Go/Java/C#: Rename to ActiveThreatModelSource

As part of adding support for threat-models to Python/JS (see github#17203), we ran into some trouble with name clashes. Naming in existing languages supporting threat-models: - `SourceNode` (for QL only modeling) - `ThreatModelFlowSource` (for active sources from QL or data-extensions) However, since we use `LocalSourceNode` in Python, and `SourceNode` in JS (for local source nodes), it seems a bit confusing to follow the same naming convention as other languages, and we had to come up with new names. Initially I used `ThreatModelSource` for the "QL only modeling", but that meant that we needed a new name to represent the active sources coming from either QL or data-extensions... for this I came up with `ActiveThreatModelSource`, and I really liked it. To me, it's much clearer that this class only contains the currently active threat model sources. So to align languages, I got approval from @michaelnebel to rename the existing classes.
RasmusWL · Sep 10, 2024 · 038bc83 · 038bc83
1 parent 90f7b30
commit 038bc83
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 6 deletions.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/FlowSources.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/FlowSources.qll
@@ -20,11 +20,18 @@ abstract class SourceNode extends DataFlow::Node {
 }
 
 /**
+ * DEPRECATED: Use `ActiveThreatModelSource` instead.
+ *
  * A class of data flow sources that respects the
  * current threat model configuration.
  */
-class ThreatModelFlowSource extends DataFlow::Node {
-  ThreatModelFlowSource() {
+deprecated class ThreatModelFlowSource = ActiveThreatModelSource;
+
+/**
+ * A data flow source that is enabled in the current threat model configuration.
+ */
+class ActiveThreatModelSource extends DataFlow::Node {
+  ActiveThreatModelSource() {
     exists(string kind |
       // Specific threat model.
       currentThreatModel(kind) and

diff --git a/go/ql/lib/semmle/go/security/FlowSources.qll b/go/ql/lib/semmle/go/security/FlowSources.qll
@@ -55,11 +55,18 @@ abstract class SourceNode extends DataFlow::Node {
 }
 
 /**
+ * DEPRECATED: Use `ActiveThreatModelSource` instead.
+ *
  * A class of data flow sources that respects the
  * current threat model configuration.
  */
-class ThreatModelFlowSource extends DataFlow::Node {
-  ThreatModelFlowSource() {
+deprecated class ThreatModelFlowSource = ActiveThreatModelSource;
+
+/**
+ * A data flow source that is enabled in the current threat model configuration.
+ */
+class ActiveThreatModelSource extends DataFlow::Node {
+  ActiveThreatModelSource() {
     exists(string kind |
       // Specific threat model.
       currentThreatModel(kind) and

diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -42,11 +42,18 @@ abstract class SourceNode extends DataFlow::Node {
 }
 
 /**
+ * DEPRECATED: Use `ActiveThreatModelSource` instead.
+ *
  * A class of data flow sources that respects the
  * current threat model configuration.
  */
-class ThreatModelFlowSource extends DataFlow::Node {
-  ThreatModelFlowSource() {
+deprecated class ThreatModelFlowSource = ActiveThreatModelSource;
+
+/**
+ * A data flow source that is enabled in the current threat model configuration.
+ */
+class ActiveThreatModelSource extends DataFlow::Node {
+  ActiveThreatModelSource() {
     exists(string kind |
       // Specific threat model.
       currentThreatModel(kind) and