Rename UntrustedFlowSource to RemoteFlowSource

Only the whole word. Skipped one instance in an old change note.
2025-12-16 16:53:25 +01:00 · 2024-04-17 21:27:32 +01:00
parent da3fa22cbd
commit 5fba9895c6
61 changed files with 169 additions and 173 deletions
--- a/docs/codeql/codeql-language-guides/modeling-data-flow-in-go-libraries.rst
+++ b/docs/codeql/codeql-language-guides/modeling-data-flow-in-go-libraries.rst
@@ -15,14 +15,14 @@ Sources
 -------
 To mark a source of data that is controlled by an untrusted user, we
-create a class extending ``UntrustedFlowSource::Range``. Inheritance and
+create a class extending ``RemoteFlowSource::Range``. Inheritance and
 the characteristic predicate of the class should be used to specify
 exactly the dataflow node that introduces the data. Here is a short
 example from ``Mux.qll``.
 .. code-block:: ql
-   class RequestVars extends DataFlow::UntrustedFlowSource::Range, DataFlow::CallNode {
+   class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
     RequestVars() { this.getTarget().hasQualifiedName("github.com/gorilla/mux", "Vars") }
   }
--- a/go/docs/language/learn-ql/go/library-modeling-go.rst
+++ b/go/docs/language/learn-ql/go/library-modeling-go.rst
@@ -13,14 +13,14 @@ Sources
 -------
 To mark a source of data that is controlled by an untrusted user, we
-create a class extending ``UntrustedFlowSource::Range``. Inheritance and
+create a class extending ``RemoteFlowSource::Range``. Inheritance and
 the characteristic predicate of the class should be used to specify
 exactly the dataflow node that introduces the data. Here is a short
 example from ``Mux.qll``.
 .. code-block:: ql
-   class RequestVars extends DataFlow::UntrustedFlowSource::Range, DataFlow::CallNode {
+   class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
     RequestVars() { this.getTarget().hasQualifiedName("github.com/gorilla/mux", "Vars") }
   }
@@ -119,4 +119,4 @@ Here is a short example from ``Stdlib.qll``, which has been slightly simplified.
 This has the effect that any call to ``Print``, ``Printf``, or
 ``Println`` in the package ``fmt`` is recognized as a logger call.
 Any query that uses logger calls as a sink will then identify when tainted data 
-has been passed as an argument to ``Print``, ``Printf``, or ``Println``.
+has been passed as an argument to ``Print``, ``Printf``, or ``Println``.
--- a/go/ql/lib/semmle/go/frameworks/AwsLambda.qll
+++ b/go/ql/lib/semmle/go/frameworks/AwsLambda.qll
@@ -6,7 +6,7 @@
 import go
 /** A source of input data in an AWS Lambda. */
-private class LambdaInput extends UntrustedFlowSource::Range {
+private class LambdaInput extends RemoteFlowSource::Range {
  LambdaInput() {
    exists(Parameter p | p = this.asParameter() |
      p = any(HandlerFunction hf).getAParameter() and
--- a/go/ql/lib/semmle/go/frameworks/Beego.qll
+++ b/go/ql/lib/semmle/go/frameworks/Beego.qll
@@ -50,7 +50,7 @@ module Beego {
  /**
   * `BeegoInput` sources of untrusted data.
   */
-  private class BeegoInputSource extends UntrustedFlowSource::Range {
+  private class BeegoInputSource extends RemoteFlowSource::Range {
    string methodName;
    BeegoInputSource() {
@@ -81,7 +81,7 @@ module Beego {
  /**
   * `beego.Controller` sources of untrusted data.
   */
-  private class BeegoControllerSource extends UntrustedFlowSource::Range {
+  private class BeegoControllerSource extends RemoteFlowSource::Range {
    BeegoControllerSource() {
      exists(string methodName, FunctionOutput output |
        methodName = "ParseForm" and
@@ -105,7 +105,7 @@ module Beego {
  /**
   * `BeegoInputRequestBody` sources of untrusted data.
   */
-  private class BeegoInputRequestBodySource extends UntrustedFlowSource::Range {
+  private class BeegoInputRequestBodySource extends RemoteFlowSource::Range {
    BeegoInputRequestBodySource() {
      exists(DataFlow::FieldReadNode frn | this = frn |
        frn.getField().hasQualifiedName(contextPackagePath(), "BeegoInput", "RequestBody")
@@ -116,7 +116,7 @@ module Beego {
  /**
   * `beego/context.Context` sources of untrusted data.
   */
-  private class BeegoContextSource extends UntrustedFlowSource::Range {
+  private class BeegoContextSource extends RemoteFlowSource::Range {
    BeegoContextSource() {
      exists(Method m | m.hasQualifiedName(contextPackagePath(), "Context", "GetCookie") |
        this = m.getACall().getResult()
--- a/go/ql/lib/semmle/go/frameworks/Chi.qll
+++ b/go/ql/lib/semmle/go/frameworks/Chi.qll
@@ -11,7 +11,7 @@ private module Chi {
  /**
   * Functions that extract URL parameters, considered as a source of untrusted flow.
   */
-  private class UserControlledFunction extends UntrustedFlowSource::Range, DataFlow::CallNode {
+  private class UserControlledFunction extends RemoteFlowSource::Range, DataFlow::CallNode {
    UserControlledFunction() {
      this.getTarget().hasQualifiedName(packagePath(), ["URLParam", "URLParamFromCtx"])
    }
@@ -20,7 +20,7 @@ private module Chi {
  /**
   * Methods that extract URL parameters, considered as a source of untrusted flow.
   */
-  private class UserControlledRequestMethod extends UntrustedFlowSource::Range,
+  private class UserControlledRequestMethod extends RemoteFlowSource::Range,
    DataFlow::MethodCallNode
  {
    UserControlledRequestMethod() {
--- a/go/ql/lib/semmle/go/frameworks/Echo.qll
+++ b/go/ql/lib/semmle/go/frameworks/Echo.qll
@@ -12,7 +12,7 @@ private module Echo {
  /**
   * Data from a `Context` interface method, considered as a source of untrusted flow.
   */
-  private class EchoContextSource extends UntrustedFlowSource::Range {
+  private class EchoContextSource extends RemoteFlowSource::Range {
    EchoContextSource() {
      exists(DataFlow::MethodCallNode call, string methodName |
        methodName =
@@ -42,7 +42,7 @@ private module Echo {
  /**
   * A call to a method on `Context` struct that unmarshals data into a target.
