From 8c10155eb7f3090e95131bc9beb046ed9def4a08 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Tue, 10 Sep 2024 14:55:07 +0200 Subject: [PATCH] mass rename to ActiveThreatModelSource --- .../auth/InsecureDirectObjectReferenceQuery.qll | 2 +- .../security/dataflow/CodeInjectionQuery.qll | 2 +- .../security/dataflow/CommandInjectionQuery.qll | 2 +- .../security/dataflow/ConditionalBypassQuery.qll | 2 +- .../security/dataflow/ExternalAPIsQuery.qll | 6 +++--- .../security/dataflow/LDAPInjectionQuery.qll | 2 +- .../csharp/security/dataflow/LogForgingQuery.qll | 2 +- .../dataflow/MissingXMLValidationQuery.qll | 4 ++-- .../code/csharp/security/dataflow/ReDoSQuery.qll | 2 +- .../security/dataflow/RegexInjectionQuery.qll | 2 +- .../security/dataflow/ResourceInjectionQuery.qll | 2 +- .../security/dataflow/SqlInjectionQuery.qll | 2 +- .../security/dataflow/TaintedPathQuery.qll | 2 +- .../dataflow/UnsafeDeserializationQuery.qll | 2 +- .../security/dataflow/UrlRedirectQuery.qll | 2 +- .../dataflow/XMLEntityInjectionQuery.qll | 2 +- .../security/dataflow/XPathInjectionQuery.qll | 2 +- .../code/csharp/security/dataflow/XSSQuery.qll | 2 +- .../Security Features/CWE-091/XMLInjection.ql | 2 +- .../CWE-114/AssemblyPathInjection.ql | 2 +- .../CWE-134/UncontrolledFormatString.ql | 2 +- .../experimental/CWE-099/TaintedWebClientLib.qll | 2 +- .../src/experimental/CWE-918/RequestForgery.qll | 2 +- .../flowsources/local/commandargs/CommandArgs.ql | 2 +- .../local/commandargs/CommandLineFlow.ql | 2 +- .../flowsources/local/registry/Registry.ql | 2 +- .../stored/database/dapper/DatabaseSources.ql | 2 +- .../dataflow/flowsources/stored/file/Files.ql | 2 +- .../dataflow/threat-models/Test.qll | 2 +- .../security/CommandInjectionCustomizations.qll | 4 ++-- go/ql/lib/semmle/go/security/ExternalAPIs.qll | 8 ++++---- .../go/security/LogInjectionCustomizations.qll | 4 ++-- .../MissingJwtSignatureCheckCustomizations.qll | 2 +- .../security/OpenUrlRedirectCustomizations.qll | 4 ++-- .../go/security/ReflectedXssCustomizations.qll | 4 ++-- .../go/security/RequestForgeryCustomizations.qll | 4 ++-- .../go/security/SqlInjectionCustomizations.qll | 4 ++-- .../go/security/TaintedPathCustomizations.qll | 4 ++-- .../UncontrolledAllocationSizeCustomizations.qll | 2 +- .../go/security/XPathInjectionCustomizations.qll | 4 ++-- .../CWE-640/EmailInjectionCustomizations.qll | 4 ++-- go/ql/src/experimental/CWE-090/LDAPInjection.qll | 10 ++++++---- go/ql/src/experimental/CWE-203/Timing.ql | 2 +- .../CWE-287/ImproperLdapAuthCustomizations.qll | 2 +- go/ql/src/experimental/CWE-369/DivideByZero.ql | 2 +- go/ql/src/experimental/CWE-74/DsnInjection.ql | 2 +- .../CWE-79/HTMLTemplateEscapingPassthrough.ql | 8 ++++---- .../CWE-807/SensitiveConditionBypass.qll | 4 ++-- .../experimental/CWE-840/ConditionalBypass.ql | 2 +- go/ql/src/experimental/CWE-918/SSRF.qll | 4 ++-- .../experimental/CWE-942/CorsMisconfiguration.ql | 16 ++++++++-------- .../frameworks/DecompressionBombs.qll | 2 +- .../semmle/go/dataflow/ThreatModels/Test.qll | 2 +- .../flowsources/local/environment/test.ql | 2 +- .../go/dataflow/flowsources/local/file/test.ql | 2 +- .../semmle/code/java/dataflow/FlowSources.qll | 4 ++-- .../java/dataflow/internal/TaintTrackingUtil.qll | 2 +- .../security/AndroidIntentRedirectionQuery.qll | 6 +++--- .../java/security/ArbitraryApkInstallation.qll | 2 +- .../java/security/ArithmeticTaintedQuery.qll | 4 ++-- .../code/java/security/CommandLineQuery.qll | 2 +- .../java/security/ConditionalBypassQuery.qll | 2 +- .../semmle/code/java/security/ExternalAPIs.qll | 4 ++-- .../ExternallyControlledFormatStringQuery.qll | 2 +- .../java/security/FragmentInjectionQuery.qll | 2 +- .../code/java/security/GroovyInjectionQuery.qll | 2 +- ...mproperValidationOfArrayConstructionQuery.qll | 2 +- .../ImproperValidationOfArrayIndexQuery.qll | 2 +- .../security/InsecureBeanValidationQuery.qll | 2 +- .../IntentUriPermissionManipulationQuery.qll | 2 +- .../code/java/security/JexlInjectionQuery.qll | 2 +- .../code/java/security/JndiInjectionQuery.qll | 2 +- .../code/java/security/LdapInjectionQuery.qll | 2 +- .../code/java/security/LogInjectionQuery.qll | 2 +- .../code/java/security/MvelInjectionQuery.qll | 2 +- .../java/security/NumericCastTaintedQuery.qll | 2 +- .../code/java/security/OgnlInjectionQuery.qll | 2 +- .../java/security/PartialPathTraversalQuery.qll | 2 +- .../code/java/security/RequestForgeryConfig.qll | 2 +- .../java/security/ResponseSplittingQuery.qll | 2 +- .../security/SensitiveResultReceiverQuery.qll | 2 +- .../code/java/security/SpelInjectionQuery.qll | 2 +- .../code/java/security/SqlInjectionQuery.qll | 2 +- .../security/TaintedEnvironmentVariableQuery.qll | 2 +- .../code/java/security/TaintedPathQuery.qll | 2 +- .../security/TaintedPermissionsCheckQuery.qll | 2 +- .../code/java/security/TemplateInjection.qll | 2 +- .../security/TrustBoundaryViolationQuery.qll | 2 +- .../java/security/UnsafeAndroidAccessQuery.qll | 2 +- .../security/UnsafeContentUriResolutionQuery.qll | 2 +- .../java/security/UnsafeDeserializationQuery.qll | 4 ++-- .../code/java/security/UrlForwardQuery.qll | 2 +- .../code/java/security/UrlRedirectQuery.qll | 2 +- .../code/java/security/XPathInjectionQuery.qll | 2 +- .../code/java/security/XsltInjectionQuery.qll | 2 +- .../lib/semmle/code/java/security/XssQuery.qll | 2 +- .../semmle/code/java/security/XxeRemoteQuery.qll | 2 +- .../security/regexp/PolynomialReDoSQuery.qll | 2 +- .../java/security/regexp/RegexInjectionQuery.qll | 2 +- .../Security/CWE/CWE-020/Log4jJndiInjection.ql | 2 +- .../Security/CWE/CWE-036/OpenStream.ql | 2 +- .../Security/CWE/CWE-073/FilePathInjection.ql | 2 +- .../CWE/CWE-078/CommandInjectionRuntimeExec.ql | 2 +- .../CWE/CWE-089/MyBatisAnnotationSqlInjection.ql | 2 +- .../CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql | 2 +- .../Security/CWE/CWE-094/BeanShellInjection.ql | 2 +- .../Security/CWE/CWE-094/JShellInjection.ql | 2 +- .../CWE-094/JakartaExpressionInjectionLib.qll | 2 +- .../Security/CWE/CWE-094/JythonInjection.ql | 6 +++--- .../Security/CWE/CWE-094/ScriptInjection.ql | 4 ++-- .../CWE/CWE-094/SpringViewManipulationLib.qll | 2 +- .../CWE/CWE-200/InsecureWebResourceResponse.ql | 2 +- .../NonConstantTimeCheckOnSignatureQuery.qll | 4 ++-- .../Security/CWE/CWE-346/UnvalidatedCors.ql | 2 +- .../Security/CWE/CWE-352/JsonpInjection.ql | 2 +- .../Security/CWE/CWE-352/JsonpInjectionLib.qll | 2 +- .../Security/CWE/CWE-400/ThreadResourceAbuse.ql | 2 +- .../Security/CWE/CWE-470/UnsafeReflection.ql | 2 +- .../CWE/CWE-600/UncaughtServletException.ql | 4 ++-- .../Security/CWE/CWE-601/SpringUrlRedirect.ql | 2 +- .../Security/CWE/CWE-652/XQueryInjection.ql | 2 +- .../Security/CWE/CWE-755/NFEAndroidDoS.ql | 2 +- .../entrypoint-types/EntryPointTypesTest.ql | 2 +- .../dataflow/threat-models/Test.qll | 2 +- .../library-tests/frameworks/JaxWs/JaxRsFlow.ql | 2 +- .../frameworks/android/content-provider/test.ql | 2 +- .../frameworks/android/external-storage/test.ql | 2 +- .../frameworks/android/slice/test.ql | 2 +- .../sources/OnActivityResultSourceTest.ql | 2 +- .../library-tests/frameworks/apache-http/flow.ql | 2 +- .../test/library-tests/frameworks/guice/flow.ql | 2 +- .../library-tests/frameworks/jms/FlowTest.ql | 2 +- .../frameworks/netty/manual/test.ql | 2 +- .../frameworks/rabbitmq/FlowTest.ql | 2 +- .../library-tests/frameworks/ratpack/flow.ql | 2 +- .../frameworks/spring/controller/test.ql | 2 +- 136 files changed, 179 insertions(+), 177 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll index 858adcc2268..2ea422855ad 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll @@ -18,7 +18,7 @@ private predicate needsChecks(ActionMethod m) { m.isEdit() and not m.isAdmin() } * that may indicate that it's used as the ID for some resource */ private predicate hasIdParameter(ActionMethod m) { - exists(ThreatModelFlowSource src | src.getEnclosingCallable() = m | + exists(ActiveThreatModelSource src | src.getEnclosingCallable() = m | src.asParameter().getName().toLowerCase().matches(["%id", "%idx"]) or // handle cases like `Request.QueryString["Id"]` diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll index 2b55697ebda..8ec9122864f 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll @@ -55,7 +55,7 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll index 24c80c07f89..84352389c41 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll @@ -57,7 +57,7 @@ module CommandInjection = TaintTracking::Global; deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** Command Injection sinks defined through Models as Data. */ private class ExternalCommandInjectionExprSink extends Sink { diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll index 2bc10dead22..f92bb0d2f44 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll @@ -54,7 +54,7 @@ module ConditionalBypass = TaintTracking::Global; deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** The result of a reverse dns may be user-controlled. */ class ReverseDnsSource extends Source { diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll index 69a1823a455..f1a64f6810b 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll @@ -73,14 +73,14 @@ class ExternalApiDataNode extends DataFlow::Node { } } -/** A configuration for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */ +/** A configuration for tracking flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */ private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } } -/** A module for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */ +/** A module for tracking flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */ module RemoteSourceToExternalApi = TaintTracking::Global; /** A node representing untrusted data being passed to an external API. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll index bdba76bfb5c..e2e96034c41 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll @@ -60,7 +60,7 @@ module LdapInjection = TaintTracking::Global; deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** LDAP sinks defined through Models as Data. */ private class ExternalLdapExprSink extends Sink { diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll index 7c4429bcbf8..8181c9bcb74 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll @@ -43,7 +43,7 @@ private module LogForgingConfig implements DataFlow::ConfigSig { module LogForging = TaintTracking::Global; /** A source of remote user input. */ -private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +private class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } private class HtmlSanitizer extends Sanitizer { HtmlSanitizer() { this.asExpr() instanceof HtmlSanitizedExpr } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll index 4e14bed2c33..3401dab7ea2 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll @@ -48,7 +48,7 @@ private module MissingXmlValidationConfig implements DataFlow::ConfigSig { module MissingXmlValidation = TaintTracking::Global; /** - * DEPRECATED: Use `ThreatModelFlowSource` instead. + * DEPRECATED: Use `ActiveThreatModelSource` instead. * * A source of remote user input. */ @@ -57,7 +57,7 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource /** * A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** * The input argument to a call to `XmlReader.Create` where the input will not be validated against diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll index f6225ce36bd..5addc03bd88 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll @@ -49,7 +49,7 @@ module ReDoS = TaintTracking::Global; deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** * An expression that represents a regular expression with potential exponential behavior. diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll index 8affdb1e9dd..620c07a9ea2 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll @@ -48,7 +48,7 @@ module RegexInjection = TaintTracking::Global; deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** * A `pattern` argument to a construction of a `Regex`. diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll index dd1c088042d..40814729e55 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll @@ -54,7 +54,7 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** An argument to the `ConnectionString` property on a data connection class. */ class SqlConnectionStringSink extends Sink { diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll index 5a900461af7..cc7b61c31f2 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll @@ -65,7 +65,7 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** An SQL expression passed to an API call that executes SQL. */ class SqlInjectionExprSink extends Sink { diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll index 21c3cbdf942..bdc7245aeb2 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll @@ -50,7 +50,7 @@ module TaintedPath = TaintTracking::Global; deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** * A path argument to a `File` method call. diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll index 51aef35272f..009e1ab73c1 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll @@ -49,7 +49,7 @@ abstract private class ConstructorOrStaticMethodSink extends Sink { } */ abstract class Sanitizer extends DataFlow::Node { } -private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +private class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** * User input to object method call deserialization flow tracking configuration. diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll index 09f6130985f..0838fe7be4b 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll @@ -52,7 +52,7 @@ module UrlRedirect = TaintTracking::Global; deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** URL Redirection sinks defined through Models as Data. */ private class ExternalUrlRedirectExprSink extends Sink { diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll index 4efeadb3c7e..38801410d85 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll @@ -15,7 +15,7 @@ private import semmle.code.csharp.security.Sanitizers */ abstract class Source extends DataFlow::Node { } -private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +private class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** * A data flow sink for untrusted user input used in XML processing. diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll index 0e8e41c9773..140870c70fa 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll @@ -58,7 +58,7 @@ module XpathInjection = TaintTracking::Global; deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** The `xpath` argument to an `XPathExpression.Compile(..)` call. */ class XPathExpressionCompileSink extends Sink { diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll index 4ea9e562bb5..81029cc6572 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll @@ -165,7 +165,7 @@ module XssTrackingConfig implements DataFlow::ConfigSig { module XssTracking = TaintTracking::Global; /** A source supported by the current threat model. */ -private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +private class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { } diff --git a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql index 042e2aa9f17..16eca675e6a 100644 --- a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql +++ b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql @@ -20,7 +20,7 @@ import XmlInjection::PathGraph * A taint-tracking configuration for untrusted user input used in XML. */ module XmlInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(MethodCall mc | diff --git a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql index 9d30366af8f..118591f3f9e 100644 --- a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql +++ b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql @@ -21,7 +21,7 @@ import AssemblyPathInjection::PathGraph * A taint-tracking configuration for untrusted user input used to load a DLL. */ module AssemblyPathInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(MethodCall mc, string name, int arg | diff --git a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql index 7eec0bb90c6..a027170dc37 100644 --- a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql +++ b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql @@ -17,7 +17,7 @@ import semmle.code.csharp.frameworks.Format import FormatString::PathGraph module FormatStringConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(FormatCall call | call.hasInsertions()).getFormatExpr() diff --git a/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll b/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll index eea18ae3b6e..716702ca008 100644 --- a/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll +++ b/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll @@ -61,7 +61,7 @@ module TaintedWebClient = TaintTracking::Global; deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } /** A source supported by the current threat model. */ -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** * A path argument to a `WebClient` method call that has an address argument. diff --git a/csharp/ql/src/experimental/CWE-918/RequestForgery.qll b/csharp/ql/src/experimental/CWE-918/RequestForgery.qll index dac68adfcc1..6d06ca5fa44 100644 --- a/csharp/ql/src/experimental/CWE-918/RequestForgery.qll +++ b/csharp/ql/src/experimental/CWE-918/RequestForgery.qll @@ -60,7 +60,7 @@ module RequestForgery { /** * A dataflow source for Server Side Request Forgery(SSRF) Vulnerabilities. */ - private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } + private class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } /** * An url argument to a `HttpRequestMessage` constructor call diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandArgs.ql b/csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandArgs.ql index aa89a4c3455..017c4370dfd 100644 --- a/csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandArgs.ql +++ b/csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandArgs.ql @@ -2,5 +2,5 @@ import csharp import semmle.code.csharp.security.dataflow.flowsources.FlowSources from DataFlow::Node source -where source instanceof ThreatModelFlowSource +where source instanceof ActiveThreatModelSource select source diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandLineFlow.ql b/csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandLineFlow.ql index 731043cf470..579514c496f 100644 --- a/csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandLineFlow.ql +++ b/csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandLineFlow.ql @@ -2,7 +2,7 @@ import csharp import semmle.code.csharp.security.dataflow.flowsources.FlowSources module CommandLineFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(MethodCall mc | mc.getTarget().hasName("Sink") | sink.asExpr() = mc.getArgument(0)) diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/local/registry/Registry.ql b/csharp/ql/test/library-tests/dataflow/flowsources/local/registry/Registry.ql index 9e2934e9e19..8462205d61a 100644 --- a/csharp/ql/test/library-tests/dataflow/flowsources/local/registry/Registry.ql +++ b/csharp/ql/test/library-tests/dataflow/flowsources/local/registry/Registry.ql @@ -2,5 +2,5 @@ import csharp import semmle.code.csharp.security.dataflow.flowsources.FlowSources from DataFlow::Node source -where source instanceof ThreatModelFlowSource +where source instanceof ActiveThreatModelSource select source, source.(SourceNode).getThreatModel() diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/stored/database/dapper/DatabaseSources.ql b/csharp/ql/test/library-tests/dataflow/flowsources/stored/database/dapper/DatabaseSources.ql index aa9372d73d2..aff922884ff 100644 --- a/csharp/ql/test/library-tests/dataflow/flowsources/stored/database/dapper/DatabaseSources.ql +++ b/csharp/ql/test/library-tests/dataflow/flowsources/stored/database/dapper/DatabaseSources.ql @@ -4,7 +4,7 @@ import TestUtilities.InlineFlowTest import TaintFlowTest module DatabaseConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(MethodCall mc | mc.getTarget().hasName("Sink") | sink.asExpr() = mc.getArgument(0)) diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ql b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ql index 1060ea756a2..ad8a40fa074 100644 --- a/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ql +++ b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ql @@ -4,7 +4,7 @@ import TestUtilities.InlineFlowTest import TaintFlowTest module FilesConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(MethodCall mc | mc.getTarget().hasName("Sink") | sink.asExpr() = mc.getArgument(0)) diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/Test.qll b/csharp/ql/test/library-tests/dataflow/threat-models/Test.qll index c2e200fd304..3f702d4b019 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/Test.qll +++ b/csharp/ql/test/library-tests/dataflow/threat-models/Test.qll @@ -4,7 +4,7 @@ private import semmle.code.csharp.dataflow.internal.ExternalFlow private import