Swift: Standardize on 'barrier' tover 'santerminology now we use ConfigSig dataflow.

geoffw0 · geoffw0 · commit d92ecbb3cf65 · 2023-05-05T10:03:18.000+01:00
diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
@@ -8,8 +8,8 @@ private import codeql.swift.security.SensitiveExprs
 /** A data flow sink for cleartext logging of sensitive data vulnerabilities. */
 abstract class CleartextLoggingSink extends DataFlow::Node { }
 
-/** A sanitizer for cleartext logging of sensitive data vulnerabilities. */
-abstract class CleartextLoggingSanitizer extends DataFlow::Node { }
+/** A barrier for cleartext logging of sensitive data vulnerabilities. */
+abstract class CleartextLoggingBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
@@ -33,12 +33,12 @@ private class DefaultCleartextLoggingSink extends CleartextLoggingSink {
 }
 
 /**
- * A sanitizer for `OSLogMessage`s configured with the appropriate privacy option.
+ * A barrier for `OSLogMessage`s configured with the appropriate privacy option.
  * Numeric and boolean arguments aren't redacted unless the `private` or `sensitive` options are used.
  * Arguments of other types are always redacted unless the `public` option is used.
  */
-private class OsLogPrivacyCleartextLoggingSanitizer extends CleartextLoggingSanitizer {
-  OsLogPrivacyCleartextLoggingSanitizer() {
+private class OsLogPrivacyCleartextLoggingBarrier extends CleartextLoggingBarrier {
+  OsLogPrivacyCleartextLoggingBarrier() {
     exists(CallExpr c, AutoClosureExpr e |
       c.getStaticTarget().getName().matches("appendInterpolation(_:%privacy:%)") and
       c.getArgument(0).getExpr() = e and
diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingQuery.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingQuery.qll
@@ -17,7 +17,7 @@ module CleartextLoggingConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node sink) { sink instanceof CleartextLoggingSink }
 
-  predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof CleartextLoggingSanitizer }
+  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CleartextLoggingBarrier }
 
   // Disregard paths that contain other paths. This helps with performance.
   predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
diff --git a/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll
@@ -15,9 +15,9 @@ import codeql.swift.dataflow.ExternalFlow
 abstract class CleartextStorageDatabaseSink extends DataFlow::Node { }
 
 /**
- * A sanitizer for cleartext database storage vulnerabilities.
+ * A barrier for cleartext database storage vulnerabilities.
  */
-abstract class CleartextStorageDatabaseSanitizer extends DataFlow::Node { }
+abstract class CleartextStorageDatabaseBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
@@ -114,10 +114,10 @@ private class CleartextStorageDatabaseSinks extends SinkModelCsv {
 }
 
 /**
- * An encryption sanitizer for cleartext database storage vulnerabilities.
+ * An encryption barrier for cleartext database storage vulnerabilities.
  */
-private class CleartextStorageDatabaseEncryptionSanitizer extends CleartextStorageDatabaseSanitizer {
-  CleartextStorageDatabaseEncryptionSanitizer() { this.asExpr() instanceof EncryptedExpr }
+private class CleartextStorageDatabaseEncryptionBarrier extends CleartextStorageDatabaseBarrier {
+  CleartextStorageDatabaseEncryptionBarrier() { this.asExpr() instanceof EncryptedExpr }
 }
 
 /**
diff --git a/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseQuery.qll b/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseQuery.qll
@@ -18,8 +18,8 @@ module CleartextStorageDatabaseConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof CleartextStorageDatabaseSink }
 
-  predicate isBarrier(DataFlow::Node sanitizer) {
-    sanitizer instanceof CleartextStorageDatabaseSanitizer
+  predicate isBarrier(DataFlow::Node barrier) {
+    barrier instanceof CleartextStorageDatabaseBarrier
   }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
diff --git a/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll
@@ -18,9 +18,9 @@ abstract class CleartextStoragePreferencesSink extends DataFlow::Node {
 }
 
