Merge pull request #17424 from RasmusWL/active-threat-model-source

Go/Java/C#: Rename `ThreatModelFlowSource` to `ActiveThreatModelSource`

csharp/ql/lib/change-notes/2024-09-10-ActiveThreatModelSource.md

@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The class `ThreatModelFlowSource` has been renamed to `ActiveThreatModelSource` to more clearly reflect it only contains the currently active threat model sources. `ThreatModelFlowSource` has been marked as deprecated.

csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll

@@ -18,7 +18,7 @@ private predicate needsChecks(ActionMethod m) { m.isEdit() and not m.isAdmin() }
  * that may indicate that it's used as the ID for some resource
  */
 private predicate hasIdParameter(ActionMethod m) {
-  exists(ThreatModelFlowSource src | src.getEnclosingCallable() = m |
+  exists(ActiveThreatModelSource src | src.getEnclosingCallable() = m |
     src.asParameter().getName().toLowerCase().matches(["%id", "%idx"])
     or
     // handle cases like `Request.QueryString["Id"]`

csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll

@@ -55,7 +55,7 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
 deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { }
 

csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll

@@ -57,7 +57,7 @@ module CommandInjection = TaintTracking::Global<CommandInjectionConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /** Command Injection sinks defined through Models as Data. */
 private class ExternalCommandInjectionExprSink extends Sink {

csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll

@@ -54,7 +54,7 @@ module ConditionalBypass = TaintTracking::Global<ConditionalBypassConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /** The result of a reverse dns may be user-controlled. */
 class ReverseDnsSource extends Source {

csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll

@@ -73,14 +73,14 @@ class ExternalApiDataNode extends DataFlow::Node {
   }
 }
 
-/** A configuration for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */
+/** A configuration for tracking flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */
 private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
 
-/** A module for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */
+/** A module for tracking flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */
 module RemoteSourceToExternalApi = TaintTracking::Global<RemoteSourceToExternalApiConfig>;
 
 /** A node representing untrusted data being passed to an external API. */

csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll

@@ -60,7 +60,7 @@ module LdapInjection = TaintTracking::Global<LdapInjectionConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /** LDAP sinks defined through Models as Data. */
 private class ExternalLdapExprSink extends Sink {

csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll

@@ -43,7 +43,7 @@ private module LogForgingConfig implements DataFlow::ConfigSig {
 module LogForging = TaintTracking::Global<LogForgingConfig>;
 
 /** A source of remote user input. */
-private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+private class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 private class HtmlSanitizer extends Sanitizer {
   HtmlSanitizer() { this.asExpr() instanceof HtmlSanitizedExpr }

csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll

@@ -48,7 +48,7 @@ private module MissingXmlValidationConfig implements DataFlow::ConfigSig {
 module MissingXmlValidation = TaintTracking::Global<MissingXmlValidationConfig>;
 
 /**
- * DEPRECATED: Use `ThreatModelFlowSource` instead.
+ * DEPRECATED: Use `ActiveThreatModelSource` instead.
  *
  * A source of remote user input.
  */
@@ -57,7 +57,7 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
 /**
  * A source supported by the current threat model.
  */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /**
  * The input argument to a call to `XmlReader.Create` where the input will not be validated against

csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll

@@ -49,7 +49,7 @@ module ReDoS = TaintTracking::Global<ReDoSConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /**
  * An expression that represents a regular expression with potential exponential behavior.

csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll

@@ -48,7 +48,7 @@ module RegexInjection = TaintTracking::Global<RegexInjectionConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /**
  * A `pattern` argument to a construction of a `Regex`.

csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll

@@ -54,7 +54,7 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
 deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /** An argument to the `ConnectionString` property on a data connection class. */
 class SqlConnectionStringSink extends Sink {

csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll

@@ -65,7 +65,7 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
 deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /** An SQL expression passed to an API call that executes SQL. */
 class SqlInjectionExprSink extends Sink {

csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll

@@ -50,7 +50,7 @@ module TaintedPath = TaintTracking::Global<TaintedPathConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /**
  * A path argument to a `File` method call.

csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll

@@ -49,7 +49,7 @@ abstract private class ConstructorOrStaticMethodSink extends Sink { }
  */
 abstract class Sanitizer extends DataFlow::Node { }
 
-private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+private class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /**
  * User input to object method call deserialization flow tracking configuration.

csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll

@@ -52,7 +52,7 @@ module UrlRedirect = TaintTracking::Global<UrlRedirectConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /** URL Redirection sinks defined through Models as Data. */
 private class ExternalUrlRedirectExprSink extends Sink {

csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll

@@ -15,7 +15,7 @@ private import semmle.code.csharp.security.Sanitizers
  */
 abstract class Source extends DataFlow::Node { }
 
-private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+private class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /**
  * A data flow sink for untrusted user input used in XML processing.

csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll

@@ -58,7 +58,7 @@ module XpathInjection = TaintTracking::Global<XpathInjectionConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /** The `xpath` argument to an `XPathExpression.Compile(..)` call. */
 class XPathExpressionCompileSink extends Sink {

csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll

@@ -165,7 +165,7 @@ module XssTrackingConfig implements DataFlow::ConfigSig {
 module XssTracking = TaintTracking::Global<XssTrackingConfig>;
 
 /** A source supported by the current threat model. */
-private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+private class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { }
 

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/FlowSources.qll

@@ -20,11 +20,18 @@ abstract class SourceNode extends DataFlow::Node {
 }
 
 /**
+ * DEPRECATED: Use `ActiveThreatModelSource` instead.
+ *
  * A class of data flow sources that respects the
  * current threat model configuration.
  */
-class ThreatModelFlowSource extends DataFlow::Node {
-  ThreatModelFlowSource() {
+deprecated class ThreatModelFlowSource = ActiveThreatModelSource;
+
+/**
+ * A data flow source that is enabled in the current threat model configuration.
+ */
+class ActiveThreatModelSource extends DataFlow::Node {
+  ActiveThreatModelSource() {
     exists(string kind |
       // Specific threat model.
       currentThreatModel(kind) and

csharp/ql/src/Security Features/CWE-091/XMLInjection.ql

@@ -20,7 +20,7 @@ import XmlInjection::PathGraph
  * A taint-tracking configuration for untrusted user input used in XML.
  */
 module XmlInjectionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc |

csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql

@@ -21,7 +21,7 @@ import AssemblyPathInjection::PathGraph
  * A taint-tracking configuration for untrusted user input used to load a DLL.
  */
 module AssemblyPathInjectionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc, string name, int arg |

csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql

@@ -17,7 +17,7 @@ import semmle.code.csharp.frameworks.Format
 import FormatString::PathGraph
 
 module FormatStringConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) {
     sink.asExpr() = any(FormatCall call | call.hasInsertions()).getFormatExpr()

csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll

@@ -61,7 +61,7 @@ module TaintedWebClient = TaintTracking::Global<TaintedWebClientConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /**
  * A path argument to a `WebClient` method call that has an address argument.

csharp/ql/src/experimental/CWE-918/RequestForgery.qll

@@ -60,7 +60,7 @@ module RequestForgery {
   /**
    * A dataflow source for Server Side Request Forgery(SSRF) Vulnerabilities.
    */
-  private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+  private class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
   /**
    * An url argument to a `HttpRequestMessage` constructor call

csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandArgs.ql

@@ -2,5 +2,5 @@ import csharp
 import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 
 from DataFlow::Node source
-where source instanceof ThreatModelFlowSource
+where source instanceof ActiveThreatModelSource
 select source

csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandLineFlow.ql

@@ -2,7 +2,7 @@ import csharp
 import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 
 module CommandLineFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc | mc.getTarget().hasName("Sink") | sink.asExpr() = mc.getArgument(0))

csharp/ql/test/library-tests/dataflow/flowsources/local/registry/Registry.ql

@@ -2,5 +2,5 @@ import csharp
 import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 
 from DataFlow::Node source
-where source instanceof ThreatModelFlowSource
+where source instanceof ActiveThreatModelSource
 select source, source.(SourceNode).getThreatModel()

csharp/ql/test/library-tests/dataflow/flowsources/stored/database/dapper/DatabaseSources.ql