semmle.code.csharp.security.dataflow.flowsources.FlowSources private module ThreatModelConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) } } diff --git a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll index 6fec1b5d98c..c2874d7cdac 100644 --- a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll @@ -31,12 +31,12 @@ module CommandInjection { abstract class Sanitizer extends DataFlow::Node { } /** - * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead. + * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead. */ deprecated class UntrustedFlowAsSource = ThreatModelFlowAsSource; /** A source of untrusted data, considered as a taint source for command injection. */ - private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { } + private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { } /** A command name, considered as a taint sink for command injection. */ class CommandNameAsSink extends Sink { diff --git a/go/ql/lib/semmle/go/security/ExternalAPIs.qll b/go/ql/lib/semmle/go/security/ExternalAPIs.qll index 5eb41dd2579..6799099b999 100644 --- a/go/ql/lib/semmle/go/security/ExternalAPIs.qll +++ b/go/ql/lib/semmle/go/security/ExternalAPIs.qll @@ -183,24 +183,24 @@ class UnknownExternalApiDataNode extends ExternalApiDataNode { } private module UntrustedDataConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } } /** - * Tracks data flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. + * Tracks data flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */ module UntrustedDataToExternalApiFlow = DataFlow::Global; private module UntrustedDataToUnknownExternalApiConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode } } /** - * Tracks data flow from `ThreatModelFlowSource`s to `UnknownExternalApiDataNode`s. + * Tracks data flow from `ActiveThreatModelSource`s to `UnknownExternalApiDataNode`s. */ module UntrustedDataToUnknownExternalApiFlow = DataFlow::Global; diff --git a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll index 6d93dfa2e5a..188256f9643 100644 --- a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll @@ -26,12 +26,12 @@ module LogInjection { abstract class Sanitizer extends DataFlow::Node { } /** - * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead. + * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead. */ deprecated class UntrustedFlowAsSource = ThreatModelFlowAsSource; /** A source of untrusted data, considered as a taint source for log injection. */ - private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { } + private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { } /** An argument to a logging mechanism. */ class LoggerSink extends Sink { diff --git a/go/ql/lib/semmle/go/security/MissingJwtSignatureCheckCustomizations.qll b/go/ql/lib/semmle/go/security/MissingJwtSignatureCheckCustomizations.qll index e86b20d67e8..e1b153da24a 100644 --- a/go/ql/lib/semmle/go/security/MissingJwtSignatureCheckCustomizations.qll +++ b/go/ql/lib/semmle/go/security/MissingJwtSignatureCheckCustomizations.qll @@ -49,7 +49,7 @@ module MissingJwtSignatureCheck { } } - private class DefaultSource extends Source instanceof ThreatModelFlowSource { } + private class DefaultSource extends Source instanceof ActiveThreatModelSource { } private class DefaultSink extends Sink { DefaultSink() { sinkNode(this, "jwt") } diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll index 8e72b53087a..304bc004e03 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll @@ -43,14 +43,14 @@ module OpenUrlRedirect { } /** - * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead. + * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead. */ deprecated class UntrustedFlowAsSource = ThreatModelFlowAsSource; /** * A source of third-party user input, considered as a flow source for URL redirects. */ - private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { + private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { ThreatModelFlowAsSource() { // exclude some fields and methods of URLs that are generally not attacker-controllable for // open redirect exploits diff --git a/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll b/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll index 0d376b9f7da..47e82370830 100644 --- a/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll +++ b/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll @@ -35,14 +35,14 @@ module ReflectedXss { } /** - * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead. + * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead. */ deprecated class UntrustedFlowAsSource = ThreatModelFlowAsSource; /** * A third-party controllable input, considered as a flow source for reflected XSS. */ - private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { } + private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { } /** An arbitrary XSS sink, considered as a flow sink for stored XSS. */ private class AnySink extends Sink instanceof SharedXss::Sink { } diff --git a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll index b56395cceed..2449ffe488c 100644 --- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll +++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll @@ -34,14 +34,14 @@ module RequestForgery { abstract class SanitizerEdge extends DataFlow::Node { } /** - * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead. + * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead. */ deprecated class UntrustedFlowAsSource = ThreatModelFlowAsSource; /** * A third-party controllable input, considered as a flow source for request forgery. */ - private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { } + private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { } private class DefaultRequestForgerySink extends Sink { string kind; diff --git a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll index 9d813469ee7..0b2f96a9283 100644 --- a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll @@ -26,12 +26,12 @@ module SqlInjection { abstract class Sanitizer extends DataFlow::Node { } /** - * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead. + * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead. */ deprecated class UntrustedFlowAsSource = ThreatModelFlowAsSource; /** A source of untrusted data, considered as a taint source for SQL injection. */ - private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { } + private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { } /** An SQL string, considered as a taint sink for SQL injection. */ class SqlQueryAsSink extends Sink instanceof SQL::QueryString { } diff --git a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll index 31f8b3ad391..953d9810d53 100644 --- a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll +++ b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll @@ -45,12 +45,12 @@ module TaintedPath { } /** - * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead. + * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead. */ deprecated class UntrustedFlowAsSource = ThreatModelFlowAsSource; /** A source of untrusted data, considered as a taint source for path traversal. */ - private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { } + private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { } /** A path expression, considered as a taint sink for path traversal. */ class PathAsSink extends Sink { diff --git a/go/ql/lib/semmle/go/security/UncontrolledAllocationSizeCustomizations.qll b/go/ql/lib/semmle/go/security/UncontrolledAllocationSizeCustomizations.qll index 7ee4edb0c72..460c95fe3cd 100644 --- a/go/ql/lib/semmle/go/security/UncontrolledAllocationSizeCustomizations.qll +++ b/go/ql/lib/semmle/go/security/UncontrolledAllocationSizeCustomizations.qll @@ -21,7 +21,7 @@ module UncontrolledAllocationSize { abstract class Sanitizer extends DataFlow::Node { } /** A source of untrusted data, considered as a taint source for uncontrolled size allocation vulnerabilities. */ - private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { } + private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { } /** The size argument of a memory allocation function. */ private class AllocationSizeAsSink extends Sink instanceof AllocationSizeOverflow::AllocationSize { diff --git a/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll index 6e99fbf00f5..472ed041ea1 100644 --- a/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll @@ -25,12 +25,12 @@ module XPathInjection { abstract class Sanitizer extends DataFlow::ExprNode { } /** - * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead. + * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead. */ deprecated class UntrustedFlowAsSource = ThreatModelFlowAsSource; /** A source of untrusted data, used in an XPath expression. */ - private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { } + private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { } /** An XPath expression string, considered as a taint sink for XPath injection. */ class XPathExpressionStringAsSink extends Sink instanceof XPath::XPathExpressionString { } diff --git a/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll b/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll index ca3609bf2a3..92ae2bc9209 100644 --- a/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll +++ b/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll @@ -17,12 +17,12 @@ module EmailInjection { abstract class Sink extends DataFlow::Node { } /** - * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead. + * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead. */ deprecated class UntrustedFlowSourceAsSource = ThreatModelFlowAsSource; /** A source of untrusted data, considered as a taint source for email injection. */ - private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { } + private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { } /** * A data-flow node that becomes part of an email considered as a taint sink for email injection. diff --git a/go/ql/src/experimental/CWE-090/LDAPInjection.qll b/go/ql/src/experimental/CWE-090/LDAPInjection.qll index a63d7b2e783..e416b72ed97 100644 --- a/go/ql/src/experimental/CWE-090/LDAPInjection.qll +++ b/go/ql/src/experimental/CWE-090/LDAPInjection.qll @@ -98,13 +98,15 @@ private class LdapClientDNSink extends LdapSink { /** * DEPRECATED: Use `LdapInjectionFlow` instead. * - * A taint-tracking configuration for reasoning about when a `ThreatModelFlowSource` + * A taint-tracking configuration for reasoning about when a `ActiveThreatModelSource` * flows