Rename threat model kinds

standard --> default
exansive --> all
sql --> database

java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ext.yml

@@ -29,6 +29,6 @@ extensions:
 
   # - addsTo:
   #     pack: codeql/java-all
-  #     extensible: supportedThreatModel
+  #     extensible: supportedThreatModels
   #   data:
   #     - ["kotlinMadFlowTest"]

java/ql/lib/ext/threat-grouping.model.yml

@@ -16,23 +16,23 @@ extensions:
     data:
       # Create a few
       # Package java.sql
-      - ["java.sql", "PreparedStatement", True, "executeQuery", "()", "", "ReturnValue", "sql", "manual"]
-      - ["java.sql", "PreparedStatement", True, "getMetaData", "()", "", "ReturnValue", "sql", "manual"]
-      - ["java.sql", "PreparedStatement", True, "getParameterMetaData", "", "", "ReturnValue", "sql", "manual"]
-      - ["java.sql", "Statement", True, "executeQuery", "(String)", "", "ReturnValue", "sql", "manual"]
-      - ["java.sql", "Statement", True, "getResultSet", "()", "", "ReturnValue", "sql", "manual"]
-      - ["java.sql", "Statement", True, "getGeneratedKeys", "()", "", "ReturnValue", "sql", "manual"]
-      - ["java.sql", "Statement", True, "getConnection", "()", "", "ReturnValue", "sql", "manual"]
+      - ["java.sql", "PreparedStatement", True, "executeQuery", "()", "", "ReturnValue", "database", "manual"]
+      - ["java.sql", "PreparedStatement", True, "getMetaData", "()", "", "ReturnValue", "database", "manual"]
+      - ["java.sql", "PreparedStatement", True, "getParameterMetaData", "", "", "ReturnValue", "database", "manual"]
+      - ["java.sql", "Statement", True, "executeQuery", "(String)", "", "ReturnValue", "database", "manual"]
+      - ["java.sql", "Statement", True, "getResultSet", "()", "", "ReturnValue", "database", "manual"]
+      - ["java.sql", "Statement", True, "getGeneratedKeys", "()", "", "ReturnValue", "database", "manual"]
+      - ["java.sql", "Statement", True, "getConnection", "()", "", "ReturnValue", "database", "manual"]
       # Package org.hibernate
-      - ["org.hibernate", "Query", True, "list", "()", "", ReturnValue", "sql", "manual"]
-      - ["org.hibernate", "Query", True, "scroll", "", "", ReturnValue", "sql", "manual"]
-      - ["org.hibernate", "Query", True, "iterate", "", "", ReturnValue", "sql", "manual"]
+      - ["org.hibernate", "Query", True, "list", "()", "", ReturnValue", "database", "manual"]
+      - ["org.hibernate", "Query", True, "scroll", "", "", ReturnValue", "database", "manual"]
+      - ["org.hibernate", "Query", True, "iterate", "", "", ReturnValue", "database", "manual"]
       # Package org.jooq
-      - ["org.jooq", "ResultQuery", True, "fetch", "()", "", "ReturnValue", "sql", "manual"]
-      - ["org.jooq", "ResultQuery", True, "iterator", "()", "", "ReturnValue", "sql", "manual"]
+      - ["org.jooq", "ResultQuery", True, "fetch", "()", "", "ReturnValue", "database", "manual"]
+      - ["org.jooq", "ResultQuery", True, "iterator", "()", "", "ReturnValue", "database", "manual"]
       # Package org.springframework.jdbc.object
-      - ["org.springframework.jdbc.object", "SqlQuery", True, "execute", "", "", "ReturnValue", "sql", "manual"]
-      - ["org.springframework.jdbc.object", "SqlQuery", True, "executeByNamedParam", "", "", "ReturnValue", "sql", "manual"]
+      - ["org.springframework.jdbc.object", "SqlQuery", True, "execute", "", "", "ReturnValue", "database", "manual"]
+      - ["org.springframework.jdbc.object", "SqlQuery", True, "executeByNamedParam", "", "", "ReturnValue", "database", "manual"]
 
