Merge pull request #16250 from owen-mc/go/rename-untrusted-flow-source

Go: Rename `UntrustedFlowSource` to `RemoteFlowSource` to match other language libraries
2025-12-17 01:03:14 +01:00 · 2024-04-24 11:37:00 +01:00
parent 037114b336 0311888fd4
commit f828f8ea65
75 changed files with 359 additions and 273 deletions
--- a/docs/codeql/codeql-language-guides/modeling-data-flow-in-go-libraries.rst
+++ b/docs/codeql/codeql-language-guides/modeling-data-flow-in-go-libraries.rst
@@ -15,14 +15,14 @@ Sources
 -------
 To mark a source of data that is controlled by an untrusted user, we
-create a class extending ``UntrustedFlowSource::Range``. Inheritance and
+create a class extending ``RemoteFlowSource::Range``. Inheritance and
 the characteristic predicate of the class should be used to specify
 exactly the dataflow node that introduces the data. Here is a short
 example from ``Mux.qll``.
 .. code-block:: ql
-   class RequestVars extends DataFlow::UntrustedFlowSource::Range, DataFlow::CallNode {
+   class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
     RequestVars() { this.getTarget().hasQualifiedName("github.com/gorilla/mux", "Vars") }
   }
--- a/go/docs/language/learn-ql/go/library-modeling-go.rst
+++ b/go/docs/language/learn-ql/go/library-modeling-go.rst
@@ -13,14 +13,14 @@ Sources
 -------
 To mark a source of data that is controlled by an untrusted user, we
-create a class extending ``UntrustedFlowSource::Range``. Inheritance and
+create a class extending ``RemoteFlowSource::Range``. Inheritance and
 the characteristic predicate of the class should be used to specify
 exactly the dataflow node that introduces the data. Here is a short
 example from ``Mux.qll``.
 .. code-block:: ql
-   class RequestVars extends DataFlow::UntrustedFlowSource::Range, DataFlow::CallNode {
+   class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
     RequestVars() { this.getTarget().hasQualifiedName("github.com/gorilla/mux", "Vars") }
   }
@@ -119,4 +119,4 @@ Here is a short example from ``Stdlib.qll``, which has been slightly simplified.
 This has the effect that any call to ``Print``, ``Printf``, or
 ``Println`` in the package ``fmt`` is recognized as a logger call.
 Any query that uses logger calls as a sink will then identify when tainted data 
-has been passed as an argument to ``Print``, ``Printf``, or ``Println``.
+has been passed as an argument to ``Print``, ``Printf``, or ``Println``.
--- a/go/ql/lib/change-notes/2024-04-18-untrustedflowsource-renamed-remoteflowsource.md
+++ b/go/ql/lib/change-notes/2024-04-18-untrustedflowsource-renamed-remoteflowsource.md
@@ -0,0 +1,5 @@
 ---
 category: deprecated
 ---
 * To make Go consistent with other language libraries, the `UntrustedFlowSource` name has been deprecated throughout. Use `RemoteFlowSource` instead, which replaces it. 
 * Where modules have classes named `UntrustedFlowAsSource`, these are also deprecated and the `Source` class in the same module or the `RemoteFlowSource` class should be used instead.
--- a/go/ql/lib/semmle/go/frameworks/AwsLambda.qll
+++ b/go/ql/lib/semmle/go/frameworks/AwsLambda.qll
@@ -1,12 +1,12 @@
 /**
- * Provides classes for working with untrusted flow sources, sinks and taint propagators
+ * Provides classes for working with remote flow sources, sinks and taint propagators
 * from the `github.com/aws/aws-lambda-go/lambda` package.
 */
 import go
 /** A source of input data in an AWS Lambda. */
-private class LambdaInput extends UntrustedFlowSource::Range {
+private class LambdaInput extends RemoteFlowSource::Range {
  LambdaInput() {
    exists(Parameter p | p = this.asParameter() |
      p = any(HandlerFunction hf).getAParameter() and
--- a/go/ql/lib/semmle/go/frameworks/Beego.qll
+++ b/go/ql/lib/semmle/go/frameworks/Beego.qll
@@ -1,5 +1,5 @@
 /**
- * Provides classes for working with untrusted flow sources, sinks and taint propagators
+ * Provides classes for working with remote flow sources, sinks and taint propagators
 * from the `github.com/beego/beego` package.
 */
@@ -9,7 +9,7 @@ private import semmle.go.security.SafeUrlFlowCustomizations
 // Some TaintTracking::FunctionModel subclasses remain because varargs functions don't work with Models-as-Data sumamries yet.
 /**
- * Provides classes for working with untrusted flow sources, sinks and taint propagators
+ * Provides classes for working with remote flow sources, sinks and taint propagators
 * from the [Beego](https://github.com/beego/beego) package.
 */
 module Beego {
@@ -50,7 +50,7 @@ module Beego {
  /**
   * `BeegoInput` sources of untrusted data.
   */
-  private class BeegoInputSource extends UntrustedFlowSource::Range {
+  private class BeegoInputSource extends RemoteFlowSource::Range {
    string methodName;
    BeegoInputSource() {
@@ -81,7 +81,7 @@ module Beego {
  /**
   * `beego.Controller` sources of untrusted data.
   */
-  private class BeegoControllerSource extends UntrustedFlowSource::Range {
+  private class BeegoControllerSource extends RemoteFlowSource::Range {
    BeegoControllerSource() {
      exists(string methodName, FunctionOutput output |
        methodName = "ParseForm" and
@@ -105,7 +105,7 @@ module Beego {
  /**
   * `BeegoInputRequestBody` sources of untrusted data.