 /**
- * A sanitizer for cleartext preferences storage vulnerabilities.
+ * A barrier for cleartext preferences storage vulnerabilities.
  */
-abstract class CleartextStoragePreferencesSanitizer extends DataFlow::Node { }
+abstract class CleartextStoragePreferencesBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
@@ -72,11 +72,11 @@ private class NSUserDefaultsControllerStore extends CleartextStoragePreferencesS
 }
 
 /**
- * An encryption sanitizer for cleartext preferences storage vulnerabilities.
+ * An encryption barrier for cleartext preferences storage vulnerabilities.
  */
-private class CleartextStoragePreferencesEncryptionSanitizer extends CleartextStoragePreferencesSanitizer
+private class CleartextStoragePreferencesEncryptionBarrier extends CleartextStoragePreferencesBarrier
 {
-  CleartextStoragePreferencesEncryptionSanitizer() { this.asExpr() instanceof EncryptedExpr }
+  CleartextStoragePreferencesEncryptionBarrier() { this.asExpr() instanceof EncryptedExpr }
 }
 
 /**
diff --git a/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesQuery.qll b/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesQuery.qll
@@ -18,8 +18,8 @@ module CleartextStoragePreferencesConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof CleartextStoragePreferencesSink }
 
-  predicate isBarrier(DataFlow::Node sanitizer) {
-    sanitizer instanceof CleartextStoragePreferencesSanitizer
+  predicate isBarrier(DataFlow::Node barrier) {
+    barrier instanceof CleartextStoragePreferencesBarrier
   }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
diff --git a/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll
@@ -15,9 +15,9 @@ import codeql.swift.dataflow.ExternalFlow
 abstract class CleartextTransmissionSink extends DataFlow::Node { }
 
 /**
- * A sanitizer for cleartext transmission vulnerabilities.
+ * A barrier for cleartext transmission vulnerabilities.
  */
-abstract class CleartextTransmissionSanitizer extends DataFlow::Node { }
+abstract class CleartextTransmissionBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
@@ -81,10 +81,10 @@ private class AlamofireTransmittedSink extends CleartextTransmissionSink {
 }
 
 /**
- * An encryption sanitizer for cleartext transmission vulnerabilities.
+ * An encryption barrier for cleartext transmission vulnerabilities.
  */
-private class CleartextTransmissionEncryptionSanitizer extends CleartextTransmissionSanitizer {
-  CleartextTransmissionEncryptionSanitizer() { this.asExpr() instanceof EncryptedExpr }
+private class CleartextTransmissionEncryptionBarrier extends CleartextTransmissionBarrier {
+  CleartextTransmissionEncryptionBarrier() { this.asExpr() instanceof EncryptedExpr }
 }
 
 /**
diff --git a/swift/ql/lib/codeql/swift/security/CleartextTransmissionQuery.qll b/swift/ql/lib/codeql/swift/security/CleartextTransmissionQuery.qll
@@ -18,9 +18,7 @@ module CleartextTransmissionConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof CleartextTransmissionSink }
 
-  predicate isBarrier(DataFlow::Node sanitizer) {
-    sanitizer instanceof CleartextTransmissionSanitizer
-  }
+  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CleartextTransmissionBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(CleartextTransmissionAdditionalTaintStep s).step(nodeFrom, nodeTo)
diff --git a/swift/ql/lib/codeql/swift/security/ConstantPasswordExtensions.qll b/swift/ql/lib/codeql/swift/security/ConstantPasswordExtensions.qll
@@ -14,9 +14,9 @@ import codeql.swift.dataflow.ExternalFlow
 abstract class ConstantPasswordSink extends DataFlow::Node { }
 