 
   # Create a graph of parent-child relationships between threat models and their kinds
@@ -46,18 +46,18 @@ extensions:
       - ["contentprovider", "android"]
       - ["request", "remote"]
       - ["response", "remote"]
-      - ["sql", "local"]
-      # - ["remote", "standard"]
+      - ["database", "local"]
+      # - ["remote", "default"]
 
-      # Not sure if these should really go in the standard threat model, but we need them for tests to pass
-      # - ["android-external-storage-dir", "standard"]
-      # - ["contentprovider", "standard"]
-      # - ["android-widget", "standard"]
-      # - ["android-web-resource-response", "standard"]
-      # - ["uri-path", "standard"]
+      # Not sure if these should really go in the default threat model, but we need them for tests to pass
+      # - ["android-external-storage-dir", "default"]
+      # - ["contentprovider", "default"]
+      # - ["android-widget", "default"]
+      # - ["android-web-resource-response", "default"]
+      # - ["uri-path", "default"]
 
-  # Provide a default, empty supportedThreatModel
+  # Provide a default, empty supportedThreatModels
   - addsTo:
       pack: codeql/java-all
-      extensible: supportedThreatModel
+      extensible: supportedThreatModels
     data: []

java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll

@@ -8,7 +8,7 @@ private import ExternalFlowExtensions
 /**
  * Holds if the specified kind of source model is supported for the current query.
  */
-extensible private predicate supportedThreatModel(string kind);
+extensible private predicate supportedThreatModels(string kind);
 
 /**
  * Holds if the specified kind of source model is containted within the specified group.
@@ -39,21 +39,21 @@ private string childThreatModel(string group) {
  */
 bindingset[kind]
 predicate supportedSourceModel(string kind) {
-  // expansive threat model includes all kinds
-  supportedThreatModel("expansive")
+  // all threat model includes all kinds
+  supportedThreatModels("all")
   or
   // check if this kind is supported directly
-  supportedThreatModel(kind)
+  supportedThreatModels(kind)
   or
   // check if one of this kind's ancestors are supported
-  exists(string group | group = parentThreatModel(kind) | supportedThreatModel(group))
+  exists(string group | group = parentThreatModel(kind) | supportedThreatModels(group))
   or
-  // if supportedThreatModel is empty, check if kind is a subtype of "standard"
-  not supportedThreatModel(_) and
-  ("standard" = parentThreatModel(kind) or "standard" = kind)
+  // if supportedThreatModels is empty, check if kind is a subtype of "default"
+  not supportedThreatModels(_) and
+  ("default" = parentThreatModel(kind) or "default" = kind)
 }
 
-private string getGlobalGroups() { result = ["standard", "expansive"] }
+private string getGlobalGroups() { result = ["default", "all"] }
 
 /**
  * A class that represents a kind of any model or group.
@@ -66,7 +66,7 @@ private class Kind extends string {
     experimentalSourceModel(_, _, _, _, _, _, _, this, _, _) or
     experimentalSinkModel(_, _, _, _, _, _, _, this, _, _) or
     experimentalSummaryModel(_, _, _, _, _, _, _, _, this, _, _) or
-    supportedThreatModel(this) or
+    supportedThreatModels(this) or
     threatModelGrouping(this, _) or
     threatModelGrouping(_, this) or
     this = getGlobalGroups()
@@ -81,12 +81,12 @@ string relatedSourceModel(Kind kind) {
   result = kind
   or
   // Use all kinds regardless of the query.
-  supportedThreatModel("expansive") and
+  supportedThreatModels("all") and
   result = kind and
   sourceModel(_, _, _, _, _, _, _, result, _)
   or
-  // Use the kinds that are provided by the threat model in case it is not standard or expansive.
-  exists(string model | not model = getGlobalGroups() and supportedThreatModel(model) |
+  // Use the kinds that are provided by the threat model in case it is not default or all.
+  exists(string model | not model = getGlobalGroups() and supportedThreatModels(model) |
     result = model
     or
     exists(string child | child = childThreatModel(model) | result = child)

java/ql/test/experimental/configured-flow/Test.java

@@ -20,8 +20,8 @@ class Test {
     handle.executeUpdate("INSERT INTO foo VALUES ('" + byteToString(data) + "')");
   }
 