   */
-  private class BeegoInputRequestBodySource extends UntrustedFlowSource::Range {
+  private class BeegoInputRequestBodySource extends RemoteFlowSource::Range {
    BeegoInputRequestBodySource() {
      exists(DataFlow::FieldReadNode frn | this = frn |
        frn.getField().hasQualifiedName(contextPackagePath(), "BeegoInput", "RequestBody")
@@ -116,7 +116,7 @@ module Beego {
  /**
   * `beego/context.Context` sources of untrusted data.
   */
-  private class BeegoContextSource extends UntrustedFlowSource::Range {
+  private class BeegoContextSource extends RemoteFlowSource::Range {
    BeegoContextSource() {
      exists(Method m | m.hasQualifiedName(contextPackagePath(), "Context", "GetCookie") |
        this = m.getACall().getResult()
--- a/go/ql/lib/semmle/go/frameworks/BeegoOrm.qll
+++ b/go/ql/lib/semmle/go/frameworks/BeegoOrm.qll
@@ -1,5 +1,5 @@
 /**
- * Provides classes for working with untrusted flow sources, sinks and taint propagators
+ * Provides classes for working with remote flow sources, sinks and taint propagators
 * from the `github.com/astaxie/beego/orm` subpackage.
 */
@@ -7,7 +7,7 @@ import go
 private import semmle.go.security.StoredXssCustomizations
 /**
- * Provides classes for working with untrusted flow sources, sinks and taint propagators
+ * Provides classes for working with remote flow sources, sinks and taint propagators
 * from the [Beego ORM](https://github.com/astaxie/beego/orm) subpackage.
 */
 module BeegoOrm {
--- a/go/ql/lib/semmle/go/frameworks/Chi.qll
+++ b/go/ql/lib/semmle/go/frameworks/Chi.qll
@@ -1,5 +1,5 @@
 /**
- * Provides classes for working with untrusted flow sources from the `github.com/go-chi/chi` package.
+ * Provides classes for working with remote flow sources from the `github.com/go-chi/chi` package.
 */
 import go
@@ -9,18 +9,18 @@ private module Chi {
  string packagePath() { result = package("github.com/go-chi/chi", "") }
  /**
-   * Functions that extract URL parameters, considered as a source of untrusted flow.
+   * Functions that extract URL parameters, considered as a source of remote flow.
   */
-  private class UserControlledFunction extends UntrustedFlowSource::Range, DataFlow::CallNode {
+  private class UserControlledFunction extends RemoteFlowSource::Range, DataFlow::CallNode {
    UserControlledFunction() {
      this.getTarget().hasQualifiedName(packagePath(), ["URLParam", "URLParamFromCtx"])
    }
  }
  /**
-   * Methods that extract URL parameters, considered as a source of untrusted flow.
+   * Methods that extract URL parameters, considered as a source of remote flow.
   */
-  private class UserControlledRequestMethod extends UntrustedFlowSource::Range,
+  private class UserControlledRequestMethod extends RemoteFlowSource::Range,
    DataFlow::MethodCallNode
  {
    UserControlledRequestMethod() {
--- a/go/ql/lib/semmle/go/frameworks/Echo.qll
+++ b/go/ql/lib/semmle/go/frameworks/Echo.qll
@@ -1,5 +1,5 @@
 /**
- * Provides classes for working with untrusted flow sources, taint propagators, and HTTP sinks
+ * Provides classes for working with remote flow sources, taint propagators, and HTTP sinks
 * from the `github.com/labstack/echo` package.
 */
@@ -10,9 +10,9 @@ private module Echo {
  private string packagePath() { result = package("github.com/labstack/echo", "") }
  /**
-   * Data from a `Context` interface method, considered as a source of untrusted flow.
+   * Data from a `Context` interface method, considered as a source of remote flow.
   */
-  private class EchoContextSource extends UntrustedFlowSource::Range {
+  private class EchoContextSource extends RemoteFlowSource::Range {
    EchoContextSource() {
      exists(DataFlow::MethodCallNode call, string methodName |
        methodName =
@@ -42,7 +42,7 @@ private module Echo {
  /**
   * A call to a method on `Context` struct that unmarshals data into a target.
   */
-  private class EchoContextBinder extends UntrustedFlowSource::Range {
+  private class EchoContextBinder extends RemoteFlowSource::Range {
    EchoContextBinder() {
      exists(DataFlow::MethodCallNode call |
        call.getTarget().hasQualifiedName(packagePath(), "Context", "Bind")
--- a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
+++ b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
@@ -95,7 +95,7 @@ module ElazarlGoproxy {
    }
  }
-  private class UserControlledRequestData extends UntrustedFlowSource::Range {
+  private class UserControlledRequestData extends RemoteFlowSource::Range {
    UserControlledRequestData() {
      exists(DataFlow::FieldReadNode frn | this = frn |
        // liberally consider ProxyCtx.UserData to be untrusted; it's a data field set by a request handler
--- a/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
@@ -1,5 +1,5 @@
 /**
- * Provides classes for working with untrusted flow sources, sinks and taint propagators
+ * Provides classes for working with remote flow sources, sinks and taint propagators
 * from the `github.com/valyala/fasthttp` package.
 */
@@ -255,11 +255,16 @@ module Fasthttp {
   * Provide modeling for fasthttp.URI Type.
   */
  module URI {
    /**
     * DEPRECATED: Use `RemoteFlowSource` instead.
     */
    deprecated class UntrustedFlowSource = RemoteFlowSource;
    /**
     * The methods as Remote user controllable source which are part of the incoming URL.
     */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+      RemoteFlowSource() {
        exists(Method m |
          m.hasQualifiedName(packagePath(), "URI",
            ["FullURI", "LastPathSegment", "Path", "PathOriginal", "QueryString", "String"]) and
@@ -273,13 +278,18 @@ module Fasthttp {
   * Provide modeling for fasthttp.Args Type.
