-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Go/Java/C#: Rename ThreatModelFlowSource
to ActiveThreatModelSource
#17424
Conversation
As part of adding support for threat-models to Python/JS (see github#17203), we ran into some trouble with name clashes. Naming in existing languages supporting threat-models: - `SourceNode` (for QL only modeling) - `ThreatModelFlowSource` (for active sources from QL or data-extensions) However, since we use `LocalSourceNode` in Python, and `SourceNode` in JS (for local source nodes), it seems a bit confusing to follow the same naming convention as other languages, and we had to come up with new names. Initially I used `ThreatModelSource` for the "QL only modeling", but that meant that we needed a new name to represent the active sources coming from either QL or data-extensions... for this I came up with `ActiveThreatModelSource`, and I really liked it. To me, it's much clearer that this class only contains the currently active threat model sources. So to align languages, I got approval from @michaelnebel to rename the existing classes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Uh, thank very much for doing this @RasmusWL !
csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll
Outdated
Show resolved
Hide resolved
76a6ffc
to
66b61ee
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, but there's a formatting error
go/ql/src/experimental/CWE-090/LDAPInjection.qll would change by autoformatting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
C# LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Java LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Go LGTM
Go/Java/C#: Rename to
ActiveThreatModelSource
Context for wanting this change
As part of adding support for threat-models to Python/JS (see #17203), we ran into some trouble with name clashes.
Naming in existing languages supporting threat-models:
SourceNode
(for QL only modeling)ThreatModelFlowSource
(for active sources from QL or data-extensions)However, since we use
LocalSourceNode
in Python, andSourceNode
in JS (for local source nodes), it seems a bit confusing to follow the same naming convention as other languages, and we had to come up with new names.Initially I used
ThreatModelSource
for the "QL only modeling", but that meant that we needed a new name to represent the active sources coming from either QL or data-extensions... for this I came up withActiveThreatModelSource
, and I really liked it. To me, it's much clearer that this class only contains the currently active threat model sources.So to align languages, I got approval from @michaelnebel to rename the existing classes.