Merge pull request #8679 from erik-krogh/getUrl

Java: rename existing getUrl predicate to getRepositoryUrl

Author: erik-krogh

java/ql/lib/change-notes/2022-04-06-getUrl-deprecation.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* The `getUrl` predicate of `DeclaredRepository` in `MavenPom.qll` has been renamed to `getRepositoryUrl`. 

java/ql/lib/semmle/code/xml/MavenPom.qll

@@ -380,7 +380,7 @@ class DeclaredRepository extends PomElement {
    * Gets the url for this repository. If the `url` tag is present, this will
    * be the string contents of that tag.
    */
-  string getUrl() { result = this.getAChild("url").(PomElement).getValue() }
+  string getRepositoryUrl() { result = this.getAChild("url").(PomElement).getValue() }
 }
 
 /**

java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql

@@ -14,10 +14,10 @@ import java
 import semmle.code.xml.MavenPom
 
 predicate isBintrayRepositoryUsage(DeclaredRepository repository) {
-  repository.getUrl().matches("%.bintray.com%")
+  repository.getRepositoryUrl().matches("%.bintray.com%")
 }
 
 from DeclaredRepository repository
 where isBintrayRepositoryUsage(repository)
 select repository,
-  "Downloading or uploading artifacts to deprecated repository " + repository.getUrl()
+  "Downloading or uploading artifacts to deprecated repository " + repository.getRepositoryUrl()

java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql

@@ -17,11 +17,11 @@ import java
 import semmle.code.xml.MavenPom
 
 predicate isInsecureRepositoryUsage(DeclaredRepository repository) {
-  repository.getUrl().regexpMatch("(?i)^(http|ftp)://(?!localhost[:/]).*")
+  repository.getRepositoryUrl().regexpMatch("(?i)^(http|ftp)://(?!localhost[:/]).*")
 }
 
 from DeclaredRepository repository
 where isInsecureRepositoryUsage(repository)
 select repository,
   "Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository " +
-    repository.getUrl()
+    repository.getRepositoryUrl()