into an argument or field that is vulnerable to LDAP injection. */ deprecated class LdapInjectionConfiguration extends TaintTracking::Configuration { LdapInjectionConfiguration() { this = "Ldap injection" } - override predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + override predicate isSource(DataFlow::Node source) { + source instanceof ActiveThreatModelSource + } override predicate isSink(DataFlow::Node sink) { sink instanceof LdapSink } @@ -112,7 +114,7 @@ deprecated class LdapInjectionConfiguration extends TaintTracking::Configuration } private module LdapInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof LdapSink } @@ -120,7 +122,7 @@ private module LdapInjectionConfig implements DataFlow::ConfigSig { } /** - * Tracks taint flow for reasoning about when a `ThreatModelFlowSource` flows + * Tracks taint flow for reasoning about when a `ActiveThreatModelSource` flows * into an argument or field that is vulnerable to LDAP injection. */ module LdapInjectionFlow = TaintTracking::Global; diff --git a/go/ql/src/experimental/CWE-203/Timing.ql b/go/ql/src/experimental/CWE-203/Timing.ql index 12f75b74e44..ab0b50a657a 100644 --- a/go/ql/src/experimental/CWE-203/Timing.ql +++ b/go/ql/src/experimental/CWE-203/Timing.ql @@ -98,7 +98,7 @@ private class SensitiveStringSink extends Sink { module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof ThreatModelFlowSource and not isBadResult(source) + source instanceof ActiveThreatModelSource and not isBadResult(source) } predicate isSink(DataFlow::Node sink) { sink instanceof Sink and not isBadResult(sink) } diff --git a/go/ql/src/experimental/CWE-287/ImproperLdapAuthCustomizations.qll b/go/ql/src/experimental/CWE-287/ImproperLdapAuthCustomizations.qll index a3016f65372..7a62041a774 100644 --- a/go/ql/src/experimental/CWE-287/ImproperLdapAuthCustomizations.qll +++ b/go/ql/src/experimental/CWE-287/ImproperLdapAuthCustomizations.qll @@ -68,7 +68,7 @@ module ImproperLdapAuth { private module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof ThreatModelFlowSource or source instanceof EmptyString + source instanceof ActiveThreatModelSource or source instanceof EmptyString } predicate isSink(DataFlow::Node sink) { sink instanceof LdapAuthSink } diff --git a/go/ql/src/experimental/CWE-369/DivideByZero.ql b/go/ql/src/experimental/CWE-369/DivideByZero.ql index 956a2d55300..b6709b97d71 100644 --- a/go/ql/src/experimental/CWE-369/DivideByZero.ql +++ b/go/ql/src/experimental/CWE-369/DivideByZero.ql @@ -28,7 +28,7 @@ predicate divideByZeroSanitizerGuard(DataFlow::Node g, Expr e, boolean branch) { } module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { exists(Function f, DataFlow::CallNode cn | cn = f.getACall() | diff --git a/go/ql/src/experimental/CWE-74/DsnInjection.ql b/go/ql/src/experimental/CWE-74/DsnInjection.ql index 76ce22344b4..2b2ee0a62e4 100644 --- a/go/ql/src/experimental/CWE-74/DsnInjection.ql +++ b/go/ql/src/experimental/CWE-74/DsnInjection.ql @@ -14,7 +14,7 @@ import DsnInjectionCustomizations import DsnInjectionFlow::PathGraph /** A remote flow source taken as a source for the `DsnInjection` taint-flow configuration. */ -private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { } +private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { } from DsnInjectionFlow::PathNode source, DsnInjectionFlow::PathNode sink where DsnInjectionFlow::flowPath(source, sink) diff --git a/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql b/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql index 7918b9694ea..0aff713f26b 100644 --- a/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql +++ b/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql @@ -36,7 +36,7 @@ class PassthroughTypeName extends string { } module UntrustedToPassthroughTypeConversionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } additional predicate isSinkToPassthroughType(DataFlow::TypeCastNode sink, PassthroughTypeName name) { exists(Type typ | @@ -53,7 +53,7 @@ module UntrustedToPassthroughTypeConversionConfig implements DataFlow::ConfigSig } /** - * Tracks taint flow for reasoning about when a `ThreatModelFlowSource` is + * Tracks taint flow for reasoning about when a `ActiveThreatModelSource` is * converted into a special "passthrough" type which will not be escaped by the * template generator; this allows the injection of arbitrary content (html, * css, js) into the generated output of the templates. @@ -109,13 +109,13 @@ predicate isSinkToTemplateExec(DataFlow::Node sink, DataFlow::CallNode call) { } module FromUntrustedToTemplateExecutionCallConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { isSinkToTemplateExec(sink, _) } } /** - * Tracks taint flow from a `ThreatModelFlowSource` into a template executor + * Tracks taint flow from a `ActiveThreatModelSource` into a template executor * call. */ module FromUntrustedToTemplateExecutionCallFlow = diff --git a/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.qll b/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.qll index b0dde22c22c..0d4bdfb1dd0 100644 --- a/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.qll +++ b/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.qll @@ -52,7 +52,7 @@ deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "Condtional Expression Check Bypass" } override predicate isSource(DataFlow::Node source) { - source instanceof ThreatModelFlowSource + source instanceof ActiveThreatModelSource or exists(DataFlow::FieldReadNode f | f.getField().hasQualifiedName("net/http", "Request", "Host") @@ -71,7 +71,7 @@ deprecated class Configuration extends TaintTracking::Configuration { private module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof ThreatModelFlowSource + source instanceof ActiveThreatModelSource or exists(DataFlow::FieldReadNode f | f.getField().hasQualifiedName("net/http", "Request", "Host") diff --git a/go/ql/src/experimental/CWE-840/ConditionalBypass.ql b/go/ql/src/experimental/CWE-840/ConditionalBypass.ql index 3ecb323d04b..b70be1ff42d 100644 --- a/go/ql/src/experimental/CWE-840/ConditionalBypass.ql +++ b/go/ql/src/experimental/CWE-840/ConditionalBypass.ql @@ -14,7 +14,7 @@ import go module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof ThreatModelFlowSource + source instanceof ActiveThreatModelSource or source = any(Field f | f.hasQualifiedName("net/http", "Request", "Host")).getARead() } diff --git a/go/ql/src/experimental/CWE-918/SSRF.qll b/go/ql/src/experimental/CWE-918/SSRF.qll index dd5eebc8b10..42b017ac487 100644 --- a/go/ql/src/experimental/CWE-918/SSRF.qll +++ b/go/ql/src/experimental/CWE-918/SSRF.qll @@ -87,14 +87,14 @@ module ServerSideRequestForgery { abstract class SanitizerEdge extends DataFlow::Node { } /** - * DEPRECATED: Use `ThreatModelFlowSource` or `Source` instead. + * DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead. */ deprecated class UntrustedFlowAsSource = ThreatModelFlowAsSource; /** * An user controlled input, considered as a flow source for request forgery. */ - private class ThreatModelFlowAsSource extends Source instanceof ThreatModelFlowSource { } + private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { } /** * The URL of an HTTP request, viewed as a sink for request forgery. diff --git a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql index 11dae56fde9..7a1ff256be1 100644 --- a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql +++ b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql @@ -52,7 +52,7 @@ class AllowCredentialsHeaderWrite extends Http::HeaderWrite { } module UntrustedToAllowOriginHeaderConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } additional predicate isSinkHW(DataFlow::Node sink, AllowOriginHeaderWrite hw) { sink = hw.getValue() @@ -70,7 +70,7 @@ module UntrustedToAllowOriginHeaderConfig implements DataFlow::ConfigSig { } module UntrustedToAllowOriginConfigConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } additional predicate isSinkWrite(DataFlow::Node sink, GinCors::AllowOriginsWrite w) { sink = w } @@ -78,13 +78,13 @@ module UntrustedToAllowOriginConfigConfig implements DataFlow::ConfigSig { } /** - * Tracks taint flowfor reasoning about when a `ThreatModelFlowSource` flows to + * Tracks taint flowfor reasoning about when a `ActiveThreatModelSource` flows to * a `HeaderWrite` that writes an `Access-Control-Allow-Origin` header's value. */ module UntrustedToAllowOriginHeaderFlow = TaintTracking::Global; /** - * Tracks taint flowfor reasoning about when a `ThreatModelFlowSource` flows to + * Tracks taint flowfor reasoning about when a `ActiveThreatModelSource` flows to * a `AllowOriginsWrite` that writes an `Access-Control-Allow-Origin` header's value. */ module UntrustedToAllowOriginConfigFlow = TaintTracking::Global; @@ -121,7 +121,7 @@ predicate allowCredentialsIsSetToTrue(DataFlow::ExprNode allowOriginHW) { /** * Holds if the provided `allowOriginHW` HeaderWrite's value is set using an - * ThreatModelFlowSource. + * ActiveThreatModelSource. * The `message` parameter is populated with the warning message to be returned by the query. */ predicate flowsFromUntrustedToAllowOrigin(DataFlow::ExprNode allowOriginHW, string message) { @@ -169,7 +169,7 @@ class MapRead extends DataFlow::ElementReadNode { } module FromUntrustedConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { isSinkCgn(sink, _) } @@ -208,13 +208,13 @@ module FromUntrustedConfig implements DataFlow::ConfigSig { } /** - * Tracks taint flow for reasoning about when a `ThreatModelFlowSource` flows + * Tracks taint flow for reasoning about when a `ActiveThreatModelSource` flows * somewhere. */ module FromUntrustedFlow = TaintTracking::Global; /** - * Holds if the provided `allowOriginHW` is also destination of a `ThreatModelFlowSource`. + * Holds if the provided `allowOriginHW` is also destination of a `ActiveThreatModelSource`. */ predicate flowsToGuardedByCheckOnUntrusted(DataFlow::ExprNode allowOriginHW) { exists(DataFlow::Node sink, ControlFlow::ConditionGuardNode cgn | diff --git a/go/ql/src/experimental/frameworks/DecompressionBombs.qll b/go/ql/src/experimental/frameworks/DecompressionBombs.qll index 90df91245bf..5828cd60e52 100644 --- a/go/ql/src/experimental/frameworks/DecompressionBombs.qll +++ b/go/ql/src/experimental/frameworks/DecompressionBombs.qll @@ -29,7 +29,7 @@ module DecompressionBomb { class FlowState = DecompressionBombs::FlowState; predicate isSource(DataFlow::Node source, FlowState state) { - source instanceof ThreatModelFlowSource and + source instanceof ActiveThreatModelSource and state = "" } diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/Test.qll b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/Test.qll index 856c748af7f..794793a6a0a 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/Test.qll +++ b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/Test.qll @@ -4,7 +4,7 @@ private import semmle.go.dataflow.ExternalFlow private import semmle.go.dataflow.DataFlow private module ThreatModelConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode c | c.getTarget().getName() = "sink").getAnArgument() diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/environment/test.ql b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/environment/test.ql index db6bbb1a2d1..eb7ba46508e 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/environment/test.ql +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/environment/test.ql @@ -6,7 +6,7 @@ module SourceTest implements TestSig { string getARelevantTag() { result = "source" } predicate hasActualResult(Location location, string element, string tag, string value) { - exists(ThreatModelFlowSource s | + exists(ActiveThreatModelSource s | s.