 /**
- * A sanitizer for constant password vulnerabilities.
+ * A barrier for constant password vulnerabilities.
  */
-abstract class ConstantPasswordSanitizer extends DataFlow::Node { }
+abstract class ConstantPasswordBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
diff --git a/swift/ql/lib/codeql/swift/security/ConstantPasswordQuery.qll b/swift/ql/lib/codeql/swift/security/ConstantPasswordQuery.qll
@@ -28,7 +28,7 @@ module ConstantPasswordConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof ConstantPasswordSink }
 
-  predicate isBarrier(DataFlow::Node node) { node instanceof ConstantPasswordSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof ConstantPasswordBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(ConstantPasswordAdditionalTaintStep s).step(nodeFrom, nodeTo)
diff --git a/swift/ql/lib/codeql/swift/security/ConstantSaltExtensions.qll b/swift/ql/lib/codeql/swift/security/ConstantSaltExtensions.qll
@@ -14,9 +14,9 @@ import codeql.swift.dataflow.ExternalFlow
 abstract class ConstantSaltSink extends DataFlow::Node { }
 
 /**
- * A sanitizer for constant salt vulnerabilities.
+ * A barrier for constant salt vulnerabilities.
  */
-abstract class ConstantSaltSanitizer extends DataFlow::Node { }
+abstract class ConstantSaltBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
diff --git a/swift/ql/lib/codeql/swift/security/ConstantSaltQuery.qll b/swift/ql/lib/codeql/swift/security/ConstantSaltQuery.qll
@@ -29,7 +29,7 @@ module ConstantSaltConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof ConstantSaltSink }
 
-  predicate isBarrier(DataFlow::Node node) { node instanceof ConstantSaltSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof ConstantSaltBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(ConstantSaltAdditionalTaintStep s).step(nodeFrom, nodeTo)
diff --git a/swift/ql/lib/codeql/swift/security/ECBEncryptionExtensions.qll b/swift/ql/lib/codeql/swift/security/ECBEncryptionExtensions.qll
@@ -22,9 +22,9 @@ abstract class EcbEncryptionSource extends DataFlow::Node { }
 abstract class EcbEncryptionSink extends DataFlow::Node { }
 
 /**
- * A sanitizer for ECB encryption vulnerabilities.
+ * A barrier for ECB encryption vulnerabilities.
  */
-abstract class EcbEncryptionSanitizer extends DataFlow::Node { }
+abstract class EcbEncryptionBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
diff --git a/swift/ql/lib/codeql/swift/security/ECBEncryptionQuery.qll b/swift/ql/lib/codeql/swift/security/ECBEncryptionQuery.qll
@@ -17,7 +17,7 @@ module EcbEncryptionConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof EcbEncryptionSink }
 
-  predicate isBarrier(DataFlow::Node node) { node instanceof EcbEncryptionSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof EcbEncryptionBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(EcbEncryptionAdditionalTaintStep s).step(nodeFrom, nodeTo)
diff --git a/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyExtensions.qll b/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyExtensions.qll
@@ -14,9 +14,9 @@ import codeql.swift.dataflow.ExternalFlow
 abstract class HardcodedEncryptionKeySink extends DataFlow::Node { }
 
 /**
- * A sanitizer for hard-coded encryption key vulnerabilities.
+ * A barrier for hard-coded encryption key vulnerabilities.
  */
-abstract class HardcodedEncryptionKeySanitizer extends DataFlow::Node { }
+abstract class HardcodedEncryptionKeyBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
diff --git a/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyQuery.qll b/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyQuery.qll
@@ -34,7 +34,7 @@ module HardcodedKeyConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof HardcodedEncryptionKeySink }
 
-  predicate isBarrier(DataFlow::Node node) { node instanceof HardcodedEncryptionKeySanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof HardcodedEncryptionKeyBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(HardcodedEncryptionKeyAdditionalTaintStep s).step(nodeFrom, nodeTo)
diff --git a/swift/ql/lib/codeql/swift/security/InsecureTLSExtensions.qll b/swift/ql/lib/codeql/swift/security/InsecureTLSExtensions.qll
@@ -20,9 +20,9 @@ abstract class InsecureTlsExtensionsSource extends DataFlow::Node { }
 abstract class InsecureTlsExtensionsSink extends DataFlow::Node { }
 
