Python: Resolve name conflict over XML module

Not the prettiest solution... but it works ¯\_(ツ)_/¯

Author: RasmusWL

python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql

@@ -17,7 +17,7 @@ from DataFlow::CallCfgNode call, string kinds
 where
   call = API::moduleImport("xmlrpc").getMember("server").getMember("SimpleXMLRPCServer").getACall() and
   kinds =
-    strictconcat(XML::XMLVulnerabilityKind kind |
+    strictconcat(ExperimentalXML::XMLVulnerabilityKind kind |
       kind.isBillionLaughs() or kind.isQuadraticBlowup()
     |
       kind, ", "

python/ql/src/experimental/semmle/python/Concepts.qll

@@ -14,7 +14,11 @@ private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.TaintTracking
 private import experimental.semmle.python.Frameworks
 
-module XML {
+/**
+ * Since there is both XML module in normal and experimental Concepts,
+ * we have to rename the experimental module as this.
+ */
+module ExperimentalXML {
   /**
    * A kind of XML vulnerability.
    *

python/ql/src/experimental/semmle/python/frameworks/Xml.qll

@@ -8,6 +8,8 @@ private import semmle.python.dataflow.new.DataFlow
 private import experimental.semmle.python.Concepts
 private import semmle.python.ApiGraphs
 
+module XML = ExperimentalXML;
+
 private module XmlEtree {
   /**
    * Provides models for `xml.etree` parsers

python/ql/src/experimental/semmle/python/security/dataflow/XmlEntityInjectionCustomizations.qll

@@ -54,7 +54,7 @@ module XmlEntityInjection {
    * See `XML::XMLParsing`.
    */
   class XMLParsingInputAsSink extends Sink {
-    XML::XMLParsing xmlParsing;
+    ExperimentalXML::XMLParsing xmlParsing;
 
     XMLParsingInputAsSink() { this = xmlParsing.getAnInput() }