Go: Rename UntrustedFlowSource to RemoteFlowSource to match other language libraries
#16250
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Only the whole word. Skipped one instance in an old change note.
Relaxed whole word requirement. Again skipped one instance in an old change note.
Relaxed match case requirement. Again skipped one instance in an old change note.
Not matching case but preserving original case.
Preserve case, allow for "a `Remote" etc.
Including renaming some files (in the experimental folder).
`UntrustedFlowAsSource` should have been private. Since we are deprecating them anyway we may as well make the replacement private (and make it use `instanceof`). The deprecation comments have been updated.
owen-mc
force-pushed
the
go/rename-untrusted-flow-source
branch
from
57be161 to
dc985c2
Compare
mbg
reviewed
Apr 23, 2024
There was a problem hiding this comment.
Thanks for doing this to bring Go in line with other languages here! This generally all looks good. I just have some minor comments and a recurring question about a bunch of the comments on the now deprecated classes, which suggests using a now private replacement. Feel free to answer one and ignore the others if that's fine as is.
Some classes which should have been private have been made private while we are deprecating the old name anyway.
Why should they be private?
go/ql/lib/change-notes/2024-04-18-untrustedflowsource-renamed-remoteflowsource.md
Outdated
Show resolved
Hide resolved
| /** A source of untrusted data, considered as a taint source for command injection. */ | ||
| class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } | ||
| private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { } |
There was a problem hiding this comment.
It just doesn't make much sense to make this public. It isn't really of any use for external code to reference it, and will probably just lead to confusion if it is done by mistake.
Co-authored-by: Michael B. Gale <[email protected]>
mbg
approved these changes
Apr 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Go was the the only language library which wasn't using the name
RemoteFlowSource, so this seemed worth fixing for the sake of consistency.Related renamings have also been done. Some classes which should have been private have been made private while we are deprecating the old name anyway. Appropriate instructions have been put in the deprecation comments.