 /**
- * A sanitizer for insecure TLS configuration vulnerabilities.
+ * A barrier for insecure TLS configuration vulnerabilities.
  */
-abstract class InsecureTlsExtensionsSanitizer extends DataFlow::Node { }
+abstract class InsecureTlsExtensionsBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
diff --git a/swift/ql/lib/codeql/swift/security/InsecureTLSQuery.qll b/swift/ql/lib/codeql/swift/security/InsecureTLSQuery.qll
@@ -16,7 +16,7 @@ module InsecureTlsConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof InsecureTlsExtensionsSink }
 
-  predicate isBarrier(DataFlow::Node node) { node instanceof InsecureTlsExtensionsSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof InsecureTlsExtensionsBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(InsecureTlsExtensionsAdditionalTaintStep s).step(nodeFrom, nodeTo)
diff --git a/swift/ql/lib/codeql/swift/security/InsufficientHashIterationsExtensions.qll b/swift/ql/lib/codeql/swift/security/InsufficientHashIterationsExtensions.qll
@@ -15,9 +15,9 @@ import codeql.swift.dataflow.ExternalFlow
 abstract class InsufficientHashIterationsSink extends DataFlow::Node { }
 
 /**
- * A sanitizer for insufficient hash interation vulnerabilities.
+ * A barrier for insufficient hash interation vulnerabilities.
  */
-abstract class InsufficientHashIterationsSanitizer extends DataFlow::Node { }
+abstract class InsufficientHashIterationsBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
diff --git a/swift/ql/lib/codeql/swift/security/InsufficientHashIterationsQuery.qll b/swift/ql/lib/codeql/swift/security/InsufficientHashIterationsQuery.qll
@@ -29,7 +29,7 @@ module InsufficientHashIterationsConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof InsufficientHashIterationsSink }
 
-  predicate isBarrier(DataFlow::Node node) { node instanceof InsufficientHashIterationsSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof InsufficientHashIterationsBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(InsufficientHashIterationsAdditionalTaintStep s).step(nodeFrom, nodeTo)
diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
@@ -12,8 +12,8 @@ private import codeql.swift.frameworks.StandardLibrary.FilePath
 /** A data flow sink for path injection vulnerabilities. */
 abstract class PathInjectionSink extends DataFlow::Node { }
 
-/** A sanitizer for path injection vulnerabilities. */
-abstract class PathInjectionSanitizer extends DataFlow::Node { }
+/** A barrier for path injection vulnerabilities. */
+abstract class PathInjectionBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
@@ -36,10 +36,10 @@ private class DefaultPathInjectionSink extends PathInjectionSink {
   DefaultPathInjectionSink() { sinkNode(this, "path-injection") }
 }
 
-private class DefaultPathInjectionSanitizer extends PathInjectionSanitizer {
-  DefaultPathInjectionSanitizer() {
+private class DefaultPathInjectionBarrier extends PathInjectionBarrier {
+  DefaultPathInjectionBarrier() {
     // This is a simplified implementation.
-    // TODO: Implement a complete path sanitizer when Guards are available.
+    // TODO: Implement a complete path barrier when Guards are available.
     exists(CallExpr starts, CallExpr normalize, DataFlow::Node validated |
       starts.getStaticTarget().getName() = "starts(with:)" and
       starts.getStaticTarget().getEnclosingDecl() instanceof FilePath and
diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll b/swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll
@@ -18,7 +18,7 @@ module PathInjectionConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node sink) { sink instanceof PathInjectionSink }
 