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(), location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and element = s.toString() and diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/file/test.ql b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/file/test.ql index db6bbb1a2d1..eb7ba46508e 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/file/test.ql +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/file/test.ql @@ -6,7 +6,7 @@ module SourceTest implements TestSig { string getARelevantTag() { result = "source" } predicate hasActualResult(Location location, string element, string tag, string value) { - exists(ThreatModelFlowSource s | + exists(ActiveThreatModelSource s | s.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(), location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and element = s.toString() and diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index bd3ae459a97..77af39967c6 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -202,7 +202,7 @@ abstract class LocalUserInput extends UserInput { /** * DEPRECATED: Use the threat models feature. - * That is, use `ThreatModelFlowSource` as the class of nodes for sources + * That is, use `ActiveThreatModelSource` as the class of nodes for sources * and set up the threat model configuration to filter source nodes. * Alternatively, use `getThreatModel` to filter nodes to create the * class of nodes you need. @@ -273,7 +273,7 @@ private class FileInput extends LocalUserInput { /** * DEPRECATED: Use the threat models feature. - * That is, use `ThreatModelFlowSource` as the class of nodes for sources + * That is, use `ActiveThreatModelSource` as the class of nodes for sources * and set up the threat model configuration to filter source nodes. * Alternatively, use `getThreatModel` to filter nodes to create the * class of nodes you need. diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index 47db4f825c4..4984b8b050f 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -640,7 +640,7 @@ private MethodCall callReturningSameType(Expr ref) { } private SrcRefType entrypointType() { - exists(ThreatModelFlowSource s, RefType t | + exists(ActiveThreatModelSource s, RefType t | s instanceof DataFlow::ExplicitParameterNode and t = pragma[only_bind_out](s).getType() and not t instanceof TypeObject and diff --git a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll index b179a4f92e0..5e9a38f4fb0 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll @@ -9,7 +9,7 @@ import semmle.code.java.security.AndroidIntentRedirection /** A taint tracking configuration for tainted Intents being used to start Android components. */ module IntentRedirectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof IntentRedirectionSink } @@ -36,7 +36,7 @@ private class OriginalIntentSanitizer extends IntentRedirectionSanitizer { * flowing directly to sinks that start Android components. */ private module SameIntentBeingRelaunchedConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof IntentRedirectionSink } @@ -72,7 +72,7 @@ private class IntentWithTaintedComponent extends DataFlow::Node { * A taint tracking configuration for tainted data flowing to an `Intent`'s component. */ private module TaintedIntentComponentConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { any(IntentSetComponent setComponent).getSink() = sink.asExpr() diff --git a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll index d7c5fe94f28..0402aca6987 100644 --- a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll +++ b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll @@ -75,7 +75,7 @@ class ExternalApkSource extends ApiSourceNode { sourceNode(this, "android-external-storage-dir") or this.asExpr().(MethodCall).getMethod() instanceof UriConstructorMethod or this.asExpr().(StringLiteral).getValue().matches("file://%") or - this instanceof ThreatModelFlowSource + this instanceof ActiveThreatModelSource } } diff --git a/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll b/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll index 7d58de46a67..51d6c284e1c 100644 --- a/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll @@ -6,7 +6,7 @@ private import semmle.code.java.security.ArithmeticCommon /** A taint-tracking configuration to reason about overflow from unvalidated input. */ module ArithmeticOverflowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { overflowSink(_, sink.asExpr()) } @@ -22,7 +22,7 @@ deprecated module RemoteUserInputOverflowConfig = ArithmeticOverflowConfig; /** A taint-tracking configuration to reason about underflow from unvalidated input. */ module ArithmeticUnderflowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { underflowSink(_, sink.asExpr()) } diff --git a/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll b/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll index 692bdfc1a70..af5476f8b3d 100644 --- a/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll @@ -49,7 +49,7 @@ private class DefaultCommandInjectionSanitizer extends CommandInjectionSanitizer * A taint-tracking configuration for unvalidated user input that is used to run an external process. */ module InputToArgumentToExecFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof CommandInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll b/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll index 96d3c5a528c..03ba8d46197 100644 --- a/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll @@ -40,7 +40,7 @@ private predicate endsWithStep(DataFlow::Node node1, DataFlow::Node node2) { * A taint tracking configuration for untrusted data flowing to sensitive conditions. */ module ConditionalBypassFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { conditionControlsMethod(_, sink.asExpr()) } diff --git a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll index 6838555179a..360493e2635 100644 --- a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll +++ b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll @@ -93,10 +93,10 @@ class ExternalApiDataNode extends DataFlow::Node { } /** - * Taint tracking configuration for flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. + * Taint tracking configuration for flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */ module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } } diff --git a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll index 606e31a07cb..e9e6299cc05 100644 --- a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll @@ -16,7 +16,7 @@ private class StringFormatSink extends ApiSinkNode { * A taint-tracking configuration for externally controlled format string vulnerabilities. */ module ExternallyControlledFormatStringConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof StringFormatSink } diff --git a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll index f625807470d..7b4b87a5eb2 100644 --- a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll @@ -10,7 +10,7 @@ import semmle.code.java.security.FragmentInjection * that is used to create Android fragments dynamically. */ module FragmentInjectionTaintConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof FragmentInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll index 3af836cac97..b169542d01e 100644 --- a/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll @@ -10,7 +10,7 @@ import semmle.code.java.security.GroovyInjection * that is used to evaluate a Groovy expression. */ module GroovyInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof GroovyInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll index 8bef1ec3650..2af9396a119 100644 --- a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll @@ -9,7 +9,7 @@ private import semmle.code.java.dataflow.FlowSources * user-provided size used for array construction. */ module ImproperValidationOfArrayConstructionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { any(CheckableArrayAccess caa).canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), _) diff --git a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll index 440600b8a7c..6d11962f2f4 100644 --- a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll @@ -9,7 +9,7 @@ private import semmle.code.java.dataflow.FlowSources * of user-provided array index. */ module ImproperValidationOfArrayIndexConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { any(CheckableArrayAccess caa).canThrowOutOfBounds(sink.asExpr()) diff --git a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll index 1ad0677ca61..e601de7b9b5 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll @@ -46,7 +46,7 @@ class SetMessageInterpolatorCall extends MethodCall { * to the argument of a method that builds constraint error messages. */ module BeanValidationConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof BeanValidationSink } } diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll index 740ce24bf62..6426be2fecd 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll @@ -12,7 +12,7 @@ private import IntentUriPermissionManipulation * A taint tracking configuration for user-provided Intents being returned to third party apps. */ module IntentUriPermissionManipulationConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof IntentUriPermissionManipulationSink } diff --git a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll index de49560e779..82b8233b674 100644 --- a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll @@ -44,7 +44,7 @@ private class DefaultJexlInjectionAdditionalTaintStep extends JexlInjectionAddit * It supports both JEXL 2 and 3. */ module JexlInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink } diff --git a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll index 3c1f4b8e68e..01fc9b9908a 100644 --- a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll @@ -11,7 +11,7 @@ private import semmle.code.java.security.Sanitizers * A taint-tracking configuration for unvalidated user input that is used in JNDI lookup. */ module JndiInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof JndiInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll index 5c055c00516..2e2e6976fd3 100644 --- a/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll @@ -8,7 +8,7 @@ import semmle.code.java.security.LdapInjection * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries. */ module LdapInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof LdapInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll index cebc807cc47..64d59993b3d 100644 --- a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll @@ -8,7 +8,7 @@ import semmle.code.java.security.LogInjection * A taint-tracking configuration for tracking untrusted user input used in log entries. */ module LogInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof LogInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll index 4bf81804f82..b2447d73548 100644 --- a/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll @@ -10,7 +10,7 @@ import semmle.code.java.security.MvelInjection * that is used to construct and evaluate a MVEL expression. */ module MvelInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof MvelEvaluationSink } diff --git a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll index b6bd505c38b..c6ee02b55b5 100644 --- a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll +++ b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll @@ -85,7 +85,7 @@ private predicate smallExpr(Expr e) { * numeric cast. */ module NumericCastFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(NumericNarrowingCastExpr cast).getExpr() and diff --git a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll index 3acf18c453c..5f3a56cf274 100644 --- a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll @@ -9,7 +9,7 @@ private import semmle.code.java.security.Sanitizers * A taint-tracking configuration for unvalidated user input that is used in OGNL EL evaluation. */ module OgnlInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof OgnlInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll b/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll index c4c3e6b093c..8f7a27461c2 100644 --- a/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll @@ -12,7 +12,7 @@ import semmle.code.java.dataflow.FlowSources * and remains vulnerable to Partial Path Traversal. */ module PartialPathTraversalFromRemoteConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node node) { node instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node node) { any(PartialPathTraversalMethodCall ma).getQualifier() = node.asExpr() diff --git a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll index e8415cc1978..79cf15eaa82 100644 --- a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll +++ b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll @@ -12,7 +12,7 @@ import semmle.code.java.security.RequestForgery */ module RequestForgeryConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof ThreatModelFlowSource and + source instanceof ActiveThreatModelSource and // Exclude results of remote HTTP requests: fetching something else based on that result // is no worse than following a redirect returned by the remote server, and typically // we're requesting a resource via https which we trust to only send us to safe URLs. diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll b/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll index 40e1ec1b4db..36d8e83d66c 100644 --- a/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll @@ -10,7 +10,7 @@ import semmle.code.java.security.ResponseSplitting */ module ResponseSplittingConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof ThreatModelFlowSource and + source instanceof ActiveThreatModelSource and not source instanceof SafeHeaderSplittingSource } diff --git a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll index e22dcef1211..f3a07480cf0 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll @@ -19,7 +19,7 @@ private class ResultReceiverSendCall extends MethodCall { } private module UntrustedResultReceiverConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node node) { node instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node node) { node.asExpr() = any(ResultReceiverSendCall c).getReceiver() diff --git a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll index 848aae8da30..3d33e304410 100644 --- a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll @@ -11,7 +11,7 @@ private import semmle.code.java.security.SpelInjection * that is used to construct and evaluate a SpEL expression. */ module SpelInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof SpelExpressionEvaluationSink } diff --git a/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll index c4638538a63..0aaf46cf2dd 100644 --- a/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll @@ -15,7 +15,7 @@ import semmle.code.java.security.QueryInjection * A taint-tracking configuration for unvalidated user input that is used in SQL queries. */ module QueryInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/TaintedEnvironmentVariableQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedEnvironmentVariableQuery.qll index beb0921fc47..597c05b0454 100644 --- a/java/ql/lib/semmle/code/java/security/TaintedEnvironmentVariableQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TaintedEnvironmentVariableQuery.qll @@ -26,7 +26,7 @@ abstract class ExecTaintedEnvironmentSanitizer extends DataFlow::Node { } * A taint-tracking configuration that tracks flow from unvalidated data to an environment variable for a subprocess. */ module ExecTaintedEnvironmentConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isBarrier(DataFlow::Node barrier) { barrier instanceof ExecTaintedEnvironmentSanitizer } diff --git a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll index c396b48a7b8..919d8a72d42 100644 --- a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll @@ -60,7 +60,7 @@ private class TaintPreservingUriCtorParam extends Parameter { * A taint-tracking configuration for tracking flow from remote sources to the creation of a path. */ module TaintedPathConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof TaintedPathSink } diff --git a/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll index 132e8a3fadf..eb5b589a98b 100644 --- a/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll @@ -54,7 +54,7 @@ private class WildCardPermissionConstruction extends ClassInstanceExpr, Permissi * A configuration for tracking flow from user input to a permissions check. */ module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(PermissionsConstruction p).getInput() diff --git a/java/ql/lib/semmle/code/java/security/TemplateInjection.qll b/java/ql/lib/semmle/code/java/security/TemplateInjection.qll index f2cc980a0d8..a74f4db8030 100644 --- a/java/ql/lib/semmle/code/java/security/TemplateInjection.qll +++ b/java/ql/lib/semmle/code/java/security/TemplateInjection.qll @@ -83,7 +83,7 @@ abstract deprecated class TemplateInjectionSanitizerWithState extends DataFlow:: abstract deprecated predicate hasState(DataFlow::FlowState state); } -private class DefaultTemplateInjectionSource extends TemplateInjectionSource instanceof ThreatModelFlowSource +private class DefaultTemplateInjectionSource extends TemplateInjectionSource instanceof ActiveThreatModelSource { } private class DefaultTemplateInjectionSink extends TemplateInjectionSink { diff --git a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll index b93b3f0ca1a..f70542486de 100644 --- a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll @@ -13,7 +13,7 @@ private import semmle.code.java.security.Sanitizers */ abstract class TrustBoundaryViolationSource extends DataFlow::Node { } -private class ThreatModelSource extends TrustBoundaryViolationSource instanceof ThreatModelFlowSource +private class ThreatModelSource extends TrustBoundaryViolationSource instanceof ActiveThreatModelSource { } /** diff --git a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll index 3239b387d8e..1c9d2809eba 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll @@ -10,7 +10,7 @@ import semmle.code.java.security.UnsafeAndroidAccess * A taint configuration tracking flow from untrusted inputs to a resource fetching call. */ module FetchUntrustedResourceConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof UrlResourceSink } diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll index db629143d5c..be47bbd0e82 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll @@ -9,7 +9,7 @@ import semmle.code.java.security.UnsafeContentUriResolution * A taint-tracking configuration to find paths from remote sources to content URI resolutions. */ module UnsafeContentResolutionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof ContentUriResolutionSink } diff --git a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll index 739b2713780..725724500b3 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll @@ -316,7 +316,7 @@ private predicate isUnsafeDeserializationTaintStep(DataFlow::Node pred, DataFlow /** Tracks flows from remote user input to a deserialization sink. */ private module UnsafeDeserializationConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeDeserializationSink } @@ -416,7 +416,7 @@ private predicate isUnsafeTypeAdditionalTaintStep(DataFlow::Node fromNode, DataF * If this is user-controlled, arbitrary code could be executed while instantiating the user-specified type. */ module UnsafeTypeConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeTypeSink } diff --git a/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll b/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll index 2ca38d69551..00cc229f9cf 100644 --- a/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll @@ -178,7 +178,7 @@ private class FullyDecodesUrlBarrier extends DataFlow::Node { */ module UrlForwardFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof ThreatModelFlowSource and + source instanceof ActiveThreatModelSource and // excluded due to FPs not exists(MethodCall mc, Method m | m instanceof HttpServletRequestGetRequestUriMethod or diff --git a/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll b/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll index 675937985c4..abf96ea9ab2 100644 --- a/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll @@ -8,7 +8,7 @@ private import semmle.code.java.security.UrlRedirect * A taint-tracking configuration for reasoning about URL redirections. */ module UrlRedirectConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink } diff --git a/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll index 38dc1ff993c..639ff9fca09 100644 --- a/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll @@ -9,7 +9,7 @@ private import semmle.code.java.security.XPath * A taint-tracking configuration for reasoning about XPath injection vulnerabilities. */ module XPathInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink } } diff --git a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll index d437ca860d5..59f92072e25 100644 --- a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll @@ -11,7 +11,7 @@ private import semmle.code.java.security.Sanitizers * A taint-tracking configuration for unvalidated user input that is used in XSLT transformation. */ module XsltInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof XsltInjectionSink } diff --git a/java/ql/lib/semmle/code/java/security/XssQuery.qll b/java/ql/lib/semmle/code/java/security/XssQuery.qll index 6fec86a78dd..b609c7faa08 100644 --- a/java/ql/lib/semmle/code/java/security/XssQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XssQuery.qll @@ -9,7 +9,7 @@ import semmle.code.java.security.XSS * A taint-tracking configuration for cross site scripting vulnerabilities. */ module XssConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof XssSink } diff --git a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll index 58b1e5bfed1..9522ba3692a 100644 --- a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll @@ -9,7 +9,7 @@ private import semmle.code.java.security.XxeQuery * A taint-tracking configuration for unvalidated remote user input that is used in XML external entity expansion. */ module XxeConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof XxeSink } diff --git a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll index 55c1a043230..ba65e13dd61 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll @@ -35,7 +35,7 @@ private class LengthRestrictedMethod extends Method { /** A configuration for Polynomial ReDoS queries. */ module PolynomialRedosConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(SuperlinearBackTracking::PolynomialBackTrackingTerm regexp | diff --git a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll index 88710061819..a41ee0161f7 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll @@ -9,7 +9,7 @@ import semmle.code.java.security.regexp.RegexInjection * A taint-tracking configuration for untrusted user input used to construct regular expressions. */ module RegexInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof RegexInjectionSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql index 442c45f4328..b729aceffee 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql @@ -40,7 +40,7 @@ class Log4jInjectionSanitizer extends DataFlow::Node instanceof SimpleTypeSaniti * A taint-tracking configuration for tracking untrusted user input used in log entries. */ module Log4jInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof Log4jInjectionSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql index 4b71c297c23..19ce0263560 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql @@ -33,7 +33,7 @@ class UrlConstructor extends ClassInstanceExpr { } module RemoteUrlToOpenStreamFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(MethodCall m | diff --git a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql index 6fab554ac67..1c50f8304fc 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql @@ -50,7 +50,7 @@ class NormalizedPathNode extends DataFlow::Node { } module InjectFilePathConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof TaintedPathSink and diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql index 88733773de1..60a28d2b252 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql @@ -14,7 +14,7 @@ import CommandInjectionRuntimeExec import ExecUserFlow::PathGraph -class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } +class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } from ExecUserFlow::PathNode source, ExecUserFlow::PathNode sink, DataFlow::Node sourceCmd, diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql index e5779543125..a67d0e06f16 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql @@ -21,7 +21,7 @@ private import semmle.code.java.security.Sanitizers import MyBatisAnnotationSqlInjectionFlow::PathGraph private module MyBatisAnnotationSqlInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof MyBatisAnnotatedMethodCallArgument } diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql index 32cd2904dce..7597f0f67a5 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql @@ -21,7 +21,7 @@ private import semmle.code.java.security.Sanitizers import MyBatisMapperXmlSqlInjectionFlow::PathGraph private module MyBatisMapperXmlSqlInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof MyBatisMapperMethodCallAnArgument } diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql index d1d5ee93691..75ef4e6fec2 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql @@ -18,7 +18,7 @@ import semmle.code.java.dataflow.TaintTracking import BeanShellInjectionFlow::PathGraph module BeanShellInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof BeanShellInjectionSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql index 88eebc1ab7f..500c6dabca9 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql @@ -18,7 +18,7 @@ import semmle.code.java.dataflow.TaintTracking import JShellInjectionFlow::PathGraph module JShellInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof JShellInjectionSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll index cd5d50338b9..85a1dd11dad 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll @@ -8,7 +8,7 @@ import semmle.code.java.dataflow.TaintTracking * that is used to construct and evaluate an expression. */ module JakartaExpressionInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof ExpressionEvaluationSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql index 1dfadce6091..cc919385ba4 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql @@ -99,17 +99,17 @@ class CodeInjectionSink extends DataFlow::ExprNode { } /** - * A taint configuration for tracking flow from `ThreatModelFlowSource` to a Jython method call + * A taint configuration for tracking flow from `ActiveThreatModelSource` to a Jython method call * `CodeInjectionSink` that executes injected code. */ module CodeInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof CodeInjectionSink } } /** - * Taint tracking flow from `ThreatModelFlowSource` to a Jython method call + * Taint tracking flow from `ActiveThreatModelSource` to a Jython method call * `CodeInjectionSink` that executes injected code. */ module CodeInjectionFlow = TaintTracking::Global; diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql index 0792d8e498a..6f8f7ec1cb3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql @@ -131,11 +131,11 @@ class ScriptInjectionSink extends DataFlow::ExprNode { } /** - * A taint tracking configuration that tracks flow from `ThreatModelFlowSource` to an argument + * A taint tracking configuration that tracks flow from `ActiveThreatModelSource` to an argument * of a method call that executes injected script. */ module ScriptInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof ScriptInjectionSink } } diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll index 310aafb30f5..256947a2dc7 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll @@ -42,7 +42,7 @@ class PortletRenderRequestMethod extends Method { */ module SpringViewManipulationConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof ThreatModelFlowSource or + source instanceof ActiveThreatModelSource or source instanceof WebRequestSource or source.asExpr().(MethodCall).getMethod() instanceof PortletRenderRequestMethod } diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql b/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql index f32c1682c29..1a5a97a8691 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql @@ -19,7 +19,7 @@ import AndroidWebResourceResponse import InsecureWebResourceResponseFlow::PathGraph module InsecureWebResourceResponseConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof WebResourceResponseSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll b/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll index e865e18ecaa..8e545a5e8f0 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll @@ -148,7 +148,7 @@ private predicate updateMessageDigestStep(DataFlow2::Node fromNode, DataFlow2::N * such as cipher, MAC or signature. */ private module UserInputInCryptoOperationConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(ProduceCryptoCall call | call.getQualifier() = sink.asExpr()) @@ -214,7 +214,7 @@ private class NonConstantTimeComparisonCall extends StaticMethodCall { * that compare inputs using a non-constant-time algorithm. */ private module UserInputInComparisonConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(NonConstantTimeEqualsCall call | diff --git a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql index 9d47e177a27..3c450d4e04c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql @@ -63,7 +63,7 @@ module CorsSourceReachesCheckConfig implements DataFlow::ConfigSig { module CorsSourceReachesCheckFlow = TaintTracking::Global; private module CorsOriginConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(MethodCall corsHeader, MethodCall allowCredentialsHeader | diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql index 647175797be..ce5ba05b619 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql @@ -22,7 +22,7 @@ import RequestResponseFlow::PathGraph /** Taint-tracking configuration tracing flow from get method request sources to output jsonp data. */ module RequestResponseFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source instanceof ThreatModelFlowSource