github
diff --git a/‎csharp/ql/lib/change-notes/2024-09-10-ActiveThreatModelSource.md
Lines changed: 4 additions & 0 deletions b/‎csharp/ql/lib/change-notes/2024-09-10-ActiveThreatModelSource.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll
Lines changed: 1 addition & 1 deletion b/‎csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll
Lines changed: 1 addition & 1 deletion
diff --git a/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
Lines changed: 1 addition & 1 deletion b/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
Lines changed: 1 addition & 1 deletion
diff --git a/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
Lines changed: 1 addition & 1 deletion b/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
Lines changed: 1 addition & 1 deletion
diff --git a/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll
Lines changed: 1 addition & 1 deletion b/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll
Lines changed: 1 addition & 1 deletion
diff --git a/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
Lines changed: 3 additions & 3 deletions b/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
Lines changed: 3 additions & 3 deletions
diff --git a/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
Lines changed: 1 addition & 1 deletion b/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
Lines changed: 1 addition & 1 deletion
diff --git a/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
Lines changed: 1 addition & 1 deletion b/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
Lines changed: 1 addition & 1 deletion
diff --git a/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll
Lines changed: 2 additions & 2 deletions b/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll
Lines changed: 2 additions & 2 deletions
diff --git a/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
Lines changed: 1 addition & 1 deletion b/‎csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The class `ThreatModelFlowSource` has been renamed to `ActiveThreatModelSource` to more clearly reflect it only contains the currently active threat model sources. `ThreatModelFlowSource` has been marked as deprecated.
@@ -18,7 +18,7 @@ private predicate needsChecks(ActionMethod m) { m.isEdit() and not m.isAdmin() }
  * that may indicate that it's used as the ID for some resource
  */
 private predicate hasIdParameter(ActionMethod m) {
-  exists(ThreatModelFlowSource src | src.getEnclosingCallable() = m |
+  exists(ActiveThreatModelSource src | src.getEnclosingCallable() = m |
     src.asParameter().getName().toLowerCase().matches(["%id", "%idx"])
     or
     // handle cases like `Request.QueryString["Id"]`
 
@@ -55,7 +55,7 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
 deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { }
 
 
@@ -57,7 +57,7 @@ module CommandInjection = TaintTracking::Global<CommandInjectionConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /** Command Injection sinks defined through Models as Data. */
 private class ExternalCommandInjectionExprSink extends Sink {
 
@@ -54,7 +54,7 @@ module ConditionalBypass = TaintTracking::Global<ConditionalBypassConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /** The result of a reverse dns may be user-controlled. */
 class ReverseDnsSource extends Source {
 
@@ -73,14 +73,14 @@ class ExternalApiDataNode extends DataFlow::Node {
   }
 }
 
-/** A configuration for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */
+/** A configuration for tracking flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */
 private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
 
-/** A module for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */
+/** A module for tracking flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */
 module RemoteSourceToExternalApi = TaintTracking::Global<RemoteSourceToExternalApiConfig>;
 
 /** A node representing untrusted data being passed to an external API. */
 
@@ -60,7 +60,7 @@ module LdapInjection = TaintTracking::Global<LdapInjectionConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /** LDAP sinks defined through Models as Data. */
 private class ExternalLdapExprSink extends Sink {
 
@@ -43,7 +43,7 @@ private module LogForgingConfig implements DataFlow::ConfigSig {
 module LogForging = TaintTracking::Global<LogForgingConfig>;
 
 /** A source of remote user input. */
-private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+private class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 private class HtmlSanitizer extends Sanitizer {
   HtmlSanitizer() { this.asExpr() instanceof HtmlSanitizedExpr }
 
@@ -48,7 +48,7 @@ private module MissingXmlValidationConfig implements DataFlow::ConfigSig {
 module MissingXmlValidation = TaintTracking::Global<MissingXmlValidationConfig>;
 
 /**
- * DEPRECATED: Use `ThreatModelFlowSource` instead.
+ * DEPRECATED: Use `ActiveThreatModelSource` instead.
  *
  * A source of remote user input.
  */
@@ -57,7 +57,7 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
 /**
  * A source supported by the current threat model.
  */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /**
  * The input argument to a call to `XmlReader.Create` where the input will not be validated against
 
@@ -49,7 +49,7 @@ module ReDoS = TaintTracking::Global<ReDoSConfig>;
 deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
 
 /** A source supported by the current threat model. */
-class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 
 /**
  * An expression that represents a regular expression with potential exponential behavior.
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: deprecated
 +---
 +* The class `ThreatModelFlowSource` has been renamed to `ActiveThreatModelSource` to more clearly reflect it only contains the currently active threat model sources. `ThreatModelFlowSource` has been marked as deprecated.
Original file line number	Diff line number	Diff line change
`@@ -73,14 +73,14 @@ class ExternalApiDataNode extends DataFlow::Node {`
`73`	`73`	`}`
`74`	`74`	`}`
`75`	`75`
`76`		-/** A configuration for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */
	`76`	+/** A configuration for tracking flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */
`77`	`77`	`private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig {`
`78`		`- predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }`
	`78`	`+ predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }`
`79`	`79`
`80`	`80`	`predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }`
`81`	`81`	`}`
`82`	`82`
`83`		-/** A module for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */
	`83`	+/** A module for tracking flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */
`84`	`84`	`module RemoteSourceToExternalApi = TaintTracking::Global<RemoteSourceToExternalApiConfig>;`
`85`	`85`
`86`	`86`	`/** A node representing untrusted data being passed to an external API. */`