   */
  module Args {
    /**
     * DEPRECATED: Use `RemoteFlowSource` instead.
     */
    deprecated class UntrustedFlowSource = RemoteFlowSource;
    /**
     * The methods as Remote user controllable source which are part of the incoming URL Parameters.
     *
     * When support for lambdas has been implemented we should model "VisitAll".
     */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+      RemoteFlowSource() {
        exists(Method m |
          m.hasQualifiedName(packagePath(), "Args",
            ["Peek", "PeekBytes", "PeekMulti", "PeekMultiBytes", "QueryString", "String"]) and
@@ -386,11 +396,16 @@ module Fasthttp {
   * Provide modeling for fasthttp.Request Type.
   */
  module Request {
    /**
     * DEPRECATED: Use `RemoteFlowSource` instead.
     */
    deprecated class UntrustedFlowSource = RemoteFlowSource;
    /**
     * The methods as Remote user controllable source which can be many part of request.
     */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+      RemoteFlowSource() {
        exists(Method m |
          m.hasQualifiedName(packagePath(), "Request",
            [
@@ -463,13 +478,18 @@ module Fasthttp {
      override Http::ResponseWriter getResponseWriter() { none() }
    }
    /**
     * DEPRECATED: Use `RemoteFlowSource` instead.
     */
    deprecated class UntrustedFlowSource = RemoteFlowSource;
    /**
     * The methods as Remote user controllable source which are generally related to HTTP request.
     *
     * When support for lambdas has been implemented we should model "VisitAll", "VisitAllCookie", "VisitAllInOrder", "VisitAllTrailer".
     */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+      RemoteFlowSource() {
        exists(Method m |
          m.hasQualifiedName(packagePath(), "RequestCtx",
            [
@@ -486,13 +506,18 @@ module Fasthttp {
   * Provide Methods of fasthttp.RequestHeader which mostly used as remote user controlled sources.
   */
  module RequestHeader {
    /**
     * DEPRECATED: Use `RemoteFlowSource` instead.
     */
    deprecated class UntrustedFlowSource = RemoteFlowSource;
    /**
     * The methods as Remote user controllable source which are mostly related to HTTP Request Headers.
     *
     * When support for lambdas has been implemented we should model "VisitAll", "VisitAllCookie", "VisitAllInOrder", "VisitAllTrailer".
     */
-    class UntrustedFlowSource extends UntrustedFlowSource::Range instanceof DataFlow::Node {
+    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
-      UntrustedFlowSource() {
+      RemoteFlowSource() {
        exists(Method m |
          m.hasQualifiedName(packagePath(), "RequestHeader",
            [
--- a/go/ql/lib/semmle/go/frameworks/Gin.qll
+++ b/go/ql/lib/semmle/go/frameworks/Gin.qll
@@ -10,9 +10,9 @@ private module Gin {
  string packagePath() { result = package("github.com/gin-gonic/gin", "") }
  /**
-   * Data from a `Context` struct, considered as a source of untrusted flow.
+   * Data from a `Context` struct, considered as a source of remote flow.
   */
-  private class GithubComGinGonicGinContextSource extends UntrustedFlowSource::Range {
+  private class GithubComGinGonicGinContextSource extends RemoteFlowSource::Range {
    GithubComGinGonicGinContextSource() {
      // Method calls:
      exists(DataFlow::MethodCallNode call, string methodName |
@@ -39,7 +39,7 @@ private module Gin {
  /**
   * A call to a method on `Context` struct that unmarshals data into a target.
   */
-  private class GithubComGinGonicGinContextBindSource extends UntrustedFlowSource::Range {
+  private class GithubComGinGonicGinContextBindSource extends RemoteFlowSource::Range {
    GithubComGinGonicGinContextBindSource() {
      exists(DataFlow::MethodCallNode call, string methodName |
        call.getTarget().hasQualifiedName(packagePath(), "Context", methodName) and
--- a/go/ql/lib/semmle/go/frameworks/GoKit.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoKit.qll
@@ -35,7 +35,7 @@ module GoKit {
      DataFlow::exprNode(result.(FuncLit)) = getAnEndpointFactoryResult()
    }
-    private class EndpointRequest extends UntrustedFlowSource::Range {
+    private class EndpointRequest extends RemoteFlowSource::Range {
      EndpointRequest() { this = DataFlow::parameterNode(getAnEndpointFunction().getParameter(1)) }
    }
  }
--- a/go/ql/lib/semmle/go/frameworks/GoMicro.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoMicro.qll
@@ -142,7 +142,7 @@ module GoMicro {
  /**
   * A set of remote requests from a service handler.
   */
-  class Request extends UntrustedFlowSource::Range instanceof DataFlow::ParameterNode {
+  class Request extends RemoteFlowSource::Range instanceof DataFlow::ParameterNode {
    Request() {
      exists(ServiceHandler handler |
        this.asParameter().isParameterOf(handler.getFuncDecl(), 1) and
--- a/go/ql/lib/semmle/go/frameworks/GoRestfulHttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoRestfulHttp.qll
@@ -27,14 +27,14 @@ private module GoRestfulHttp {
  /**
   * A model of go-restful's `Request` object as a source of user-controlled data.
   */
-  private class GoRestfulSource extends UntrustedFlowSource::Range {
+  private class GoRestfulSource extends RemoteFlowSource::Range {
    GoRestfulSource() { this = any(GoRestfulSourceMethod g).getACall() }
  }
  /**
   * A model of go-restful's `Request.ReadEntity` method as a source of user-controlled data.