   */
-  private class EchoContextBinder extends UntrustedFlowSource::Range {
+  private class EchoContextBinder extends RemoteFlowSource::Range {
    EchoContextBinder() {
      exists(DataFlow::MethodCallNode call |
        call.getTarget().hasQualifiedName(packagePath(), "Context", "Bind")
--- a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
+++ b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
@@ -95,7 +95,7 @@ module ElazarlGoproxy {
    }
  }
-  private class UserControlledRequestData extends UntrustedFlowSource::Range {
+  private class UserControlledRequestData extends RemoteFlowSource::Range {
    UserControlledRequestData() {
      exists(DataFlow::FieldReadNode frn | this = frn |
        // liberally consider ProxyCtx.UserData to be untrusted; it's a data field set by a request handler
--- a/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
@@ -258,8 +258,8 @@ module Fasthttp {
    /**
     * The methods as Remote user controllable source which are part of the incoming URL.
     */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+      RemoteFlowSource() {
        exists(Method m |
          m.hasQualifiedName(packagePath(), "URI",
            ["FullURI", "LastPathSegment", "Path", "PathOriginal", "QueryString", "String"]) and
@@ -278,8 +278,8 @@ module Fasthttp {
     *
     * When support for lambdas has been implemented we should model "VisitAll".
     */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+      RemoteFlowSource() {
        exists(Method m |
          m.hasQualifiedName(packagePath(), "Args",
            ["Peek", "PeekBytes", "PeekMulti", "PeekMultiBytes", "QueryString", "String"]) and
@@ -389,8 +389,8 @@ module Fasthttp {
    /**
     * The methods as Remote user controllable source which can be many part of request.
     */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+      RemoteFlowSource() {
        exists(Method m |
          m.hasQualifiedName(packagePath(), "Request",
            [
@@ -468,8 +468,8 @@ module Fasthttp {
     *
     * When support for lambdas has been implemented we should model "VisitAll", "VisitAllCookie", "VisitAllInOrder", "VisitAllTrailer".
     */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+      RemoteFlowSource() {
        exists(Method m |
          m.hasQualifiedName(packagePath(), "RequestCtx",
            [
@@ -491,8 +491,8 @@ module Fasthttp {
     *
     * When support for lambdas has been implemented we should model "VisitAll", "VisitAllCookie", "VisitAllInOrder", "VisitAllTrailer".
     */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+      RemoteFlowSource() {
        exists(Method m |
          m.hasQualifiedName(packagePath(), "RequestHeader",
            [
--- a/go/ql/lib/semmle/go/frameworks/Gin.qll
+++ b/go/ql/lib/semmle/go/frameworks/Gin.qll
@@ -12,7 +12,7 @@ private module Gin {
  /**
   * Data from a `Context` struct, considered as a source of untrusted flow.
   */
-  private class GithubComGinGonicGinContextSource extends UntrustedFlowSource::Range {
+  private class GithubComGinGonicGinContextSource extends RemoteFlowSource::Range {
    GithubComGinGonicGinContextSource() {
      // Method calls:
      exists(DataFlow::MethodCallNode call, string methodName |
@@ -39,7 +39,7 @@ private module Gin {
  /**
   * A call to a method on `Context` struct that unmarshals data into a target.
   */
-  private class GithubComGinGonicGinContextBindSource extends UntrustedFlowSource::Range {
+  private class GithubComGinGonicGinContextBindSource extends RemoteFlowSource::Range {
    GithubComGinGonicGinContextBindSource() {
      exists(DataFlow::MethodCallNode call, string methodName |
        call.getTarget().hasQualifiedName(packagePath(), "Context", methodName) and
--- a/go/ql/lib/semmle/go/frameworks/GoKit.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoKit.qll
@@ -35,7 +35,7 @@ module GoKit {
      DataFlow::exprNode(result.(FuncLit)) = getAnEndpointFactoryResult()
    }
-    private class EndpointRequest extends UntrustedFlowSource::Range {
+    private class EndpointRequest extends RemoteFlowSource::Range {
      EndpointRequest() { this = DataFlow::parameterNode(getAnEndpointFunction().getParameter(1)) }
    }
  }
--- a/go/ql/lib/semmle/go/frameworks/GoMicro.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoMicro.qll
@@ -142,7 +142,7 @@ module GoMicro {
  /**
   * A set of remote requests from a service handler.
   */
-  class Request extends UntrustedFlowSource::Range instanceof DataFlow::ParameterNode {
+  class Request extends RemoteFlowSource::Range instanceof DataFlow::ParameterNode {
    Request() {
      exists(ServiceHandler handler |
        this.asParameter().isParameterOf(handler.getFuncDecl(), 1) and
--- a/go/ql/lib/semmle/go/frameworks/GoRestfulHttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoRestfulHttp.qll
@@ -27,14 +27,14 @@ private module GoRestfulHttp {
  /**
   * A model of go-restful's `Request` object as a source of user-controlled data.
   */
-  private class GoRestfulSource extends UntrustedFlowSource::Range {
+  private class GoRestfulSource extends RemoteFlowSource::Range {
    GoRestfulSource() { this = any(GoRestfulSourceMethod g).getACall() }
  }
  /**
   * A model of go-restful's `Request.ReadEntity` method as a source of user-controlled data.