-  predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof PathInjectionSanitizer }
+  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof PathInjectionBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     any(PathInjectionAdditionalTaintStep s).step(node1, node2)
diff --git a/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll
@@ -7,8 +7,8 @@ private import codeql.swift.dataflow.ExternalFlow
 /** A data flow sink for predicate injection vulnerabilities. */
 abstract class PredicateInjectionSink extends DataFlow::Node { }
 
-/** A sanitizer for predicate injection vulnerabilities. */
-abstract class PredicateInjectionSanitizer extends DataFlow::Node { }
+/** A barrier for predicate injection vulnerabilities. */
+abstract class PredicateInjectionBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
diff --git a/swift/ql/lib/codeql/swift/security/PredicateInjectionQuery.qll b/swift/ql/lib/codeql/swift/security/PredicateInjectionQuery.qll
@@ -17,7 +17,7 @@ module PredicateInjectionConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node sink) { sink instanceof PredicateInjectionSink }
 
-  predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof PredicateInjectionSanitizer }
+  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof PredicateInjectionBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
     any(PredicateInjectionAdditionalTaintStep s).step(n1, n2)
diff --git a/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll
@@ -14,9 +14,9 @@ import codeql.swift.dataflow.ExternalFlow
 abstract class SqlInjectionSink extends DataFlow::Node { }
 
 /**
- * A sanitizer for SQL injection vulnerabilities.
+ * A barrier for SQL injection vulnerabilities.
  */
-abstract class SqlInjectionSanitizer extends DataFlow::Node { }
+abstract class SqlInjectionBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
diff --git a/swift/ql/lib/codeql/swift/security/SqlInjectionQuery.qll b/swift/ql/lib/codeql/swift/security/SqlInjectionQuery.qll
@@ -18,7 +18,7 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof SqlInjectionSink }
 
-  predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof SqlInjectionSanitizer }
+  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof SqlInjectionBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(SqlInjectionAdditionalTaintStep s).step(nodeFrom, nodeTo)
diff --git a/swift/ql/lib/codeql/swift/security/StaticInitializationVectorExtensions.qll b/swift/ql/lib/codeql/swift/security/StaticInitializationVectorExtensions.qll
@@ -14,9 +14,9 @@ import codeql.swift.dataflow.ExternalFlow
 abstract class StaticInitializationVectorSink extends DataFlow::Node { }
 
 /**
- * A sanitizer for static initialization vector vulnerabilities.
+ * A barrier for static initialization vector vulnerabilities.
  */
-abstract class StaticInitializationVectorSanitizer extends DataFlow::Node { }
+abstract class StaticInitializationVectorBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
diff --git a/swift/ql/lib/codeql/swift/security/StaticInitializationVectorQuery.qll b/swift/ql/lib/codeql/swift/security/StaticInitializationVectorQuery.qll
@@ -30,7 +30,7 @@ module StaticInitializationVectorConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) { node instanceof StaticInitializationVectorSink }
 
-  predicate isBarrier(DataFlow::Node node) { node instanceof StaticInitializationVectorSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof StaticInitializationVectorBarrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(StaticInitializationVectorAdditionalTaintStep s).step(nodeFrom, nodeTo)
diff --git a/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll b/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll
@@ -99,9 +99,9 @@ abstract class StringLengthConflationSink extends DataFlow::Node {
 }
 
 /**
- * A sanitizer for string length conflation vulnerabilities.
+ * A barrier for string length conflation vulnerabilities.
  */
-abstract class StringLengthConflationSanitizer extends DataFlow::Node { }
+abstract class StringLengthConflationBarrier extends DataFlow::Node { }
 
 /**
  * A unit class for adding additional taint steps.
diff --git a/swift/ql/lib/codeql/swift/security/StringLengthConflationQuery.qll b/swift/ql/lib/codeql/swift/security/StringLengthConflationQuery.qll
@@ -29,11 +29,9 @@ module StringLengthConflationConfig implements DataFlow::StateConfigSig {
     )
   }
 
