Go/Java/C#: Rename ThreatModelFlowSource to ActiveThreatModelSource#17424
Merged
RasmusWL merged 5 commits intogithub:mainfrom Sep 26, 2024
Merged
Go/Java/C#: Rename ThreatModelFlowSource to ActiveThreatModelSource#17424RasmusWL merged 5 commits intogithub:mainfrom
ThreatModelFlowSource to ActiveThreatModelSource#17424RasmusWL merged 5 commits intogithub:mainfrom
Conversation
As part of adding support for threat-models to Python/JS (see github#17203), we ran into some trouble with name clashes. Naming in existing languages supporting threat-models: - `SourceNode` (for QL only modeling) - `ThreatModelFlowSource` (for active sources from QL or data-extensions) However, since we use `LocalSourceNode` in Python, and `SourceNode` in JS (for local source nodes), it seems a bit confusing to follow the same naming convention as other languages, and we had to come up with new names. Initially I used `ThreatModelSource` for the "QL only modeling", but that meant that we needed a new name to represent the active sources coming from either QL or data-extensions... for this I came up with `ActiveThreatModelSource`, and I really liked it. To me, it's much clearer that this class only contains the currently active threat model sources. So to align languages, I got approval from @michaelnebel to rename the existing classes.
Contributor
michaelnebel
left a comment
michaelnebel
left a comment
There was a problem hiding this comment.
Uh, thank very much for doing this @RasmusWL !
csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll
Outdated
Show resolved
Hide resolved
RasmusWL
force-pushed
the
active-threat-model-source
branch
from
76a6ffc to
66b61ee
Compare
egregius313
reviewed
Sep 12, 2024
Contributor
egregius313
left a comment
egregius313
left a comment
There was a problem hiding this comment.
Looks good, but there's a formatting error
go/ql/src/experimental/CWE-090/LDAPInjection.qll would change by autoformatting.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Go/Java/C#: Rename to
ActiveThreatModelSourceContext for wanting this change
As part of adding support for threat-models to Python/JS (see #17203), we ran into some trouble with name clashes.
Naming in existing languages supporting threat-models:
SourceNode(for QL only modeling)ThreatModelFlowSource(for active sources from QL or data-extensions)However, since we use
LocalSourceNodein Python, andSourceNodein JS (for local source nodes), it seems a bit confusing to follow the same naming convention as other languages, and we had to come up with new names.Initially I used
ThreatModelSourcefor the "QL only modeling", but that meant that we needed a new name to represent the active sources coming from either QL or data-extensions... for this I came up withActiveThreatModelSource, and I really liked it. To me, it's much clearer that this class only contains the currently active threat model sources.So to align languages, I got approval from @michaelnebel to rename the existing classes.