   */
-  private class GoRestfulReadEntitySource extends UntrustedFlowSource::Range {
+  private class GoRestfulReadEntitySource extends RemoteFlowSource::Range {
    GoRestfulReadEntitySource() {
      exists(DataFlow::MethodCallNode call |
        call.getTarget().hasQualifiedName(packagePath(), "Request", "ReadEntity")
--- a/go/ql/lib/semmle/go/frameworks/Gqlgen.qll
+++ b/go/ql/lib/semmle/go/frameworks/Gqlgen.qll
@@ -39,7 +39,7 @@ module Gqlgen {
  }
  /** A parameter of a resolver method which receives untrusted input. */
-  class ResolverParameter extends UntrustedFlowSource::Range instanceof DataFlow::ParameterNode {
+  class ResolverParameter extends RemoteFlowSource::Range instanceof DataFlow::ParameterNode {
    ResolverParameter() {
      this.asParameter() = any(ResolverImplementationMethod h).getAnUntrustedParameter()
    }
--- a/go/ql/lib/semmle/go/frameworks/Mux.qll
+++ b/go/ql/lib/semmle/go/frameworks/Mux.qll
@@ -9,7 +9,7 @@ import go
 */
 module Mux {
  /** An access to a Mux middleware variable. */
-  class RequestVars extends DataFlow::UntrustedFlowSource::Range, DataFlow::CallNode {
+  class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
    RequestVars() {
      this.getTarget().hasQualifiedName(package("github.com/gorilla/mux", ""), "Vars")
    }
--- a/go/ql/lib/semmle/go/frameworks/Revel.qll
+++ b/go/ql/lib/semmle/go/frameworks/Revel.qll
@@ -12,7 +12,7 @@ module Revel {
    result = package(["github.com/revel", "github.com/robfig"] + "/revel", "")
  }
-  private class ControllerParams extends UntrustedFlowSource::Range, DataFlow::FieldReadNode {
+  private class ControllerParams extends RemoteFlowSource::Range, DataFlow::FieldReadNode {
    ControllerParams() {
      exists(Field f |
        this.readsField(_, f) and
@@ -32,7 +32,7 @@ module Revel {
    }
  }
-  private class RouteMatchParams extends UntrustedFlowSource::Range, DataFlow::FieldReadNode {
+  private class RouteMatchParams extends RemoteFlowSource::Range, DataFlow::FieldReadNode {
    RouteMatchParams() {
      exists(Field f |
        this.readsField(_, f) and
@@ -42,9 +42,7 @@ module Revel {
  }
  /** An access to an HTTP request field whose value may be controlled by an untrusted user. */
-  private class UserControlledRequestField extends UntrustedFlowSource::Range,
+  private class UserControlledRequestField extends RemoteFlowSource::Range, DataFlow::FieldReadNode {
    DataFlow::FieldReadNode
  {
    UserControlledRequestField() {
      exists(string fieldName |
        this.getField().hasQualifiedName(packagePath(), "Request", fieldName)
@@ -56,7 +54,7 @@ module Revel {
    }
  }
-  private class UserControlledRequestMethod extends UntrustedFlowSource::Range,
+  private class UserControlledRequestMethod extends RemoteFlowSource::Range,
    DataFlow::MethodCallNode
  {
    UserControlledRequestMethod() {
--- a/go/ql/lib/semmle/go/frameworks/Twirp.qll
+++ b/go/ql/lib/semmle/go/frameworks/Twirp.qll
@@ -130,7 +130,7 @@ module Twirp {
  }
  /** A request coming to the service handler. */
-  class Request extends UntrustedFlowSource::Range instanceof DataFlow::ParameterNode {
+  class Request extends RemoteFlowSource::Range instanceof DataFlow::ParameterNode {
    Request() {
      exists(ServiceHandler handler |
        this.asParameter().isParameterOf(handler.getFuncDecl(), 1) and
--- a/go/ql/lib/semmle/go/frameworks/WebSocket.qll
+++ b/go/ql/lib/semmle/go/frameworks/WebSocket.qll
@@ -127,7 +127,7 @@ module WebSocketRequestCall {
 /**
 * A message written to a WebSocket, considered as a flow sink for reflected XSS.
 */
-class WebSocketReaderAsSource extends UntrustedFlowSource::Range {
+class WebSocketReaderAsSource extends RemoteFlowSource::Range {
  WebSocketReaderAsSource() {
    exists(WebSocketReader r | this = r.getAnOutput().getNode(r.getACall()))
  }
--- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -9,9 +9,7 @@ private import semmle.go.dataflow.internal.FlowSummaryImpl::Private
 /** Provides models of commonly used functions in the `net/http` package. */
 module NetHttp {
  /** An access to an HTTP request field whose value may be controlled by an untrusted user. */
-  private class UserControlledRequestField extends UntrustedFlowSource::Range,
+  private class UserControlledRequestField extends RemoteFlowSource::Range, DataFlow::FieldReadNode {
    DataFlow::FieldReadNode
  {
    UserControlledRequestField() {
      exists(string fieldName | this.getField().hasQualifiedName("net/http", "Request", fieldName) |
        fieldName =
--- a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
@@ -30,7 +30,7 @@ module CommandInjection {
  abstract class Sanitizer extends DataFlow::Node { }
  /** A source of untrusted data, considered as a taint source for command injection. */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** A command name, considered as a taint sink for command injection. */
  class CommandNameAsSink extends Sink {
--- a/go/ql/lib/semmle/go/security/ExternalAPIs.qll
+++ b/go/ql/lib/semmle/go/security/ExternalAPIs.qll
@@ -187,13 +187,13 @@ class UnknownExternalApiDataNode extends ExternalApiDataNode {
 deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
-  override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
 private module UntrustedDataConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
@@ -211,13 +211,13 @@ module UntrustedDataToExternalApiFlow = DataFlow::Global<UntrustedDataConfig>;
 deprecated class UntrustedDataToUnknownExternalApiConfig extends TaintTracking::Configuration {
  UntrustedDataToUnknownExternalApiConfig() { this = "UntrustedDataToUnknownExternalAPIConfig" }
-  override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  override predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode }
 }
 private module UntrustedDataToUnknownExternalApiConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode }
 }
--- a/go/ql/lib/semmle/go/security/FlowSources.qll
+++ b/go/ql/lib/semmle/go/security/FlowSources.qll
@@ -9,17 +9,17 @@ private import semmle.go.dataflow.ExternalFlow as ExternalFlow
 * A source of data that is controlled by an untrusted user.
 *
 * Extend this class to refine existing API models. If you want to model new APIs,
- * extend `UntrustedFlowSource::Range` instead.
+ * extend `RemoteFlowSource::Range` instead.
 */
-class UntrustedFlowSource extends DataFlow::Node instanceof UntrustedFlowSource::Range { }
+class RemoteFlowSource extends DataFlow::Node instanceof RemoteFlowSource::Range { }
 /** Provides a class for modeling new sources of untrusted data. */
-module UntrustedFlowSource {
+module RemoteFlowSource {
  /**
   * A source of data that is controlled by an untrusted user.
   *
   * Extend this class to model new APIs. If you want to refine existing API models,
-   * extend `UntrustedFlowSource` instead.
+   * extend `RemoteFlowSource` instead.
   */
  abstract class Range extends DataFlow::Node { }
--- a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
@@ -26,7 +26,7 @@ module LogInjection {
  abstract class Sanitizer extends DataFlow::Node { }
  /** A source of untrusted data, considered as a taint source for log injection. */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** An argument to a logging mechanism. */
  class LoggerSink extends Sink {
--- a/go/ql/lib/semmle/go/security/MissingJwtSignatureCheckCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/MissingJwtSignatureCheckCustomizations.qll
@@ -49,7 +49,7 @@ module MissingJwtSignatureCheck {
    }
  }
-  private class DefaultSource extends Source instanceof UntrustedFlowSource { }
+  private class DefaultSource extends Source instanceof RemoteFlowSource { }
  private class DefaultSink extends Sink {
    DefaultSink() { sinkNode(this, "jwt") }
--- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
@@ -45,7 +45,7 @@ module OpenUrlRedirect {
  /**
   * A source of third-party user input, considered as a flow source for URL redirects.
   */
-  class UntrustedFlowAsSource extends Source, UntrustedFlowSource {
+  class UntrustedFlowAsSource extends Source, RemoteFlowSource {
    UntrustedFlowAsSource() {
      // exclude some fields and methods of URLs that are generally not attacker-controllable for
      // open redirect exploits
--- a/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll
@@ -37,7 +37,7 @@ module ReflectedXss {
  /**
   * A third-party controllable input, considered as a flow source for reflected XSS.