and + source instanceof ActiveThreatModelSource and any(RequestGetMethod m).polyCalls*(source.getEnclosingCallable()) } diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll index 65a75392ef4..b0d2897ea54 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll @@ -79,7 +79,7 @@ class JsonpBuilderExpr extends AddExpr { /** A data flow configuration tracing flow from threat model sources to jsonp function name. */ module ThreatModelFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(JsonpBuilderExpr jhe | jhe.getFunctionName() = sink.asExpr()) diff --git a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql index 7cfd1f2ef9c..44af710990c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql @@ -17,7 +17,7 @@ import ThreadResourceAbuseFlow::PathGraph /** Taint configuration of uncontrolled thread resource consumption. */ module ThreadResourceAbuseConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof PauseThreadSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql index a525e2c8067..f18355b1d97 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql @@ -32,7 +32,7 @@ private predicate equalsSanitizer(Guard g, Expr e, boolean branch) { } module UnsafeReflectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeReflectionSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql index ea162cf6d28..c318bd300f5 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql @@ -65,9 +65,9 @@ class UncaughtServletExceptionSink extends DataFlow::ExprNode { } } -/** Taint configuration of uncaught exceptions caused by user provided data from `ThreatModelFlowSource` */ +/** Taint configuration of uncaught exceptions caused by user provided data from `ActiveThreatModelSource` */ module UncaughtServletExceptionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof UncaughtServletExceptionSink } } diff --git a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql index 9ab24bdb659..8b300a08288 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql @@ -26,7 +26,7 @@ private predicate startsWithSanitizer(Guard g, Expr e, boolean branch) { } module SpringUrlRedirectFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof SpringUrlRedirectSink } diff --git a/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql index f7a8c335f1a..a758b86279d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql @@ -20,7 +20,7 @@ import XQueryInjectionFlow::PathGraph * A taint-tracking configuration tracing flow from remote sources, through an XQuery parser, to its eventual execution. */ module XQueryInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(XQueryPreparedExecuteCall xpec).getPreparedExpression() or diff --git a/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql b/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql index f2c31e566b8..c6737a11c32 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql @@ -24,7 +24,7 @@ import NfeLocalDoSFlow::PathGraph */ module NfeLocalDoSConfig implements DataFlow::ConfigSig { /** Holds if source is a remote flow source */ - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } /** Holds if NFE is thrown but not caught */ predicate isSink(DataFlow::Node sink) { diff --git a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql index 73dc7d8b30a..9ef1e3867d2 100644 --- a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql +++ b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql @@ -9,7 +9,7 @@ class TestRemoteFlowSource extends RemoteFlowSource { } module TaintFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node n) { n instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node n) { n instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node n) { exists(MethodCall ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument()) diff --git a/java/ql/test/library-tests/dataflow/threat-models/Test.qll b/java/ql/test/library-tests/dataflow/threat-models/Test.qll index a0d85680270..742cea3dda6 100644 --- a/java/ql/test/library-tests/dataflow/threat-models/Test.qll +++ b/java/ql/test/library-tests/dataflow/threat-models/Test.qll @@ -5,7 +5,7 @@ private import semmle.code.java.dataflow.FlowSources private import semmle.code.java.dataflow.TaintTracking private module ThreatModelConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) } } diff --git a/java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql b/java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql index d7d94430486..348956f2498 100644 --- a/java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql +++ b/java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql @@ -7,7 +7,7 @@ module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { DefaultFlowConfig::isSource(node) or - node instanceof ThreatModelFlowSource + node instanceof ActiveThreatModelSource } predicate isSink = DefaultFlowConfig::isSink/1; diff --git a/java/ql/test/library-tests/frameworks/android/content-provider/test.ql b/java/ql/test/library-tests/frameworks/android/content-provider/test.ql index 8293f7f4ff4..b83f43911bd 100644 --- a/java/ql/test/library-tests/frameworks/android/content-provider/test.ql +++ b/java/ql/test/library-tests/frameworks/android/content-provider/test.ql @@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest module ProviderTaintFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node n) { n instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node n) { n instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node n) { DefaultFlowConfig::isSink(n) } diff --git a/java/ql/test/library-tests/frameworks/android/external-storage/test.ql b/java/ql/test/library-tests/frameworks/android/external-storage/test.ql index 89a353eedc9..042f7b30390 100644 --- a/java/ql/test/library-tests/frameworks/android/external-storage/test.ql +++ b/java/ql/test/library-tests/frameworks/android/external-storage/test.ql @@ -4,7 +4,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink.asExpr().(Argument).getCall().getCallee().hasName("sink") diff --git a/java/ql/test/library-tests/frameworks/android/slice/test.ql b/java/ql/test/library-tests/frameworks/android/slice/test.ql index 8540c0604a8..a8b467d1ba0 100644 --- a/java/ql/test/library-tests/frameworks/android/slice/test.ql +++ b/java/ql/test/library-tests/frameworks/android/slice/test.ql @@ -5,7 +5,7 @@ import semmle.code.java.dataflow.FlowSources module SliceValueFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - DefaultFlowConfig::isSource(source) or source instanceof ThreatModelFlowSource + DefaultFlowConfig::isSource(source) or source instanceof ActiveThreatModelSource } predicate isSink = DefaultFlowConfig::isSink/1; diff --git a/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql b/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql index 9b067cd00dd..96d9523b2a5 100644 --- a/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql +++ b/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql @@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest module SourceValueFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { DefaultFlowConfig::isSink(sink) } diff --git a/java/ql/test/library-tests/frameworks/apache-http/flow.ql b/java/ql/test/library-tests/frameworks/apache-http/flow.ql index 2ca4eeafdb3..b2f5b2d023b 100644 --- a/java/ql/test/library-tests/frameworks/apache-http/flow.ql +++ b/java/ql/test/library-tests/frameworks/apache-http/flow.ql @@ -9,7 +9,7 @@ module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node n) { n.asExpr().(MethodCall).getMethod().hasName("taint") or - n instanceof ThreatModelFlowSource + n instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node n) { diff --git a/java/ql/test/library-tests/frameworks/guice/flow.ql b/java/ql/test/library-tests/frameworks/guice/flow.ql index 37a478bc3a7..629341a0383 100644 --- a/java/ql/test/library-tests/frameworks/guice/flow.ql +++ b/java/ql/test/library-tests/frameworks/guice/flow.ql @@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(MethodCall ma | diff --git a/java/ql/test/library-tests/frameworks/jms/FlowTest.ql b/java/ql/test/library-tests/frameworks/jms/FlowTest.ql index b203bc93682..b63aedbf984 100644 --- a/java/ql/test/library-tests/frameworks/jms/FlowTest.ql +++ b/java/ql/test/library-tests/frameworks/jms/FlowTest.ql @@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineExpectationsTest module TestConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { exists(MethodCall call | diff --git a/java/ql/test/library-tests/frameworks/netty/manual/test.ql b/java/ql/test/library-tests/frameworks/netty/manual/test.ql index 70da9eb5f0f..a4142390e85 100644 --- a/java/ql/test/library-tests/frameworks/netty/manual/test.ql +++ b/java/ql/test/library-tests/frameworks/netty/manual/test.ql @@ -7,7 +7,7 @@ module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { DefaultFlowConfig::isSource(node) or - node instanceof ThreatModelFlowSource + node instanceof ActiveThreatModelSource } predicate isSink = DefaultFlowConfig::isSink/1; diff --git a/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql b/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql index 2f3cf27cf7a..0fdb2109438 100644 --- a/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql +++ b/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql @@ -4,7 +4,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node node) { node instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node node) { exists(MethodCall ma | ma.getMethod().hasName("sink") | node.asExpr() = ma.getAnArgument()) diff --git a/java/ql/test/library-tests/frameworks/ratpack/flow.ql b/java/ql/test/library-tests/frameworks/ratpack/flow.ql index ed8d3d23937..2d5b5b2e471 100644 --- a/java/ql/test/library-tests/frameworks/ratpack/flow.ql +++ b/java/ql/test/library-tests/frameworks/ratpack/flow.ql @@ -7,7 +7,7 @@ module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node n) { n.asExpr().(MethodCall).getMethod().hasName("taint") or - n instanceof ThreatModelFlowSource + n instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node n) { diff --git a/java/ql/test/library-tests/frameworks/spring/controller/test.ql b/java/ql/test/library-tests/frameworks/spring/controller/test.ql index d8f6b13e870..e85137dcd57 100644 --- a/java/ql/test/library-tests/frameworks/spring/controller/test.ql +++ b/java/ql/test/library-tests/frameworks/spring/controller/test.ql @@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest module ValueFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink.asExpr().(Argument).getCall().getCallee().hasName("sink")