   */
-  private class GoRestfulReadEntitySource extends UntrustedFlowSource::Range {
+  private class GoRestfulReadEntitySource extends RemoteFlowSource::Range {
    GoRestfulReadEntitySource() {
      exists(DataFlow::MethodCallNode call |
        call.getTarget().hasQualifiedName(packagePath(), "Request", "ReadEntity")
--- a/go/ql/lib/semmle/go/frameworks/Gqlgen.qll
+++ b/go/ql/lib/semmle/go/frameworks/Gqlgen.qll
@@ -39,7 +39,7 @@ module Gqlgen {
  }
  /** A parameter of a resolver method which receives untrusted input. */
-  class ResolverParameter extends UntrustedFlowSource::Range instanceof DataFlow::ParameterNode {
+  class ResolverParameter extends RemoteFlowSource::Range instanceof DataFlow::ParameterNode {
    ResolverParameter() {
      this.asParameter() = any(ResolverImplementationMethod h).getAnUntrustedParameter()
    }
--- a/go/ql/lib/semmle/go/frameworks/Mux.qll
+++ b/go/ql/lib/semmle/go/frameworks/Mux.qll
@@ -9,7 +9,7 @@ import go
 */
 module Mux {
  /** An access to a Mux middleware variable. */
-  class RequestVars extends DataFlow::UntrustedFlowSource::Range, DataFlow::CallNode {
+  class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
    RequestVars() {
      this.getTarget().hasQualifiedName(package("github.com/gorilla/mux", ""), "Vars")
    }
--- a/go/ql/lib/semmle/go/frameworks/Revel.qll
+++ b/go/ql/lib/semmle/go/frameworks/Revel.qll
@@ -1,5 +1,5 @@
 /**
- * Provides classes for working with untrusted flow sources from the `github.com/revel/revel` package.
+ * Provides classes for working with remote flow sources from the `github.com/revel/revel` package.
 */
 import go
@@ -12,7 +12,7 @@ module Revel {
    result = package(["github.com/revel", "github.com/robfig"] + "/revel", "")
  }
-  private class ControllerParams extends UntrustedFlowSource::Range, DataFlow::FieldReadNode {
+  private class ControllerParams extends RemoteFlowSource::Range, DataFlow::FieldReadNode {
    ControllerParams() {
      exists(Field f |
        this.readsField(_, f) and
@@ -32,7 +32,7 @@ module Revel {
    }
  }
-  private class RouteMatchParams extends UntrustedFlowSource::Range, DataFlow::FieldReadNode {
+  private class RouteMatchParams extends RemoteFlowSource::Range, DataFlow::FieldReadNode {
    RouteMatchParams() {
      exists(Field f |
        this.readsField(_, f) and
@@ -42,9 +42,7 @@ module Revel {
  }
  /** An access to an HTTP request field whose value may be controlled by an untrusted user. */
-  private class UserControlledRequestField extends UntrustedFlowSource::Range,
+  private class UserControlledRequestField extends RemoteFlowSource::Range, DataFlow::FieldReadNode {
    DataFlow::FieldReadNode
  {
    UserControlledRequestField() {
      exists(string fieldName |
        this.getField().hasQualifiedName(packagePath(), "Request", fieldName)
@@ -56,7 +54,7 @@ module Revel {
    }
  }
-  private class UserControlledRequestMethod extends UntrustedFlowSource::Range,
+  private class UserControlledRequestMethod extends RemoteFlowSource::Range,
    DataFlow::MethodCallNode
  {
    UserControlledRequestMethod() {
--- a/go/ql/lib/semmle/go/frameworks/Twirp.qll
+++ b/go/ql/lib/semmle/go/frameworks/Twirp.qll
@@ -130,7 +130,7 @@ module Twirp {
  }
  /** A request coming to the service handler. */
-  class Request extends UntrustedFlowSource::Range instanceof DataFlow::ParameterNode {
+  class Request extends RemoteFlowSource::Range instanceof DataFlow::ParameterNode {
    Request() {
      exists(ServiceHandler handler |
        this.asParameter().isParameterOf(handler.getFuncDecl(), 1) and
--- a/go/ql/lib/semmle/go/frameworks/WebSocket.qll
+++ b/go/ql/lib/semmle/go/frameworks/WebSocket.qll
@@ -127,7 +127,7 @@ module WebSocketRequestCall {
 /**
 * A message written to a WebSocket, considered as a flow sink for reflected XSS.
 */
-class WebSocketReaderAsSource extends UntrustedFlowSource::Range {
+class WebSocketReaderAsSource extends RemoteFlowSource::Range {
  WebSocketReaderAsSource() {
    exists(WebSocketReader r | this = r.getAnOutput().getNode(r.getACall()))
  }
--- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -9,9 +9,7 @@ private import semmle.go.dataflow.internal.FlowSummaryImpl::Private
 /** Provides models of commonly used functions in the `net/http` package. */
 module NetHttp {
  /** An access to an HTTP request field whose value may be controlled by an untrusted user. */
-  private class UserControlledRequestField extends UntrustedFlowSource::Range,
+  private class UserControlledRequestField extends RemoteFlowSource::Range, DataFlow::FieldReadNode {
    DataFlow::FieldReadNode
  {
    UserControlledRequestField() {
      exists(string fieldName | this.getField().hasQualifiedName("net/http", "Request", fieldName) |
        fieldName =
--- a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
@@ -29,8 +29,13 @@ module CommandInjection {
   */
  abstract class Sanitizer extends DataFlow::Node { }
  /**
   * DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
   */
  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
  /** A source of untrusted data, considered as a taint source for command injection. */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** A command name, considered as a taint sink for command injection. */
  class CommandNameAsSink extends Sink {
--- a/go/ql/lib/semmle/go/security/ExternalAPIs.qll
+++ b/go/ql/lib/semmle/go/security/ExternalAPIs.qll
@@ -187,13 +187,13 @@ class UnknownExternalApiDataNode extends ExternalApiDataNode {
 deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
-  override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
 private module UntrustedDataConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
@@ -211,13 +211,13 @@ module UntrustedDataToExternalApiFlow = DataFlow::Global<UntrustedDataConfig>;
 deprecated class UntrustedDataToUnknownExternalApiConfig extends TaintTracking::Configuration {
  UntrustedDataToUnknownExternalApiConfig() { this = "UntrustedDataToUnknownExternalAPIConfig" }
-  override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  override predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode }
 }
 private module UntrustedDataToUnknownExternalApiConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode }
 }
--- a/go/ql/lib/semmle/go/security/FlowSources.qll
+++ b/go/ql/lib/semmle/go/security/FlowSources.qll
@@ -5,21 +5,31 @@
 import go
 private import semmle.go.dataflow.ExternalFlow as ExternalFlow
 /**
 * DEPRECATED: Use `RemoteFlowSource` instead.