@@ -4,7 +4,7 @@ import TestUtilities.InlineFlowTest
 import TaintFlowTest<DatabaseConfig>
 
 module DatabaseConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc | mc.getTarget().hasName("Sink") | sink.asExpr() = mc.getArgument(0))

csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ql

@@ -4,7 +4,7 @@ import TestUtilities.InlineFlowTest
 import TaintFlowTest<FilesConfig>
 
 module FilesConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc | mc.getTarget().hasName("Sink") | sink.asExpr() = mc.getArgument(0))

csharp/ql/test/library-tests/dataflow/threat-models/Test.qll

@@ -4,7 +4,7 @@ private import semmle.code.csharp.dataflow.internal.ExternalFlow
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 
 private module ThreatModelConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }
 }

go/ql/lib/change-notes/2024-09-10-ActiveThreatModelSource.md

@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The class `ThreatModelFlowSource` has been renamed to `ActiveThreatModelSource` to more clearly reflect it only contains the currently active threat model sources. `ThreatModelFlowSource` has been marked as deprecated.

go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll

@@ -31,12 +31,12 @@ module CommandInjection {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /**
-   * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead.
+   * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead.
    */
   deprecated class UntrustedFlowAsSource = ThreatModelFlowAsSource;
 
   /** A source of untrusted data, considered as a taint source for command injection. */
-  private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { }
+  private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { }
 
   /** A command name, considered as a taint sink for command injection. */
   class CommandNameAsSink extends Sink {

go/ql/lib/semmle/go/security/ExternalAPIs.qll

@@ -183,24 +183,24 @@ class UnknownExternalApiDataNode extends ExternalApiDataNode {
 }
 
 private module UntrustedDataConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
 
 /**
- * Tracks data flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s.
+ * Tracks data flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s.
  */
 module UntrustedDataToExternalApiFlow = DataFlow::Global<UntrustedDataConfig>;
 
 private module UntrustedDataToUnknownExternalApiConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode }
 }
 
 /**
- * Tracks data flow from `ThreatModelFlowSource`s to `UnknownExternalApiDataNode`s.
+ * Tracks data flow from `ActiveThreatModelSource`s to `UnknownExternalApiDataNode`s.
  */
 module UntrustedDataToUnknownExternalApiFlow =
   DataFlow::Global<UntrustedDataToUnknownExternalApiConfig>;

go/ql/lib/semmle/go/security/FlowSources.qll

@@ -55,11 +55,18 @@ abstract class SourceNode extends DataFlow::Node {
 }
 
 /**
+ * DEPRECATED: Use `ActiveThreatModelSource` instead.
+ *
  * A class of data flow sources that respects the
  * current threat model configuration.
  */
-class ThreatModelFlowSource extends DataFlow::Node {
-  ThreatModelFlowSource() {
+deprecated class ThreatModelFlowSource = ActiveThreatModelSource;
+
+/**
+ * A data flow source that is enabled in the current threat model configuration.
+ */
+class ActiveThreatModelSource extends DataFlow::Node {
+  ActiveThreatModelSource() {
     exists(string kind |
       // Specific threat model.
       currentThreatModel(kind) and

go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll

@@ -26,12 +26,12 @@ module LogInjection {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /**
-   * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead.
+   * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead.
    */
   deprecated class UntrustedFlowAsSource = ThreatModelFlowAsSource;
 
   /** A source of untrusted data, considered as a taint source for log injection. */
-  private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { }
+  private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { }
 
   /** An argument to a logging mechanism. */
   class LoggerSink extends Sink {

go/ql/lib/semmle/go/security/MissingJwtSignatureCheckCustomizations.qll

@@ -49,7 +49,7 @@ module MissingJwtSignatureCheck {
     }
   }
 
-  private class DefaultSource extends Source instanceof ThreatModelFlowSource { }
+  private class DefaultSource extends Source instanceof ActiveThreatModelSource { }
 
   private class DefaultSink extends Sink {
     DefaultSink() { sinkNode(this, "jwt") }