-  public void M2(Statement handle) throws Exception {    
-    // Only a source if "sql" is a selected threat model
+  public void M2(Statement handle) throws Exception {
+    // Only a source if "database" is a selected threat model
     ResultSet rs = handle.executeQuery("SELECT * FROM foo");
 
     // Sink

java/ql/test/experimental/configured-flow/sql-tainted2.ext.yml

@@ -2,6 +2,6 @@ extensions:
 
   - addsTo:
       pack: codeql/java-tests
-      extensible: supportedThreatModel
+      extensible: supportedThreatModels
     data:
-      - ["sql"]
+      - ["database"]

java/ql/test/experimental/configured-flow/test-all.ext.yml

@@ -2,7 +2,7 @@ extensions:
 
   - addsTo:
       pack: codeql/java-tests
-      extensible: supportedThreatModel
+      extensible: supportedThreatModels
     data:
       - ["remote"]
-      - ["sql"]
+      - ["database"]

java/ql/test/experimental/configured-flow/test-hardcoded-all.ext.yml

@@ -2,7 +2,7 @@ extensions:
 
   - addsTo:
       pack: codeql/java-tests
-      extensible: supportedThreatModel
+      extensible: supportedThreatModels
     data:
       - ["remote"]
-      - ["sql"]
+      - ["database"]

java/ql/test/experimental/configured-flow/test-hardcoded-remote.ext.yml

@@ -2,6 +2,6 @@ extensions:
 
   - addsTo:
       pack: codeql/java-tests
-      extensible: supportedThreatModel
+      extensible: supportedThreatModels
     data:
       - ["remote"]

java/ql/test/experimental/configured-flow/test-hardcoded-sql.ext.yml

@@ -2,6 +2,6 @@ extensions:
 
   - addsTo:
       pack: codeql/java-tests
-      extensible: supportedThreatModel
+      extensible: supportedThreatModels
     data:
-      - ["sql"]
+      - ["database"]

java/ql/test/experimental/configured-flow/test-hardcoded-standard.ext.yml

@@ -2,6 +2,6 @@ extensions:
 
   - addsTo:
       pack: codeql/java-tests
-      extensible: supportedThreatModel
+      extensible: supportedThreatModels
     data:
-      - ["standard"]
+      - ["default"]

java/ql/test/experimental/configured-flow/test-relatedsourcemodels1.ext.yml

@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/java-tests
-      extensible: supportedThreatModel
+      extensible: supportedThreatModels
     data:
-      - ["standard"]
+      - ["default"]

java/ql/test/experimental/configured-flow/test-relatedsourcemodels2.ext.yml

@@ -1,9 +1,9 @@
 extensions:
   - addsTo:
       pack: codeql/java-tests
-      extensible: supportedThreatModel
+      extensible: supportedThreatModels
     data:
-      - ["standard"]
+      - ["default"]
       - ["group1"]
 
   - addsTo:

java/ql/test/experimental/configured-flow/test-remote.ext.yml

@@ -2,6 +2,6 @@ extensions:
 
   - addsTo:
       pack: codeql/java-tests
-      extensible: supportedThreatModel
+      extensible: supportedThreatModels
     data:
       - ["remote"]

java/ql/test/experimental/configured-flow/test-sql.ext.yml

@@ -2,6 +2,6 @@ extensions:
 
   - addsTo:
       pack: codeql/java-tests
-      extensible: supportedThreatModel
+      extensible: supportedThreatModels
     data:
-      - ["sql"]
+      - ["database"]

java/ql/test/library-tests/dataflow/external-models/srcs.ext.yml

@@ -22,7 +22,7 @@ extensions:
 
   # - addsTo:
   #     pack: codeql/java-all
-  #     extensible: supportedThreatModel
+  #     extensible: supportedThreatModels
   #   data:
   #     - ["standard"]
   #     - ["qltest"]