 */
 deprecated class UntrustedFlowSource = RemoteFlowSource;
 /**
 * A source of data that is controlled by an untrusted user.
 *
 * Extend this class to refine existing API models. If you want to model new APIs,
- * extend `UntrustedFlowSource::Range` instead.
+ * extend `RemoteFlowSource::Range` instead.
 */
-class UntrustedFlowSource extends DataFlow::Node instanceof UntrustedFlowSource::Range { }
+class RemoteFlowSource extends DataFlow::Node instanceof RemoteFlowSource::Range { }
 /**
 * DEPRECATED: Use `RemoteFlowSource` instead.
 */
 deprecated module UntrustedFlowSource = RemoteFlowSource;
 /** Provides a class for modeling new sources of untrusted data. */
-module UntrustedFlowSource {
+module RemoteFlowSource {
  /**
   * A source of data that is controlled by an untrusted user.
   *
   * Extend this class to model new APIs. If you want to refine existing API models,
-   * extend `UntrustedFlowSource` instead.
+   * extend `RemoteFlowSource` instead.
   */
  abstract class Range extends DataFlow::Node { }
--- a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
@@ -25,8 +25,13 @@ module LogInjection {
   */
  abstract class Sanitizer extends DataFlow::Node { }
  /**
   * DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
   */
  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
  /** A source of untrusted data, considered as a taint source for log injection. */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** An argument to a logging mechanism. */
  class LoggerSink extends Sink {
--- a/go/ql/lib/semmle/go/security/MissingJwtSignatureCheckCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/MissingJwtSignatureCheckCustomizations.qll
@@ -49,7 +49,7 @@ module MissingJwtSignatureCheck {
    }
  }
-  private class DefaultSource extends Source instanceof UntrustedFlowSource { }
+  private class DefaultSource extends Source instanceof RemoteFlowSource { }
  private class DefaultSink extends Sink {
    DefaultSink() { sinkNode(this, "jwt") }
--- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
@@ -42,11 +42,16 @@ module OpenUrlRedirect {
    abstract predicate hasTaintStep(DataFlow::Node pred, DataFlow::Node succ);
  }
  /**
   * DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
   */
  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
  /**
   * A source of third-party user input, considered as a flow source for URL redirects.
   */
-  class UntrustedFlowAsSource extends Source, UntrustedFlowSource {
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource {
-    UntrustedFlowAsSource() {
+    RemoteFlowAsSource() {
      // exclude some fields and methods of URLs that are generally not attacker-controllable for
      // open redirect exploits
      not this instanceof Http::Redirect::UnexploitableSource
--- a/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll
@@ -34,10 +34,15 @@ module ReflectedXss {
    }
  }
  /**
   * DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
   */
  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
  /**
   * A third-party controllable input, considered as a flow source for reflected XSS.
   */
-  class UntrustedFlowAsSource extends Source, UntrustedFlowSource { }
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** An arbitrary XSS sink, considered as a flow sink for stored XSS. */
  private class AnySink extends Sink instanceof SharedXss::Sink { }
--- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
@@ -32,10 +32,15 @@ module RequestForgery {
  /** An outgoing sanitizer edge for request forgery vulnerabilities. */
  abstract class SanitizerEdge extends DataFlow::Node { }
  /**
   * DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
   */
  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
  /**
   * A third-party controllable input, considered as a flow source for request forgery.
   */
-  class UntrustedFlowAsSource extends Source, UntrustedFlowSource { }
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
  /**
   * The URL of an HTTP request, viewed as a sink for request forgery.