   */
-  class UntrustedFlowAsSource extends Source, UntrustedFlowSource { }
+  class UntrustedFlowAsSource extends Source, RemoteFlowSource { }
  /** An arbitrary XSS sink, considered as a flow sink for stored XSS. */
  private class AnySink extends Sink instanceof SharedXss::Sink { }
--- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
@@ -35,7 +35,7 @@ module RequestForgery {
  /**
   * A third-party controllable input, considered as a flow source for request forgery.
   */
-  class UntrustedFlowAsSource extends Source, UntrustedFlowSource { }
+  class UntrustedFlowAsSource extends Source, RemoteFlowSource { }
  /**
   * The URL of an HTTP request, viewed as a sink for request forgery.
--- a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
@@ -26,7 +26,7 @@ module SqlInjection {
  abstract class Sanitizer extends DataFlow::Node { }
  /** A source of untrusted data, considered as a taint source for SQL injection. */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** An SQL string, considered as a taint sink for SQL injection. */
  class SqlQueryAsSink extends Sink instanceof SQL::QueryString { }
--- a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
@@ -45,7 +45,7 @@ module TaintedPath {
  }
  /** A source of untrusted data, considered as a taint source for path traversal. */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** A path expression, considered as a taint sink for path traversal. */
  class PathAsSink extends Sink {
--- a/go/ql/lib/semmle/go/security/UncontrolledAllocationSizeCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/UncontrolledAllocationSizeCustomizations.qll
@@ -21,7 +21,7 @@ module UncontrolledAllocationSize {
  abstract class Sanitizer extends DataFlow::Node { }
  /** A source of untrusted data, considered as a taint source for uncontrolled size allocation vulnerabilities. */
-  private class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  private class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** The size argument of a memory allocation function. */
  private class AllocationSizeAsSink extends Sink instanceof AllocationSizeOverflow::AllocationSize {
--- a/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
@@ -25,7 +25,7 @@ module XPathInjection {
  abstract class Sanitizer extends DataFlow::ExprNode { }
  /** A source of untrusted data, used in an XPath expression. */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** An XPath expression string, considered as a taint sink for XPath injection. */
  class XPathExpressionStringAsSink extends Sink instanceof XPath::XPathExpressionString { }
--- a/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll
+++ b/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll
@@ -17,7 +17,7 @@ module EmailInjection {
  abstract class Sink extends DataFlow::Node { }
  /** A source of untrusted data, considered as a taint source for email injection. */
-  class UntrustedFlowSourceAsSource extends Source instanceof UntrustedFlowSource { }
+  class UntrustedFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
  /**
   * A data-flow node that becomes part of an email considered as a taint sink for email injection.
--- a/go/ql/src/experimental/CWE-090/LDAPInjection.qll
+++ b/go/ql/src/experimental/CWE-090/LDAPInjection.qll
@@ -98,13 +98,13 @@ private class LdapClientDNSink extends LdapSink {
 /**
 * DEPRECATED: Use `LdapInjectionFlow` instead.
 *
- * A taint-tracking configuration for reasoning about when an `UntrustedFlowSource`
+ * A taint-tracking configuration for reasoning about when an `RemoteFlowSource`
 * flows into an argument or field that is vulnerable to LDAP injection.
 */
 deprecated class LdapInjectionConfiguration extends TaintTracking::Configuration {
  LdapInjectionConfiguration() { this = "Ldap injection" }
-  override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  override predicate isSink(DataFlow::Node sink) { sink instanceof LdapSink }
@@ -112,7 +112,7 @@ deprecated class LdapInjectionConfiguration extends TaintTracking::Configuration
 }
 private module LdapInjectionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { sink instanceof LdapSink }
@@ -120,7 +120,7 @@ private module LdapInjectionConfig implements DataFlow::ConfigSig {
 }
 /**
- * Tracks taint flow for reasoning about when an `UntrustedFlowSource` flows
+ * Tracks taint flow for reasoning about when an `RemoteFlowSource` flows
 * into an argument or field that is vulnerable to LDAP injection.
 */
 module LdapInjectionFlow = TaintTracking::Global<LdapInjectionConfig>;
--- a/go/ql/src/experimental/CWE-203/Timing.ql
+++ b/go/ql/src/experimental/CWE-203/Timing.ql
@@ -98,7 +98,7 @@ private class SensitiveStringSink extends Sink {
 module Config implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
-    source instanceof UntrustedFlowSource and not isBadResult(source)
+    source instanceof RemoteFlowSource and not isBadResult(source)
  }
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink and not isBadResult(sink) }
--- a/go/ql/src/experimental/CWE-287/ImproperLdapAuthCustomizations.qll
+++ b/go/ql/src/experimental/CWE-287/ImproperLdapAuthCustomizations.qll
@@ -68,7 +68,7 @@ module ImproperLdapAuth {
  private module Config implements DataFlow::ConfigSig {
    predicate isSource(DataFlow::Node source) {
-      source instanceof UntrustedFlowSource or source instanceof EmptyString
+      source instanceof RemoteFlowSource or source instanceof EmptyString
    }
    predicate isSink(DataFlow::Node sink) { sink instanceof LdapAuthSink }
--- a/go/ql/src/experimental/CWE-369/DivideByZero.ql
+++ b/go/ql/src/experimental/CWE-369/DivideByZero.ql
@@ -28,7 +28,7 @@ predicate divideByZeroSanitizerGuard(DataFlow::Node g, Expr e, boolean branch) {
 }
 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    exists(Function f, DataFlow::CallNode cn | cn = f.getACall() |
--- a/go/ql/src/experimental/CWE-74/DsnInjection.ql
+++ b/go/ql/src/experimental/CWE-74/DsnInjection.ql
@@ -14,7 +14,7 @@ import DsnInjectionCustomizations
 import DsnInjectionFlow::PathGraph
 /** An untrusted flow source taken as a source for the `DsnInjection` taint-flow configuration. */
-private class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+private class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
 from DsnInjectionFlow::PathNode source, DsnInjectionFlow::PathNode sink
 where DsnInjectionFlow::flowPath(source, sink)
--- a/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
+++ b/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
@@ -36,7 +36,7 @@ class PassthroughTypeName extends string {
 }
 module UntrustedToPassthroughTypeConversionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  additional predicate isSinkToPassthroughType(DataFlow::TypeCastNode sink, PassthroughTypeName name) {
    exists(Type typ |
@@ -53,7 +53,7 @@ module UntrustedToPassthroughTypeConversionConfig implements DataFlow::ConfigSig
 }
 /**
- * Tracks taint flow for reasoning about when an `UntrustedFlowSource` is
+ * Tracks taint flow for reasoning about when an `RemoteFlowSource` is
 * converted into a special "passthrough" type which will not be escaped by the
 * template generator; this allows the injection of arbitrary content (html,
 * css, js) into the generated output of the templates.
