.qll
@@ -19,11 +19,11 @@ abstract class StaticInitializationVectorSink extends DataFlow::Node { }
 abstract class StaticInitializationVectorBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class StaticInitializationVectorAdditionalTaintStep extends Unit {
+class StaticInitializationVectorAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to static initialization vector vulnerabilities.
    */
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
diff --git a/swift/ql/lib/codeql/swift/security/StaticInitializationVectorQuery.qll b/swift/ql/lib/codeql/swift/security/StaticInitializationVectorQuery.qll
@@ -33,7 +33,7 @@ module StaticInitializationVectorConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { node instanceof StaticInitializationVectorBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(StaticInitializationVectorAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(StaticInitializationVectorAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll b/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll
@@ -104,11 +104,11 @@ abstract class StringLengthConflationSink extends DataFlow::Node {
 abstract class StringLengthConflationBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class StringLengthConflationAdditionalTaintStep extends Unit {
+class StringLengthConflationAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a taint
+   * Holds if the step from `node1` to `node2` should be considered a flow
    * step for paths related to string length conflation vulnerabilities.
    */
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
diff --git a/swift/ql/lib/codeql/swift/security/StringLengthConflationQuery.qll b/swift/ql/lib/codeql/swift/security/StringLengthConflationQuery.qll
@@ -34,7 +34,7 @@ module StringLengthConflationConfig implements DataFlow::StateConfigSig {
   predicate isBarrier(DataFlow::Node barrier, FlowState flowstate) { none() }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(StringLengthConflationAdditionalTaintStep s).step(nodeFrom, nodeTo)
+    any(StringLengthConflationAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 
   predicate isAdditionalFlowStep(
diff --git a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll
@@ -20,9 +20,9 @@ abstract class UncontrolledFormatStringSink extends DataFlow::Node { }
 abstract class UncontrolledFormatStringBarrier extends DataFlow::Node { }
 
 /**
- * A unit class for adding additional taint steps.
+ * A unit class for adding additional flow steps.
  */
-class UncontrolledFormatStringAdditionalTaintStep extends Unit {
+class UncontrolledFormatStringAdditionalFlowStep extends Unit {
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
 }
 
diff --git a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringQuery.qll b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringQuery.qll
diff --git a/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll b/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll
diff --git a/swift/ql/lib/codeql/swift/security/UnsafeJsEvalQuery.qll b/swift/ql/lib/codeql/swift/security/UnsafeJsEvalQuery.qll
diff --git a/swift/ql/lib/codeql/swift/security/UnsafeWebViewFetchExtensions.qll b/swift/ql/lib/codeql/swift/security/UnsafeWebViewFetchExtensions.qll
diff --git a/swift/ql/lib/codeql/swift/security/UnsafeWebViewFetchQuery.qll b/swift/ql/lib/codeql/swift/security/UnsafeWebViewFetchQuery.qll
diff --git a/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingExtensions.qll b/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingExtensions.qll
diff --git a/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll b/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll
diff --git a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll
diff --git a/swift/ql/lib/codeql/swift/security/XXEQuery.qll b/swift/ql/lib/codeql/swift/security/XXEQuery.qll

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ module CleartextLoggingConfig implements DataFlow::ConfigSig {`
`23`	`23`	`predicate isBarrierIn(DataFlow::Node node) { isSource(node) }`
`24`	`24`
`25`	`25`	`predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {`
`26`		`- any(CleartextLoggingAdditionalTaintStep s).step(n1, n2)`
	`26`	`+ any(CleartextLoggingAdditionalFlowStep s).step(n1, n2)`
`27`	`27`	`}`
`28`	`28`	`}`
`29`	`29`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ module CleartextStoragePreferencesConfig implements DataFlow::ConfigSig {`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {`
`26`		`- any(CleartextStoragePreferencesAdditionalTaintStep s).step(nodeFrom, nodeTo)`
	`26`	`+ any(CleartextStoragePreferencesAdditionalFlowStep s).step(nodeFrom, nodeTo)`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`predicate isBarrierIn(DataFlow::Node node) {`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ module CleartextTransmissionConfig implements DataFlow::ConfigSig {`
`21`	`21`	`predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CleartextTransmissionBarrier }`
`22`	`22`
`23`	`23`	`predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {`
`24`		`- any(CleartextTransmissionAdditionalTaintStep s).step(nodeFrom, nodeTo)`
	`24`	`+ any(CleartextTransmissionAdditionalFlowStep s).step(nodeFrom, nodeTo)`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`predicate isBarrierIn(DataFlow::Node node) {`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ module ConstantPasswordConfig implements DataFlow::ConfigSig {`
`31`	`31`	`predicate isBarrier(DataFlow::Node node) { node instanceof ConstantPasswordBarrier }`
`32`	`32`
`33`	`33`	`predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {`
`34`		`- any(ConstantPasswordAdditionalTaintStep s).step(nodeFrom, nodeTo)`
	`34`	`+ any(ConstantPasswordAdditionalFlowStep s).step(nodeFrom, nodeTo)`
`35`	`35`	`}`
`36`	`36`	`}`
`37`	`37`