--- a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
@@ -25,8 +25,13 @@ module SqlInjection {
   */
  abstract class Sanitizer extends DataFlow::Node { }
  /**
   * DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
   */
  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
  /** A source of untrusted data, considered as a taint source for SQL injection. */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** An SQL string, considered as a taint sink for SQL injection. */
  class SqlQueryAsSink extends Sink instanceof SQL::QueryString { }
--- a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
@@ -44,8 +44,13 @@ module TaintedPath {
    }
  }
  /**
   * DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
   */
  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
  /** A source of untrusted data, considered as a taint source for path traversal. */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** A path expression, considered as a taint sink for path traversal. */
  class PathAsSink extends Sink {
--- a/go/ql/lib/semmle/go/security/UncontrolledAllocationSizeCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/UncontrolledAllocationSizeCustomizations.qll
@@ -21,7 +21,7 @@ module UncontrolledAllocationSize {
  abstract class Sanitizer extends DataFlow::Node { }
  /** A source of untrusted data, considered as a taint source for uncontrolled size allocation vulnerabilities. */
-  private class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** The size argument of a memory allocation function. */
  private class AllocationSizeAsSink extends Sink instanceof AllocationSizeOverflow::AllocationSize {
--- a/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
@@ -24,8 +24,13 @@ module XPathInjection {
   */
  abstract class Sanitizer extends DataFlow::ExprNode { }
  /**
   * DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
   */
  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
  /** A source of untrusted data, used in an XPath expression. */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
  /** An XPath expression string, considered as a taint sink for XPath injection. */
  class XPathExpressionStringAsSink extends Sink instanceof XPath::XPathExpressionString { }
--- a/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll
+++ b/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll
@@ -16,8 +16,13 @@ module EmailInjection {
   */
  abstract class Sink extends DataFlow::Node { }
  /**
   * DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
   */
  deprecated class UntrustedFlowSourceAsSource = RemoteFlowSourceAsSource;
  /** A source of untrusted data, considered as a taint source for email injection. */
-  class UntrustedFlowSourceAsSource extends Source instanceof UntrustedFlowSource { }
+  private class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
  /**
   * A data-flow node that becomes part of an email considered as a taint sink for email injection.
--- a/go/ql/src/experimental/CWE-090/LDAPInjection.qll
+++ b/go/ql/src/experimental/CWE-090/LDAPInjection.qll
@@ -98,13 +98,13 @@ private class LdapClientDNSink extends LdapSink {
 /**
 * DEPRECATED: Use `LdapInjectionFlow` instead.
 *
- * A taint-tracking configuration for reasoning about when an `UntrustedFlowSource`
+ * A taint-tracking configuration for reasoning about when a `RemoteFlowSource`
 * flows into an argument or field that is vulnerable to LDAP injection.
 */
 deprecated class LdapInjectionConfiguration extends TaintTracking::Configuration {
  LdapInjectionConfiguration() { this = "Ldap injection" }
-  override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  override predicate isSink(DataFlow::Node sink) { sink instanceof LdapSink }
@@ -112,7 +112,7 @@ deprecated class LdapInjectionConfiguration extends TaintTracking::Configuration
 }
 private module LdapInjectionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { sink instanceof LdapSink }
@@ -120,7 +120,7 @@ private module LdapInjectionConfig implements DataFlow::ConfigSig {
 }
 /**
- * Tracks taint flow for reasoning about when an `UntrustedFlowSource` flows
+ * Tracks taint flow for reasoning about when a `RemoteFlowSource` flows
 * into an argument or field that is vulnerable to LDAP injection.
 */
 module LdapInjectionFlow = TaintTracking::Global<LdapInjectionConfig>;
--- a/go/ql/src/experimental/CWE-203/Timing.ql
+++ b/go/ql/src/experimental/CWE-203/Timing.ql
@@ -98,7 +98,7 @@ private class SensitiveStringSink extends Sink {
 module Config implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
-    source instanceof UntrustedFlowSource and not isBadResult(source)
+    source instanceof RemoteFlowSource and not isBadResult(source)
  }
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink and not isBadResult(sink) }
--- a/go/ql/src/experimental/CWE-287/ImproperLdapAuthCustomizations.qll
+++ b/go/ql/src/experimental/CWE-287/ImproperLdapAuthCustomizations.qll
@@ -68,7 +68,7 @@ module ImproperLdapAuth {
  private module Config implements DataFlow::ConfigSig {
    predicate isSource(DataFlow::Node source) {
-      source instanceof UntrustedFlowSource or source instanceof EmptyString
+      source instanceof RemoteFlowSource or source instanceof EmptyString
    }
    predicate isSink(DataFlow::Node sink) { sink instanceof LdapAuthSink }
--- a/go/ql/src/experimental/CWE-369/DivideByZero.ql
+++ b/go/ql/src/experimental/CWE-369/DivideByZero.ql
@@ -28,7 +28,7 @@ predicate divideByZeroSanitizerGuard(DataFlow::Node g, Expr e, boolean branch) {
 }
 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    exists(Function f, DataFlow::CallNode cn | cn = f.getACall() |
--- a/go/ql/src/experimental/CWE-74/DsnInjection.ql
+++ b/go/ql/src/experimental/CWE-74/DsnInjection.ql
@@ -13,8 +13,8 @@ import go
 import DsnInjectionCustomizations
 import DsnInjectionFlow::PathGraph
-/** An untrusted flow source taken as a source for the `DsnInjection` taint-flow configuration. */
+/** A remote flow source taken as a source for the `DsnInjection` taint-flow configuration. */
-private class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
 from DsnInjectionFlow::PathNode source, DsnInjectionFlow::PathNode sink
 where DsnInjectionFlow::flowPath(source, sink)
--- a/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
+++ b/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
@@ -36,7 +36,7 @@ class PassthroughTypeName extends string {
 }
 module UntrustedToPassthroughTypeConversionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  additional predicate isSinkToPassthroughType(DataFlow::TypeCastNode sink, PassthroughTypeName name) {
    exists(Type typ |
@@ -53,7 +53,7 @@ module UntrustedToPassthroughTypeConversionConfig implements DataFlow::ConfigSig
 }
 /**
- * Tracks taint flow for reasoning about when an `UntrustedFlowSource` is
+ * Tracks taint flow for reasoning about when a `RemoteFlowSource` is
 * converted into a special "passthrough" type which will not be escaped by the
 * template generator; this allows the injection of arbitrary content (html,
 * css, js) into the generated output of the templates.
@@ -109,13 +109,13 @@ predicate isSinkToTemplateExec(DataFlow::Node sink, DataFlow::CallNode call) {
 }
 module FromUntrustedToTemplateExecutionCallConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { isSinkToTemplateExec(sink, _) }
 }
 /**
- * Tracks taint flow from an `UntrustedFlowSource` into a template executor
+ * Tracks taint flow from a `RemoteFlowSource` into a template executor
 * call.