@@ -109,13 +109,13 @@ predicate isSinkToTemplateExec(DataFlow::Node sink, DataFlow::CallNode call) {
 }
 module FromUntrustedToTemplateExecutionCallConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { isSinkToTemplateExec(sink, _) }
 }
 /**
- * Tracks taint flow from an `UntrustedFlowSource` into a template executor
+ * Tracks taint flow from an `RemoteFlowSource` into a template executor
 * call.
 */
 module FromUntrustedToTemplateExecutionCallFlow =
--- a/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.qll
+++ b/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.qll
@@ -52,7 +52,7 @@ deprecated class Configuration extends TaintTracking::Configuration {
  Configuration() { this = "Condtional Expression Check Bypass" }
  override predicate isSource(DataFlow::Node source) {
-    source instanceof UntrustedFlowSource
+    source instanceof RemoteFlowSource
    or
    exists(DataFlow::FieldReadNode f |
      f.getField().hasQualifiedName("net/http", "Request", "Host")
@@ -71,7 +71,7 @@ deprecated class Configuration extends TaintTracking::Configuration {
 private module Config implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
-    source instanceof UntrustedFlowSource
+    source instanceof RemoteFlowSource
    or
    exists(DataFlow::FieldReadNode f |
      f.getField().hasQualifiedName("net/http", "Request", "Host")
--- a/go/ql/src/experimental/CWE-840/ConditionalBypass.ql
+++ b/go/ql/src/experimental/CWE-840/ConditionalBypass.ql
@@ -14,7 +14,7 @@ import go
 module Config implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
-    source instanceof UntrustedFlowSource
+    source instanceof RemoteFlowSource
    or
    source = any(Field f | f.hasQualifiedName("net/http", "Request", "Host")).getARead()
  }
--- a/go/ql/src/experimental/CWE-918/SSRF.qll
+++ b/go/ql/src/experimental/CWE-918/SSRF.qll
@@ -90,7 +90,7 @@ module ServerSideRequestForgery {
  /**
   * An user controlled input, considered as a flow source for request forgery.
   */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
  /**
   * The URL of an HTTP request, viewed as a sink for request forgery.
--- a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
+++ b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
@@ -52,7 +52,7 @@ class AllowCredentialsHeaderWrite extends Http::HeaderWrite {
 }
 module UntrustedToAllowOriginHeaderConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  additional predicate isSinkHW(DataFlow::Node sink, AllowOriginHeaderWrite hw) {
    sink = hw.getValue()
@@ -70,7 +70,7 @@ module UntrustedToAllowOriginHeaderConfig implements DataFlow::ConfigSig {
 }
 module UntrustedToAllowOriginConfigConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  additional predicate isSinkWrite(DataFlow::Node sink, GinCors::AllowOriginsWrite w) { sink = w }
@@ -78,13 +78,13 @@ module UntrustedToAllowOriginConfigConfig implements DataFlow::ConfigSig {
 }
 /**
- * Tracks taint flowfor reasoning about when an `UntrustedFlowSource` flows to
+ * Tracks taint flowfor reasoning about when an `RemoteFlowSource` flows to
 * a `HeaderWrite` that writes an `Access-Control-Allow-Origin` header's value.
 */
 module UntrustedToAllowOriginHeaderFlow = TaintTracking::Global<UntrustedToAllowOriginHeaderConfig>;
 /**
- * Tracks taint flowfor reasoning about when an `UntrustedFlowSource` flows to
+ * Tracks taint flowfor reasoning about when an `RemoteFlowSource` flows to
 * a `AllowOriginsWrite` that writes an `Access-Control-Allow-Origin` header's value.
 */
 module UntrustedToAllowOriginConfigFlow = TaintTracking::Global<UntrustedToAllowOriginConfigConfig>;
@@ -121,7 +121,7 @@ predicate allowCredentialsIsSetToTrue(DataFlow::ExprNode allowOriginHW) {
 /**
 * Holds if the provided `allowOriginHW` HeaderWrite's value is set using an
- * UntrustedFlowSource.
+ * RemoteFlowSource.
 * The `message` parameter is populated with the warning message to be returned by the query.
 */
 predicate flowsFromUntrustedToAllowOrigin(DataFlow::ExprNode allowOriginHW, string message) {
@@ -169,7 +169,7 @@ class MapRead extends DataFlow::ElementReadNode {
 }
 module FromUntrustedConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { isSinkCgn(sink, _) }
@@ -208,13 +208,13 @@ module FromUntrustedConfig implements DataFlow::ConfigSig {
 }
 /**
- * Tracks taint flow for reasoning about when an `UntrustedFlowSource` flows
+ * Tracks taint flow for reasoning about when an `RemoteFlowSource` flows
 * somewhere.
 */
 module FromUntrustedFlow = TaintTracking::Global<FromUntrustedConfig>;
 /**
- * Holds if the provided `allowOriginHW` is also destination of a `UntrustedFlowSource`.
+ * Holds if the provided `allowOriginHW` is also destination of a `RemoteFlowSource`.
 */
 predicate flowsToGuardedByCheckOnUntrusted(DataFlow::ExprNode allowOriginHW) {
  exists(DataFlow::Node sink, ControlFlow::ConditionGuardNode cgn |
--- a/go/ql/src/experimental/frameworks/CleverGo.json
+++ b/go/ql/src/experimental/frameworks/CleverGo.json
@@ -3,7 +3,7 @@
   "Models": [
      {
         "Name": "UntrustedSources",
-         "Kind": "UntrustedFlowSource",
+         "Kind": "RemoteFlowSource",
         "Methods": [
            {
               "Name": "{source:[](Param|Result|Fields|Type)} \u003c- $source",
--- a/go/ql/src/experimental/frameworks/CleverGo.qll
+++ b/go/ql/src/experimental/frameworks/CleverGo.qll
@@ -16,7 +16,7 @@ private module CleverGo {
  /**
   * Provides models of untrusted flow sources.
