Rename UntrustedFlowSource to RemoteFlowSource

Only the whole word. Skipped one instance in an old change note.

Author: owen-mc

docs/codeql/codeql-language-guides/modeling-data-flow-in-go-libraries.rst

@@ -15,14 +15,14 @@ Sources
 -------
 
 To mark a source of data that is controlled by an untrusted user, we
-create a class extending ``UntrustedFlowSource::Range``. Inheritance and
+create a class extending ``RemoteFlowSource::Range``. Inheritance and
 the characteristic predicate of the class should be used to specify
 exactly the dataflow node that introduces the data. Here is a short
 example from ``Mux.qll``.
 
 .. code-block:: ql
 
-   class RequestVars extends DataFlow::UntrustedFlowSource::Range, DataFlow::CallNode {
+   class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
      RequestVars() { this.getTarget().hasQualifiedName("github.com/gorilla/mux", "Vars") }
    }
 

go/docs/language/learn-ql/go/library-modeling-go.rst

@@ -13,14 +13,14 @@ Sources
 -------
 
 To mark a source of data that is controlled by an untrusted user, we
-create a class extending ``UntrustedFlowSource::Range``. Inheritance and
+create a class extending ``RemoteFlowSource::Range``. Inheritance and
 the characteristic predicate of the class should be used to specify
 exactly the dataflow node that introduces the data. Here is a short
 example from ``Mux.qll``.
 
 .. code-block:: ql
 
-   class RequestVars extends DataFlow::UntrustedFlowSource::Range, DataFlow::CallNode {
+   class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
      RequestVars() { this.getTarget().hasQualifiedName("github.com/gorilla/mux", "Vars") }
    }
 
@@ -119,4 +119,4 @@ Here is a short example from ``Stdlib.qll``, which has been slightly simplified.
 This has the effect that any call to ``Print``, ``Printf``, or
 ``Println`` in the package ``fmt`` is recognized as a logger call.
 Any query that uses logger calls as a sink will then identify when tainted data 
-has been passed as an argument to ``Print``, ``Printf``, or ``Println``.
+has been passed as an argument to ``Print``, ``Printf``, or ``Println``.

go/ql/lib/semmle/go/frameworks/AwsLambda.qll

@@ -6,7 +6,7 @@
 import go
 
 /** A source of input data in an AWS Lambda. */
-private class LambdaInput extends UntrustedFlowSource::Range {
+private class LambdaInput extends RemoteFlowSource::Range {
   LambdaInput() {
     exists(Parameter p | p = this.asParameter() |
       p = any(HandlerFunction hf).getAParameter() and

go/ql/lib/semmle/go/frameworks/Beego.qll

@@ -50,7 +50,7 @@ module Beego {
   /**
    * `BeegoInput` sources of untrusted data.
    */
-  private class BeegoInputSource extends UntrustedFlowSource::Range {
+  private class BeegoInputSource extends RemoteFlowSource::Range {
     string methodName;
 
     BeegoInputSource() {
@@ -81,7 +81,7 @@ module Beego {
   /**
    * `beego.Controller` sources of untrusted data.
    */
-  private class BeegoControllerSource extends UntrustedFlowSource::Range {
+  private class BeegoControllerSource extends RemoteFlowSource::Range {
     BeegoControllerSource() {
       exists(string methodName, FunctionOutput output |
         methodName = "ParseForm" and
@@ -105,7 +105,7 @@ module Beego {
   /**
    * `BeegoInputRequestBody` sources of untrusted data.
    */
-  private class BeegoInputRequestBodySource extends UntrustedFlowSource::Range {
+  private class BeegoInputRequestBodySource extends RemoteFlowSource::Range {
     BeegoInputRequestBodySource() {
       exists(DataFlow::FieldReadNode frn | this = frn |
         frn.getField().hasQualifiedName(contextPackagePath(), "BeegoInput", "RequestBody")
@@ -116,7 +116,7 @@ module Beego {
   /**
    * `beego/context.Context` sources of untrusted data.
    */
-  private class BeegoContextSource extends UntrustedFlowSource::Range {
+  private class BeegoContextSource extends RemoteFlowSource::Range {
     BeegoContextSource() {
       exists(Method m | m.hasQualifiedName(contextPackagePath(), "Context", "GetCookie") |
         this = m.getACall().getResult()

go/ql/lib/semmle/go/frameworks/Chi.qll

@@ -11,7 +11,7 @@ private module Chi {
   /**
    * Functions that extract URL parameters, considered as a source of untrusted flow.
    */
-  private class UserControlledFunction extends UntrustedFlowSource::Range, DataFlow::CallNode {
+  private class UserControlledFunction extends RemoteFlowSource::Range, DataFlow::CallNode {
     UserControlledFunction() {
       this.getTarget().hasQualifiedName(packagePath(), ["URLParam", "URLParamFromCtx"])
     }
@@ -20,7 +20,7 @@ private module Chi {
   /**
    * Methods that extract URL parameters, considered as a source of untrusted flow.
    */
-  private class UserControlledRequestMethod extends UntrustedFlowSource::Range,
+  private class UserControlledRequestMethod extends RemoteFlowSource::Range,
     DataFlow::MethodCallNode
   {
     UserControlledRequestMethod() {

