Deprecated direct use of RemoteFlowSource and use ThreatModelFlowSource instead

Author: egregius313

csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll

@@ -3,8 +3,7 @@
  */
 
 import csharp
-private import semmle.code.csharp.security.dataflow.flowsources.Remote
-private import semmle.code.csharp.security.dataflow.flowsources.Local
+private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.codedom.Compiler
 private import semmle.code.csharp.security.Sanitizers
 private import semmle.code.csharp.dataflow.internal.ExternalFlow
@@ -55,11 +54,22 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {
  */
 module CodeInjection = TaintTracking::Global<CodeInjectionConfig>;
 
-/** A source of remote user input. */
-class RemoteSource extends Source instanceof RemoteFlowSource { }
+/**
+ * DEPRECATED: Use `ThreatModelSource` instead.
+ *
+ * A source of remote user input.
+ */
+deprecated class RemoteSource extends Source instanceof RemoteFlowSource { }
+
+/**
+ * DEPRECATED: Use `ThreatModelSource` instead.
+ *
+ * A source of local user input.
+ */
+deprecated class LocalSource extends Source instanceof LocalFlowSource { }
 
-/** A source of local user input. */
-class LocalSource extends Source instanceof LocalFlowSource { }
+/** A source supported by the current threat model. */
+class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
 
 private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { }
 

csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll

@@ -3,7 +3,7 @@
  */
 
 import csharp
-private import semmle.code.csharp.security.dataflow.flowsources.Remote
+private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.Diagnostics
 private import semmle.code.csharp.security.Sanitizers
 private import semmle.code.csharp.dataflow.internal.ExternalFlow
@@ -64,8 +64,15 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {
  */
 module CommandInjection = TaintTracking::Global<CommandInjectionConfig>;
 
-/** A source of remote user input. */
-class RemoteSource extends Source instanceof RemoteFlowSource { }
+/**
+ * DEPRECATED: Use `ThreatModelSource` instead.
+ *
+ * A source of remote user input.
+ */
+deprecated class RemoteSource extends Source instanceof RemoteFlowSource { }
+
+/** A source supported by the current threat model. */
+class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
 
 /** Command Injection sinks defined through Models as Data. */
 private class ExternalCommandInjectionExprSink extends Sink {

csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll

@@ -6,7 +6,7 @@
 import csharp
 private import semmle.code.csharp.controlflow.Guards
 private import semmle.code.csharp.controlflow.BasicBlocks
-private import semmle.code.csharp.security.dataflow.flowsources.Remote
+private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.Net
 private import semmle.code.csharp.security.SensitiveActions
@@ -60,9 +60,16 @@ private module ConditionalBypassConfig implements DataFlow::ConfigSig {
  */
 module ConditionalBypass = TaintTracking::Global<ConditionalBypassConfig>;
 
-/** A source of remote user input. */
+/**
+ * DEPRECATED: Use `ThreatModelSource` instead.
+ *
+ * A source of remote user input.
+ */
 class RemoteSource extends Source instanceof RemoteFlowSource { }
 
+/** A source supported by the current threat model. */
+class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
+
 /** The result of a reverse dns may be user-controlled. */
 class ReverseDnsSource extends Source {
   ReverseDnsSource() {

csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll

@@ -3,7 +3,7 @@
  */
 
 import csharp
-private import semmle.code.csharp.security.dataflow.flowsources.Remote
+private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.security.dataflow.flowsinks.ExternalLocationSink
 private import semmle.code.csharp.security.PrivateData
 

csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll

@@ -5,7 +5,7 @@
 
 import csharp
 private import semmle.code.csharp.commons.QualifiedName
-private import semmle.code.csharp.dataflow.flowsources.Remote
+private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.dataflow.FlowSummary
 

csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll

@@ -4,7 +4,7 @@
  */
 
 import csharp
-private import semmle.code.csharp.security.dataflow.flowsources.Remote
+private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.DirectoryServices
 private import semmle.code.csharp.frameworks.system.directoryservices.Protocols
 private import semmle.code.csharp.security.Sanitizers
@@ -66,8 +66,15 @@ module LdapInjectionConfig implements DataFlow::ConfigSig {
  */
 module LdapInjection = TaintTracking::Global<LdapInjectionConfig>;
 
