From 038bc832a7cf21e02aa3ccbd4ec478688f68b3f2 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Tue, 10 Sep 2024 14:46:15 +0200 Subject: [PATCH] Go/Java/C#: Rename to `ActiveThreatModelSource` As part of adding support for threat-models to Python/JS (see https://github.com/github/codeql/pull/17203), we ran into some trouble with name clashes. Naming in existing languages supporting threat-models: - `SourceNode` (for QL only modeling) - `ThreatModelFlowSource` (for active sources from QL or data-extensions) However, since we use `LocalSourceNode` in Python, and `SourceNode` in JS (for local source nodes), it seems a bit confusing to follow the same naming convention as other languages, and we had to come up with new names. Initially I used `ThreatModelSource` for the "QL only modeling", but that meant that we needed a new name to represent the active sources coming from either QL or data-extensions... for this I came up with `ActiveThreatModelSource`, and I really liked it. To me, it's much clearer that this class only contains the currently active threat model sources. So to align languages, I got approval from @michaelnebel to rename the existing classes. --- .../security/dataflow/flowsources/FlowSources.qll | 11 +++++++++-- go/ql/lib/semmle/go/security/FlowSources.qll | 11 +++++++++-- java/ql/lib/semmle/code/java/dataflow/FlowSources.qll | 11 +++++++++-- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/FlowSources.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/FlowSources.qll index c610b3de4c74..526e337e9dac 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/FlowSources.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/FlowSources.qll @@ -20,11 +20,18 @@ abstract class SourceNode extends DataFlow::Node { } /** + * DEPRECATED: Use `ActiveThreatModelSource` instead. + * * A class of data flow sources that respects the * current threat model configuration. */ -class ThreatModelFlowSource extends DataFlow::Node { - ThreatModelFlowSource() { +deprecated class ThreatModelFlowSource = ActiveThreatModelSource; + +/** + * A data flow source that is enabled in the current threat model configuration. + */ +class ActiveThreatModelSource extends DataFlow::Node { + ActiveThreatModelSource() { exists(string kind | // Specific threat model. currentThreatModel(kind) and diff --git a/go/ql/lib/semmle/go/security/FlowSources.qll b/go/ql/lib/semmle/go/security/FlowSources.qll index f982419f7c8a..258f924b6fb2 100644 --- a/go/ql/lib/semmle/go/security/FlowSources.qll +++ b/go/ql/lib/semmle/go/security/FlowSources.qll @@ -55,11 +55,18 @@ abstract class SourceNode extends DataFlow::Node { } /** + * DEPRECATED: Use `ActiveThreatModelSource` instead. + * * A class of data flow sources that respects the * current threat model configuration. */ -class ThreatModelFlowSource extends DataFlow::Node { - ThreatModelFlowSource() { +deprecated class ThreatModelFlowSource = ActiveThreatModelSource; + +/** + * A data flow source that is enabled in the current threat model configuration. + */ +class ActiveThreatModelSource extends DataFlow::Node { + ActiveThreatModelSource() { exists(string kind | // Specific threat model. currentThreatModel(kind) and diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index d18d8e4c8a49..bd3ae459a97a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -42,11 +42,18 @@ abstract class SourceNode extends DataFlow::Node { } /** + * DEPRECATED: Use `ActiveThreatModelSource` instead. + * * A class of data flow sources that respects the * current threat model configuration. */ -class ThreatModelFlowSource extends DataFlow::Node { - ThreatModelFlowSource() { +deprecated class ThreatModelFlowSource = ActiveThreatModelSource; + +/** + * A data flow source that is enabled in the current threat model configuration. + */ +class ActiveThreatModelSource extends DataFlow::Node { + ActiveThreatModelSource() { exists(string kind | // Specific threat model. currentThreatModel(kind) and