   */
-  private class UntrustedSources extends UntrustedFlowSource::Range {
+  private class UntrustedSources extends RemoteFlowSource::Range {
    UntrustedSources() {
      // Methods on types of package: clevergo.tech/clevergo@v0.5.2
      exists(string receiverName, string methodName, Method mtd, FunctionOutput out |
--- a/go/ql/src/experimental/frameworks/DecompressionBombs.qll
+++ b/go/ql/src/experimental/frameworks/DecompressionBombs.qll
@@ -4,7 +4,7 @@
 import go
-class MimeMultipartFileHeader extends UntrustedFlowSource::Range {
+class MimeMultipartFileHeader extends RemoteFlowSource::Range {
  MimeMultipartFileHeader() {
    exists(DataFlow::FieldReadNode frn | this = frn |
      frn.getField().hasQualifiedName("mime/multipart", "FileHeader", ["Filename", "Header"])
@@ -29,7 +29,7 @@ module DecompressionBomb {
    class FlowState = DecompressionBombs::FlowState;
    predicate isSource(DataFlow::Node source, FlowState state) {
-      source instanceof UntrustedFlowSource and
+      source instanceof RemoteFlowSource and
      state = ""
    }
--- a/go/ql/src/experimental/frameworks/Fiber.json
+++ b/go/ql/src/experimental/frameworks/Fiber.json
@@ -729,7 +729,7 @@
      },
      {
         "Name": "UntrustedFlowSources",
-         "Kind": "UntrustedFlowSource",
+         "Kind": "RemoteFlowSource",
         "Methods": [
            {
               "Name": "{source:[](Param|Result|Fields|Type)} \u003c- $source",
--- a/go/ql/src/experimental/frameworks/Fiber.qll
+++ b/go/ql/src/experimental/frameworks/Fiber.qll
@@ -295,7 +295,7 @@ private module Fiber {
  /**
   * Provides models of untrusted flow sources.
   */
-  private class UntrustedFlowSources extends UntrustedFlowSource::Range {
+  private class UntrustedFlowSources extends RemoteFlowSource::Range {
    UntrustedFlowSources() {
      // Methods on types of package: github.com/gofiber/fiber@v1.14.6
      exists(string receiverName, string methodName, Method mtd, FunctionOutput out |
--- a/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.ql
+++ b/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.ql
@@ -10,7 +10,7 @@ module UntrustedFlowSourceTest implements TestSig {
    exists(DataFlow::CallNode sinkCall, DataFlow::ArgumentNode arg |
      sinkCall.getCalleeName() = "sink" and
      arg = sinkCall.getAnArgument() and
-      arg.getAPredecessor*() instanceof UntrustedFlowSource
+      arg.getAPredecessor*() instanceof RemoteFlowSource
    |
      element = arg.toString() and
      value = "" and
--- a/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.ql
+++ b/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.ql
@@ -10,7 +10,7 @@ module UntrustedFlowSourceTest implements TestSig {
    exists(DataFlow::CallNode sinkCall, DataFlow::ArgumentNode arg |
      sinkCall.getCalleeName() = "sink" and
      arg = sinkCall.getAnArgument() and
-      arg.getAPredecessor*() instanceof UntrustedFlowSource
+      arg.getAPredecessor*() instanceof RemoteFlowSource
    |
      element = arg.toString() and
      value = "" and
--- a/go/ql/test/library-tests/semmle/go/concepts/HTTP/UntrustedFlowSources.ql
+++ b/go/ql/test/library-tests/semmle/go/concepts/HTTP/UntrustedFlowSources.ql
@@ -1,3 +1,3 @@
 import go
-select any(UntrustedFlowSource ufs)
+select any(RemoteFlowSource ufs)
--- a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.ql
+++ b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.ql
@@ -6,7 +6,7 @@
 import go
 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node n) { any(ReturnStmt s).getAnExpr() = n.asExpr() }
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/AwsLambda/test.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/AwsLambda/test.ql
@@ -2,7 +2,7 @@ import go
 import TestUtilities.InlineFlowTest
 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) {
    exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
--- a/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/test.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/test.ql
@@ -7,7 +7,7 @@ module UntrustedFlowSourceTest implements TestSig {
  predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "untrustedflowsource" and
    value = element and
-    exists(UntrustedFlowSource src | value = "\"" + src.toString() + "\"" |
+    exists(RemoteFlowSource src | value = "\"" + src.toString() + "\"" |
      src.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
        location.getStartColumn(), location.getEndLine(), location.getEndColumn())
    )
--- a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.ql
@@ -6,7 +6,7 @@ class UntrustedFunction extends Function {
  UntrustedFunction() { this.getName() = ["getUntrustedString", "getUntrustedBytes"] }
 }
-class UntrustedSource extends DataFlow::Node, UntrustedFlowSource::Range {
+class UntrustedSource extends DataFlow::Node, RemoteFlowSource::Range {
  UntrustedSource() { this = any(UntrustedFunction f).getACall() }
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/UntrustedRemoteFlowSource.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/UntrustedRemoteFlowSource.ql
@@ -2,16 +2,16 @@ import go
 import TestUtilities.InlineExpectationsTest
 module FasthttpTest implements TestSig {
-  string getARelevantTag() { result = "UntrustedFlowSource" }
+  string getARelevantTag() { result = "RemoteFlowSource" }
  predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(UntrustedFlowSource source |
+    exists(RemoteFlowSource source |
      source
          .hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
            location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
      element = source.toString() and
      value = "\"" + source.toString() + "\"" and
-      tag = "UntrustedFlowSource"
+      tag = "RemoteFlowSource"
    )
  }
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go
@@ -96,7 +96,7 @@ func main() {
 func fasthttpServer() {
 	ln, _ := net.Listen("tcp4", "127.0.0.1:8080")
 	requestHandler := func(requestCtx *fasthttp.RequestCtx) {
-		filePath := requestCtx.QueryArgs().Peek("filePath") // $ UntrustedFlowSource="call to Peek"
+		filePath := requestCtx.QueryArgs().Peek("filePath") // $ RemoteFlowSource="call to Peek"
 		// File System Access
 		filePath_string := string(filePath)
 		_ = requestCtx.Response.SendFile(filePath_string) // $ FileSystemAccess=filePath_string
@@ -112,67 +112,67 @@ func fasthttpServer() {
 		dstReader := &bufio.Reader{}
 		// user controlled methods as source
 		requestHeader := &fasthttp.RequestHeader{}
-		requestHeader.Header()                         // $ UntrustedFlowSource="call to Header"