 */
 module FromUntrustedToTemplateExecutionCallFlow =
--- a/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.qll
+++ b/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.qll
@@ -52,7 +52,7 @@ deprecated class Configuration extends TaintTracking::Configuration {
  Configuration() { this = "Condtional Expression Check Bypass" }
  override predicate isSource(DataFlow::Node source) {
-    source instanceof UntrustedFlowSource
+    source instanceof RemoteFlowSource
    or
    exists(DataFlow::FieldReadNode f |
      f.getField().hasQualifiedName("net/http", "Request", "Host")
@@ -71,7 +71,7 @@ deprecated class Configuration extends TaintTracking::Configuration {
 private module Config implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
-    source instanceof UntrustedFlowSource
+    source instanceof RemoteFlowSource
    or
    exists(DataFlow::FieldReadNode f |
      f.getField().hasQualifiedName("net/http", "Request", "Host")
--- a/go/ql/src/experimental/CWE-840/ConditionalBypass.ql
+++ b/go/ql/src/experimental/CWE-840/ConditionalBypass.ql
@@ -14,7 +14,7 @@ import go
 module Config implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
-    source instanceof UntrustedFlowSource
+    source instanceof RemoteFlowSource
    or
    source = any(Field f | f.hasQualifiedName("net/http", "Request", "Host")).getARead()
  }
--- a/go/ql/src/experimental/CWE-918/SSRF.qll
+++ b/go/ql/src/experimental/CWE-918/SSRF.qll
@@ -87,10 +87,15 @@ module ServerSideRequestForgery {
  /** An outgoing sanitizer edge for request forgery vulnerabilities. */
  abstract class SanitizerEdge extends DataFlow::Node { }
  /**
   * DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
   */
  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
  /**
   * An user controlled input, considered as a flow source for request forgery.
   */
-  class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { }
+  private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
  /**
   * The URL of an HTTP request, viewed as a sink for request forgery.
--- a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
+++ b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
@@ -52,7 +52,7 @@ class AllowCredentialsHeaderWrite extends Http::HeaderWrite {
 }
 module UntrustedToAllowOriginHeaderConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  additional predicate isSinkHW(DataFlow::Node sink, AllowOriginHeaderWrite hw) {
    sink = hw.getValue()
@@ -70,7 +70,7 @@ module UntrustedToAllowOriginHeaderConfig implements DataFlow::ConfigSig {
 }
 module UntrustedToAllowOriginConfigConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  additional predicate isSinkWrite(DataFlow::Node sink, GinCors::AllowOriginsWrite w) { sink = w }
@@ -78,13 +78,13 @@ module UntrustedToAllowOriginConfigConfig implements DataFlow::ConfigSig {
 }
 /**
- * Tracks taint flowfor reasoning about when an `UntrustedFlowSource` flows to
+ * Tracks taint flowfor reasoning about when a `RemoteFlowSource` flows to
 * a `HeaderWrite` that writes an `Access-Control-Allow-Origin` header's value.
 */
 module UntrustedToAllowOriginHeaderFlow = TaintTracking::Global<UntrustedToAllowOriginHeaderConfig>;
 /**
- * Tracks taint flowfor reasoning about when an `UntrustedFlowSource` flows to
+ * Tracks taint flowfor reasoning about when a `RemoteFlowSource` flows to
 * a `AllowOriginsWrite` that writes an `Access-Control-Allow-Origin` header's value.
 */
 module UntrustedToAllowOriginConfigFlow = TaintTracking::Global<UntrustedToAllowOriginConfigConfig>;
@@ -121,7 +121,7 @@ predicate allowCredentialsIsSetToTrue(DataFlow::ExprNode allowOriginHW) {
 /**
 * Holds if the provided `allowOriginHW` HeaderWrite's value is set using an
- * UntrustedFlowSource.
+ * RemoteFlowSource.
 * The `message` parameter is populated with the warning message to be returned by the query.
 */
 predicate flowsFromUntrustedToAllowOrigin(DataFlow::ExprNode allowOriginHW, string message) {
@@ -169,7 +169,7 @@ class MapRead extends DataFlow::ElementReadNode {
 }
 module FromUntrustedConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { isSinkCgn(sink, _) }
@@ -208,13 +208,13 @@ module FromUntrustedConfig implements DataFlow::ConfigSig {
 }
 /**
- * Tracks taint flow for reasoning about when an `UntrustedFlowSource` flows
+ * Tracks taint flow for reasoning about when a `RemoteFlowSource` flows
 * somewhere.
 */
 module FromUntrustedFlow = TaintTracking::Global<FromUntrustedConfig>;
 /**
- * Holds if the provided `allowOriginHW` is also destination of a `UntrustedFlowSource`.
+ * Holds if the provided `allowOriginHW` is also destination of a `RemoteFlowSource`.
 */
 predicate flowsToGuardedByCheckOnUntrusted(DataFlow::ExprNode allowOriginHW) {
  exists(DataFlow::Node sink, ControlFlow::ConditionGuardNode cgn |
--- a/go/ql/src/experimental/frameworks/CleverGo.json
+++ b/go/ql/src/experimental/frameworks/CleverGo.json
@@ -2,8 +2,8 @@
   "Name": "CleverGo",
   "Models": [
      {
-         "Name": "UntrustedSources",
+         "Name": "RemoteSources",
-         "Kind": "UntrustedFlowSource",
+         "Kind": "RemoteFlowSource",
         "Methods": [
            {
               "Name": "{source:[](Param|Result|Fields|Type)} \u003c- $source",
--- a/go/ql/src/experimental/frameworks/CleverGo.qll
+++ b/go/ql/src/experimental/frameworks/CleverGo.qll
@@ -14,10 +14,10 @@ private module CleverGo {
  }
  /**
-   * Provides models of untrusted flow sources.