-  predicate isBarrier(DataFlow::Node sanitizer) {
-    sanitizer instanceof StringLengthConflationSanitizer
-  }
+  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof StringLengthConflationBarrier }
 
-  predicate isBarrier(DataFlow::Node sanitizer, FlowState flowstate) { none() }
+  predicate isBarrier(DataFlow::Node barrier, FlowState flowstate) { none() }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(StringLengthConflationAdditionalTaintStep s).step(nodeFrom, nodeTo)
diff --git a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll
diff --git a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringQuery.qll b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringQuery.qll
diff --git a/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll b/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll
diff --git a/swift/ql/lib/codeql/swift/security/UnsafeJsEvalQuery.qll b/swift/ql/lib/codeql/swift/security/UnsafeJsEvalQuery.qll
diff --git a/swift/ql/lib/codeql/swift/security/UnsafeWebViewFetchExtensions.qll b/swift/ql/lib/codeql/swift/security/UnsafeWebViewFetchExtensions.qll
diff --git a/swift/ql/lib/codeql/swift/security/UnsafeWebViewFetchQuery.qll b/swift/ql/lib/codeql/swift/security/UnsafeWebViewFetchQuery.qll
diff --git a/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingExtensions.qll b/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingExtensions.qll
diff --git a/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll b/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll
diff --git a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll
diff --git a/swift/ql/lib/codeql/swift/security/XXEQuery.qll b/swift/ql/lib/codeql/swift/security/XXEQuery.qll
diff --git a/swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift b/swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift

Original file line number	Diff line number	Diff line change
`@@ -18,8 +18,8 @@ module CleartextStorageDatabaseConfig implements DataFlow::ConfigSig {`
`18`	`18`
`19`	`19`	`predicate isSink(DataFlow::Node node) { node instanceof CleartextStorageDatabaseSink }`
`20`	`20`
`21`		`- predicate isBarrier(DataFlow::Node sanitizer) {`
`22`		`- sanitizer instanceof CleartextStorageDatabaseSanitizer`
	`21`	`+ predicate isBarrier(DataFlow::Node barrier) {`
	`22`	`+ barrier instanceof CleartextStorageDatabaseBarrier`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {`
Original file line number	Diff line number	Diff line change
`@@ -18,9 +18,9 @@ abstract class CleartextStoragePreferencesSink extends DataFlow::Node {`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`/**`
`21`		`- * A sanitizer for cleartext preferences storage vulnerabilities.`
	`21`	`+ * A barrier for cleartext preferences storage vulnerabilities.`
`22`	`22`	`*/`
`23`		`-abstract class CleartextStoragePreferencesSanitizer extends DataFlow::Node { }`
	`23`	`+abstract class CleartextStoragePreferencesBarrier extends DataFlow::Node { }`
`24`	`24`
`25`	`25`	`/**`
`26`	`26`	`* A unit class for adding additional taint steps.`
`@@ -72,11 +72,11 @@ private class NSUserDefaultsControllerStore extends CleartextStoragePreferencesS`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`/**`
`75`		`- * An encryption sanitizer for cleartext preferences storage vulnerabilities.`
	`75`	`+ * An encryption barrier for cleartext preferences storage vulnerabilities.`
`76`	`76`	`*/`
`77`		`-private class CleartextStoragePreferencesEncryptionSanitizer extends CleartextStoragePreferencesSanitizer`
	`77`	`+private class CleartextStoragePreferencesEncryptionBarrier extends CleartextStoragePreferencesBarrier`
`78`	`78`	`{`
`79`		`- CleartextStoragePreferencesEncryptionSanitizer() { this.asExpr() instanceof EncryptedExpr }`
	`79`	`+ CleartextStoragePreferencesEncryptionBarrier() { this.asExpr() instanceof EncryptedExpr }`
`80`	`80`	`}`
`81`	`81`
`82`	`82`	`/**`