+		requestHeader.Header()                         // $ RemoteFlowSource="call to Header"
-		requestHeader.TrailerHeader()                  // $ UntrustedFlowSource="call to TrailerHeader"
+		requestHeader.TrailerHeader()                  // $ RemoteFlowSource="call to TrailerHeader"
-		requestHeader.String()                         // $ UntrustedFlowSource="call to String"
+		requestHeader.String()                         // $ RemoteFlowSource="call to String"
-		requestHeader.RequestURI()                     // $ UntrustedFlowSource="call to RequestURI"
+		requestHeader.RequestURI()                     // $ RemoteFlowSource="call to RequestURI"
-		requestHeader.Host()                           // $ UntrustedFlowSource="call to Host"
+		requestHeader.Host()                           // $ RemoteFlowSource="call to Host"
-		requestHeader.UserAgent()                      // $ UntrustedFlowSource="call to UserAgent"
+		requestHeader.UserAgent()                      // $ RemoteFlowSource="call to UserAgent"
-		requestHeader.ContentEncoding()                // $ UntrustedFlowSource="call to ContentEncoding"
+		requestHeader.ContentEncoding()                // $ RemoteFlowSource="call to ContentEncoding"
-		requestHeader.ContentType()                    // $ UntrustedFlowSource="call to ContentType"
+		requestHeader.ContentType()                    // $ RemoteFlowSource="call to ContentType"
-		requestHeader.Cookie("ACookie")                // $ UntrustedFlowSource="call to Cookie"
+		requestHeader.Cookie("ACookie")                // $ RemoteFlowSource="call to Cookie"
-		requestHeader.CookieBytes([]byte("ACookie"))   // $ UntrustedFlowSource="call to CookieBytes"
+		requestHeader.CookieBytes([]byte("ACookie"))   // $ RemoteFlowSource="call to CookieBytes"
-		requestHeader.MultipartFormBoundary()          // $ UntrustedFlowSource="call to MultipartFormBoundary"
+		requestHeader.MultipartFormBoundary()          // $ RemoteFlowSource="call to MultipartFormBoundary"
-		requestHeader.Peek("AHeaderName")              // $ UntrustedFlowSource="call to Peek"
+		requestHeader.Peek("AHeaderName")              // $ RemoteFlowSource="call to Peek"
-		requestHeader.PeekAll("AHeaderName")           // $ UntrustedFlowSource="call to PeekAll"
+		requestHeader.PeekAll("AHeaderName")           // $ RemoteFlowSource="call to PeekAll"
-		requestHeader.PeekBytes([]byte("AHeaderName")) // $ UntrustedFlowSource="call to PeekBytes"
+		requestHeader.PeekBytes([]byte("AHeaderName")) // $ RemoteFlowSource="call to PeekBytes"
-		requestHeader.PeekKeys()                       // $ UntrustedFlowSource="call to PeekKeys"
+		requestHeader.PeekKeys()                       // $ RemoteFlowSource="call to PeekKeys"
-		requestHeader.PeekTrailerKeys()                // $ UntrustedFlowSource="call to PeekTrailerKeys"
+		requestHeader.PeekTrailerKeys()                // $ RemoteFlowSource="call to PeekTrailerKeys"
-		requestHeader.Referer()                        // $ UntrustedFlowSource="call to Referer"
+		requestHeader.Referer()                        // $ RemoteFlowSource="call to Referer"
-		requestHeader.RawHeaders()                     // $ UntrustedFlowSource="call to RawHeaders"
+		requestHeader.RawHeaders()                     // $ RemoteFlowSource="call to RawHeaders"
 		// multipart.Form is already implemented
 		// requestCtx.MultipartForm()
-		requestCtx.URI().Path()            // $ UntrustedFlowSource="call to Path"
+		requestCtx.URI().Path()            // $ RemoteFlowSource="call to Path"
-		requestCtx.URI().PathOriginal()    // $ UntrustedFlowSource="call to PathOriginal"
+		requestCtx.URI().PathOriginal()    // $ RemoteFlowSource="call to PathOriginal"
-		requestCtx.URI().FullURI()         // $ UntrustedFlowSource="call to FullURI"
+		requestCtx.URI().FullURI()         // $ RemoteFlowSource="call to FullURI"
-		requestCtx.URI().LastPathSegment() // $ UntrustedFlowSource="call to LastPathSegment"
+		requestCtx.URI().LastPathSegment() // $ RemoteFlowSource="call to LastPathSegment"
-		requestCtx.URI().QueryString()     // $ UntrustedFlowSource="call to QueryString"
+		requestCtx.URI().QueryString()     // $ RemoteFlowSource="call to QueryString"
-		requestCtx.URI().String()          // $ UntrustedFlowSource="call to String"
+		requestCtx.URI().String()          // $ RemoteFlowSource="call to String"
 		//or requestCtx.PostArgs()
-		requestCtx.URI().QueryArgs().Peek("arg1")                   // $ UntrustedFlowSource="call to Peek"
+		requestCtx.URI().QueryArgs().Peek("arg1")                   // $ RemoteFlowSource="call to Peek"
-		requestCtx.URI().QueryArgs().PeekBytes([]byte("arg1"))      // $ UntrustedFlowSource="call to PeekBytes"
+		requestCtx.URI().QueryArgs().PeekBytes([]byte("arg1"))      // $ RemoteFlowSource="call to PeekBytes"
-		requestCtx.URI().QueryArgs().PeekMulti("arg1")              // $ UntrustedFlowSource="call to PeekMulti"
+		requestCtx.URI().QueryArgs().PeekMulti("arg1")              // $ RemoteFlowSource="call to PeekMulti"
-		requestCtx.URI().QueryArgs().PeekMultiBytes([]byte("arg1")) // $ UntrustedFlowSource="call to PeekMultiBytes"
+		requestCtx.URI().QueryArgs().PeekMultiBytes([]byte("arg1")) // $ RemoteFlowSource="call to PeekMultiBytes"
-		requestCtx.URI().QueryArgs().QueryString()                  // $ UntrustedFlowSource="call to QueryString"
+		requestCtx.URI().QueryArgs().QueryString()                  // $ RemoteFlowSource="call to QueryString"
-		requestCtx.URI().QueryArgs().String()                       // $ UntrustedFlowSource="call to String"
+		requestCtx.URI().QueryArgs().String()                       // $ RemoteFlowSource="call to String"
-		requestCtx.String()                                         // $ UntrustedFlowSource="call to String"
+		requestCtx.String()                                         // $ RemoteFlowSource="call to String"
-		requestCtx.Path() // $ UntrustedFlowSource="call to Path"
+		requestCtx.Path() // $ RemoteFlowSource="call to Path"
 		// multipart.Form is already implemented
 		// requestCtx.FormFile("FileName")
 		// requestCtx.FormValue("ValueName")
-		requestCtx.Referer()           // $ UntrustedFlowSource="call to Referer"
+		requestCtx.Referer()           // $ RemoteFlowSource="call to Referer"
-		requestCtx.PostBody()          // $ UntrustedFlowSource="call to PostBody"
+		requestCtx.PostBody()          // $ RemoteFlowSource="call to PostBody"
-		requestCtx.RequestBodyStream() // $ UntrustedFlowSource="call to RequestBodyStream"
+		requestCtx.RequestBodyStream() // $ RemoteFlowSource="call to RequestBodyStream"
-		requestCtx.RequestURI()        // $ UntrustedFlowSource="call to RequestURI"