-/** A source of remote user input. */
-class RemoteSource extends Source instanceof RemoteFlowSource { }
+/**
+ * DEPRECATED: Use `ThreadModelSource` instead.
+ *
+ * A source of remote user input.
+ */
+deprecated class RemoteSource extends Source instanceof RemoteFlowSource { }
+
+/** A source supported by the current threat model. */
+class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
 
 /** LDAP sinks defined through Models as Data. */
 private class ExternalLdapExprSink extends Sink {

csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll

@@ -3,7 +3,7 @@
  */
 
 import csharp
-private import semmle.code.csharp.security.dataflow.flowsources.Remote
+private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
 private import semmle.code.csharp.security.Sanitizers
@@ -57,7 +57,7 @@ private module LogForgingConfig implements DataFlow::ConfigSig {
 module LogForging = TaintTracking::Global<LogForgingConfig>;
 
 /** A source of remote user input. */
-private class RemoteSource extends Source instanceof RemoteFlowSource { }
+private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
 
 private class HtmlSanitizer extends Sanitizer {
   HtmlSanitizer() { this.asExpr() instanceof HtmlSanitizedExpr }

csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll

@@ -4,7 +4,7 @@
  */
 
 import csharp
-private import semmle.code.csharp.security.dataflow.flowsources.Remote
+private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.Xml
 private import semmle.code.csharp.security.Sanitizers
 
@@ -62,8 +62,17 @@ private module MissingXmlValidationConfig implements DataFlow::ConfigSig {
  */
 module MissingXmlValidation = TaintTracking::Global<MissingXmlValidationConfig>;
 
-/** A source of remote user input. */
-class RemoteSource extends Source instanceof RemoteFlowSource { }
+/**
+ * DEPRECATED: Use `ThreatModelFlowSource` instead.
+ *
+ * A source of remote user input.
+ */
+deprecated class RemoteSource extends Source instanceof RemoteFlowSource { }
+
+/**
+ * A source supported by the current threat model.
+ */
+class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
 
 /**
  * The input argument to a call to `XmlReader.Create` where the input will not be validated against

csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll

@@ -5,7 +5,7 @@
 
 import csharp
 private import semmle.code.csharp.dataflow.DataFlow2
-private import semmle.code.csharp.security.dataflow.flowsources.Remote
+private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
 private import semmle.code.csharp.security.Sanitizers
 
@@ -55,8 +55,15 @@ private module ReDoSConfig implements DataFlow::ConfigSig {
  */
 module ReDoS = TaintTracking::Global<ReDoSConfig>;
 
-/** A source of remote user input. */
-class RemoteSource extends Source instanceof RemoteFlowSource { }
+/**
+ * DEPRECATED: Use `ThreatModelSource` instead.
+ *
+ * A source of remote user input.
+ */
+deprecated class RemoteSource extends Source instanceof RemoteFlowSource { }
+
+/** A source supported by the current threat model. */
+class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
 
 /**
  * An expression that represents a regular expression with potential exponential behavior.

csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll

@@ -4,7 +4,7 @@
  */
 
 import csharp
-private import semmle.code.csharp.security.dataflow.flowsources.Remote
+private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
 private import semmle.code.csharp.security.Sanitizers
 
@@ -54,8 +54,15 @@ private module RegexInjectionConfig implements DataFlow::ConfigSig {
  */
 module RegexInjection = TaintTracking::Global<RegexInjectionConfig>;
 
-/** A source of remote user input. */
-class RemoteSource extends Source instanceof RemoteFlowSource { }
+/**
+ * DEPRECATED: Use `ThreatModelSource` instead.
+ *
+ * A source of remote user input.
+ */
+deprecated class RemoteSource extends Source instanceof RemoteFlowSource { }
+
+/** A source supported by the current threat model. */
+class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
 
 /**
  * A `pattern` argument to a construction of a `Regex`.