go/ql/lib/semmle/go/frameworks/Echo.qll

@@ -12,7 +12,7 @@ private module Echo {
   /**
    * Data from a `Context` interface method, considered as a source of untrusted flow.
    */
-  private class EchoContextSource extends UntrustedFlowSource::Range {
+  private class EchoContextSource extends RemoteFlowSource::Range {
     EchoContextSource() {
       exists(DataFlow::MethodCallNode call, string methodName |
         methodName =
@@ -42,7 +42,7 @@ private module Echo {
   /**
    * A call to a method on `Context` struct that unmarshals data into a target.
    */
-  private class EchoContextBinder extends UntrustedFlowSource::Range {
+  private class EchoContextBinder extends RemoteFlowSource::Range {
     EchoContextBinder() {
       exists(DataFlow::MethodCallNode call |
         call.getTarget().hasQualifiedName(packagePath(), "Context", "Bind")

go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll

@@ -95,7 +95,7 @@ module ElazarlGoproxy {
     }
   }
 
-  private class UserControlledRequestData extends UntrustedFlowSource::Range {
+  private class UserControlledRequestData extends RemoteFlowSource::Range {
     UserControlledRequestData() {
       exists(DataFlow::FieldReadNode frn | this = frn |
         // liberally consider ProxyCtx.UserData to be untrusted; it's a data field set by a request handler

go/ql/lib/semmle/go/frameworks/Fasthttp.qll

@@ -258,8 +258,8 @@ module Fasthttp {
     /**
      * The methods as Remote user controllable source which are part of the incoming URL.
      */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
+      RemoteFlowSource() {
         exists(Method m |
           m.hasQualifiedName(packagePath(), "URI",
             ["FullURI", "LastPathSegment", "Path", "PathOriginal", "QueryString", "String"]) and
@@ -278,8 +278,8 @@ module Fasthttp {
      *
      * When support for lambdas has been implemented we should model "VisitAll".
      */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
+      RemoteFlowSource() {
         exists(Method m |
           m.hasQualifiedName(packagePath(), "Args",
             ["Peek", "PeekBytes", "PeekMulti", "PeekMultiBytes", "QueryString", "String"]) and
@@ -389,8 +389,8 @@ module Fasthttp {
     /**
      * The methods as Remote user controllable source which can be many part of request.
      */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
+      RemoteFlowSource() {
         exists(Method m |
           m.hasQualifiedName(packagePath(), "Request",
             [
@@ -468,8 +468,8 @@ module Fasthttp {
      *
      * When support for lambdas has been implemented we should model "VisitAll", "VisitAllCookie", "VisitAllInOrder", "VisitAllTrailer".
      */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
+      RemoteFlowSource() {
         exists(Method m |
           m.hasQualifiedName(packagePath(), "RequestCtx",
             [
@@ -491,8 +491,8 @@ module Fasthttp {
      *
      * When support for lambdas has been implemented we should model "VisitAll", "VisitAllCookie", "VisitAllInOrder", "VisitAllTrailer".
      */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
+      RemoteFlowSource() {
         exists(Method m |
           m.hasQualifiedName(packagePath(), "RequestHeader",
             [

go/ql/lib/semmle/go/frameworks/Gin.qll

@@ -12,7 +12,7 @@ private module Gin {
   /**
    * Data from a `Context` struct, considered as a source of untrusted flow.
    */
-  private class GithubComGinGonicGinContextSource extends UntrustedFlowSource::Range {
+  private class GithubComGinGonicGinContextSource extends RemoteFlowSource::Range {
     GithubComGinGonicGinContextSource() {
       // Method calls:
       exists(DataFlow::MethodCallNode call, string methodName |
@@ -39,7 +39,7 @@ private module Gin {
   /**
    * A call to a method on `Context` struct that unmarshals data into a target.
    */
-  private class GithubComGinGonicGinContextBindSource extends UntrustedFlowSource::Range {
+  private class GithubComGinGonicGinContextBindSource extends RemoteFlowSource::Range {
     GithubComGinGonicGinContextBindSource() {
       exists(DataFlow::MethodCallNode call, string methodName |
         call.getTarget().hasQualifiedName(packagePath(), "Context", methodName) and

go/ql/lib/semmle/go/frameworks/GoKit.qll

@@ -35,7 +35,7 @@ module GoKit {
       DataFlow::exprNode(result.(FuncLit)) = getAnEndpointFactoryResult()
     }
 
-    private class EndpointRequest extends UntrustedFlowSource::Range {
+    private class EndpointRequest extends RemoteFlowSource::Range {
       EndpointRequest() { this = DataFlow::parameterNode(getAnEndpointFunction().getParameter(1)) }
     }
   }