+		requestCtx.RequestURI()        // $ RemoteFlowSource="call to RequestURI"
-		requestCtx.UserAgent()         // $ UntrustedFlowSource="call to UserAgent"
+		requestCtx.UserAgent()         // $ RemoteFlowSource="call to UserAgent"
-		requestCtx.Host()              // $ UntrustedFlowSource="call to Host"
+		requestCtx.Host()              // $ RemoteFlowSource="call to Host"
-		requestCtx.Request.Host()                         // $ UntrustedFlowSource="call to Host"
+		requestCtx.Request.Host()                         // $ RemoteFlowSource="call to Host"
-		requestCtx.Request.Body()                         // $ UntrustedFlowSource="call to Body"
+		requestCtx.Request.Body()                         // $ RemoteFlowSource="call to Body"
-		requestCtx.Request.RequestURI()                   // $ UntrustedFlowSource="call to RequestURI"
+		requestCtx.Request.RequestURI()                   // $ RemoteFlowSource="call to RequestURI"
-		body1, _ := requestCtx.Request.BodyGunzip()       // $ UntrustedFlowSource="... := ...[0]"
+		body1, _ := requestCtx.Request.BodyGunzip()       // $ RemoteFlowSource="... := ...[0]"
-		body2, _ := requestCtx.Request.BodyInflate()      // $ UntrustedFlowSource="... := ...[0]"
+		body2, _ := requestCtx.Request.BodyInflate()      // $ RemoteFlowSource="... := ...[0]"
-		body3, _ := requestCtx.Request.BodyUnbrotli()     // $ UntrustedFlowSource="... := ...[0]"
+		body3, _ := requestCtx.Request.BodyUnbrotli()     // $ RemoteFlowSource="... := ...[0]"
-		body4, _ := requestCtx.Request.BodyUncompressed() // $ UntrustedFlowSource="... := ...[0]"
+		body4, _ := requestCtx.Request.BodyUncompressed() // $ RemoteFlowSource="... := ...[0]"
 		fmt.Println(body1, body2, body3, body4)
-		requestCtx.Request.BodyStream() // $ UntrustedFlowSource="call to BodyStream"
+		requestCtx.Request.BodyStream() // $ RemoteFlowSource="call to BodyStream"
-		requestCtx.Request.ReadBody(dstReader, 100, 1000)               // $ UntrustedFlowSource="dstReader"
+		requestCtx.Request.ReadBody(dstReader, 100, 1000)               // $ RemoteFlowSource="dstReader"
-		requestCtx.Request.ReadLimitBody(dstReader, 100)                // $ UntrustedFlowSource="dstReader"
+		requestCtx.Request.ReadLimitBody(dstReader, 100)                // $ RemoteFlowSource="dstReader"
-		requestCtx.Request.ContinueReadBodyStream(dstReader, 100, true) // $ UntrustedFlowSource="dstReader"
+		requestCtx.Request.ContinueReadBodyStream(dstReader, 100, true) // $ RemoteFlowSource="dstReader"
-		requestCtx.Request.ContinueReadBody(dstReader, 100)             // $ UntrustedFlowSource="dstReader"
+		requestCtx.Request.ContinueReadBody(dstReader, 100)             // $ RemoteFlowSource="dstReader"
 		// Response methods
 		// Xss Sinks Related method
--- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.ql
@@ -1,3 +1,3 @@
 import go
-select any(UntrustedFlowSource src)
+select any(RemoteFlowSource src)
--- a/go/ql/test/library-tests/semmle/go/frameworks/GoKit/untrustedflowsource.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/GoKit/untrustedflowsource.ql
@@ -5,7 +5,7 @@ module UntrustedFlowSourceTest implements TestSig {
  string getARelevantTag() { result = "source" }
  predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(UntrustedFlowSource source |
+    exists(RemoteFlowSource source |
      source
          .hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
            location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
--- a/go/ql/test/library-tests/semmle/go/frameworks/Macaron/Sources.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Macaron/Sources.ql
@@ -2,15 +2,15 @@ import go
 import TestUtilities.InlineExpectationsTest
 module UntrustedFlowSourceTest implements TestSig {
-  string getARelevantTag() { result = "UntrustedFlowSource" }
+  string getARelevantTag() { result = "RemoteFlowSource" }
  predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(UntrustedFlowSource src |
+    exists(RemoteFlowSource src |
      src.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
      element = src.toString() and
      value = "" and
-      tag = "UntrustedFlowSource"
+      tag = "RemoteFlowSource"
    )
  }
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/Macaron/sources.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Macaron/sources.go
@@ -7,16 +7,16 @@ import (
 )
 func sources(ctx *macaron.Context, body *macaron.RequestBody) {
-	_ = ctx.AllParams()                     // $UntrustedFlowSource
+	_ = ctx.AllParams()                     // $RemoteFlowSource
-	_ = ctx.GetCookie("")                   // $UntrustedFlowSource
+	_ = ctx.GetCookie("")                   // $RemoteFlowSource
-	_, _ = ctx.GetSecureCookie("")          // $UntrustedFlowSource
+	_, _ = ctx.GetSecureCookie("")          // $RemoteFlowSource
-	_, _ = ctx.GetSuperSecureCookie("", "") // $UntrustedFlowSource
+	_, _ = ctx.GetSuperSecureCookie("", "") // $RemoteFlowSource
-	_, _, _ = ctx.GetFile("")               // $UntrustedFlowSource
+	_, _, _ = ctx.GetFile("")               // $RemoteFlowSource
-	_ = ctx.Params("")                      // $UntrustedFlowSource
+	_ = ctx.Params("")                      // $RemoteFlowSource
-	_ = ctx.ParamsEscape("")                // $UntrustedFlowSource
+	_ = ctx.ParamsEscape("")                // $RemoteFlowSource
-	_ = ctx.Query("")                       // $UntrustedFlowSource
+	_ = ctx.Query("")                       // $RemoteFlowSource
-	_ = ctx.QueryEscape("")                 // $UntrustedFlowSource
+	_ = ctx.QueryEscape("")                 // $RemoteFlowSource
-	_ = ctx.QueryStrings("")                // $UntrustedFlowSource
+	_ = ctx.QueryStrings("")                // $RemoteFlowSource
-	_, _ = body.Bytes()                     // $UntrustedFlowSource
+	_, _ = body.Bytes()                     // $RemoteFlowSource
-	_, _ = body.String()                    // $UntrustedFlowSource
+	_, _ = body.String()                    // $RemoteFlowSource
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/Mux/UntrustedFlowSources.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Mux/UntrustedFlowSources.ql
@@ -1,3 +1,3 @@
 import go
-select any(UntrustedFlowSource ufs)
+select any(RemoteFlowSource ufs)
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/test.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/test.ql
@@ -8,7 +8,7 @@ class Sink extends DataFlow::Node {
 }
 private module TestConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 }
`@@ -1,3 +1,3 @@`
	`import go`	`import go`

	`select any(UntrustedFlowSource ufs)`	`select any(RemoteFlowSource ufs)`