+   * Provides models of remote flow sources.
   */
-  private class UntrustedSources extends UntrustedFlowSource::Range {
+  private class RemoteSources extends RemoteFlowSource::Range {
-    UntrustedSources() {
+    RemoteSources() {
      // Methods on types of package: clevergo.tech/clevergo@v0.5.2
      exists(string receiverName, string methodName, Method mtd, FunctionOutput out |
        this = out.getExitNode(mtd.getACall()) and
--- a/go/ql/src/experimental/frameworks/DecompressionBombs.qll
+++ b/go/ql/src/experimental/frameworks/DecompressionBombs.qll
@@ -4,7 +4,7 @@
 import go
-class MimeMultipartFileHeader extends UntrustedFlowSource::Range {
+class MimeMultipartFileHeader extends RemoteFlowSource::Range {
  MimeMultipartFileHeader() {
    exists(DataFlow::FieldReadNode frn | this = frn |
      frn.getField().hasQualifiedName("mime/multipart", "FileHeader", ["Filename", "Header"])
@@ -29,7 +29,7 @@ module DecompressionBomb {
    class FlowState = DecompressionBombs::FlowState;
    predicate isSource(DataFlow::Node source, FlowState state) {
-      source instanceof UntrustedFlowSource and
+      source instanceof RemoteFlowSource and
      state = ""
    }
--- a/go/ql/src/experimental/frameworks/Fiber.json
+++ b/go/ql/src/experimental/frameworks/Fiber.json
@@ -728,8 +728,8 @@
         ]
      },
      {
-         "Name": "UntrustedFlowSources",
+         "Name": "RemoteFlowSources",
-         "Kind": "UntrustedFlowSource",
+         "Kind": "RemoteFlowSource",
         "Methods": [
            {
               "Name": "{source:[](Param|Result|Fields|Type)} \u003c- $source",
--- a/go/ql/src/experimental/frameworks/Fiber.qll
+++ b/go/ql/src/experimental/frameworks/Fiber.qll
@@ -293,10 +293,10 @@ private module Fiber {
  }
  /**
-   * Provides models of untrusted flow sources.
+   * Provides models of remote flow sources.
   */
-  private class UntrustedFlowSources extends UntrustedFlowSource::Range {
+  private class RemoteFlowSources extends RemoteFlowSource::Range {
-    UntrustedFlowSources() {
+    RemoteFlowSources() {
      // Methods on types of package: github.com/gofiber/fiber@v1.14.6
      exists(string receiverName, string methodName, Method mtd, FunctionOutput out |
        this = out.getExitNode(mtd.getACall()) and
--- a/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.expected
+++ b/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.expected
--- a/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.go
+++ b/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.go
@@ -5,110 +5,110 @@ package main
 import "clevergo.tech/clevergo"
 // Package clevergo.tech/clevergo@v0.5.2
-func UntrustedSources_ClevergoTechClevergoV052() {
+func RemoteSources_ClevergoTechClevergoV052() {
-	// Untrusted flow sources from method calls.
+	// Remote flow sources from method calls.
 	{
-		// Untrusted flow sources from method calls on clevergo.tech/clevergo.Context.
+		// Remote flow sources from method calls on clevergo.tech/clevergo.Context.
 		{
 			// func (*Context).BasicAuth() (username string, password string, ok bool)
 			{
 				var receiverContext656 clevergo.Context
 				resultUsername414, resultPassword518, _ := receiverContext656.BasicAuth()
-				sink(resultUsername414) // $ untrustedFlowSource
+				sink(resultUsername414) // $ remoteFlowSource
-				sink(resultPassword518) // $ untrustedFlowSource
+				sink(resultPassword518) // $ remoteFlowSource
 			}
 			// func (*Context).Decode(v interface{}) (err error)
 			{
 				var receiverContext650 clevergo.Context
 				var paramV784 interface{}
 				receiverContext650.Decode(paramV784)
-				sink(paramV784) // $ untrustedFlowSource
+				sink(paramV784) // $ remoteFlowSource
 			}
 			// func (*Context).DefaultQuery(key string, defaultVlue string) string
 			{
 				var receiverContext957 clevergo.Context
 				result520 := receiverContext957.DefaultQuery("", "")
-				sink(result520) // $ untrustedFlowSource
+				sink(result520) // $ remoteFlowSource
 			}
 			// func (*Context).FormValue(key string) string
 			{
 				var receiverContext443 clevergo.Context
 				result127 := receiverContext443.FormValue("")
-				sink(result127) // $ untrustedFlowSource
+				sink(result127) // $ remoteFlowSource
 			}
 			// func (*Context).GetHeader(name string) string
 			{
 				var receiverContext483 clevergo.Context
 				result989 := receiverContext483.GetHeader("")
-				sink(result989) // $ untrustedFlowSource
+				sink(result989) // $ remoteFlowSource
 			}
 			// func (*Context).PostFormValue(key string) string
 			{
 				var receiverContext982 clevergo.Context
 				result417 := receiverContext982.PostFormValue("")
-				sink(result417) // $ untrustedFlowSource
+				sink(result417) // $ remoteFlowSource
 			}
 			// func (*Context).QueryParam(key string) string
 			{
 				var receiverContext584 clevergo.Context
 				result991 := receiverContext584.QueryParam("")
-				sink(result991) // $ untrustedFlowSource
+				sink(result991) // $ remoteFlowSource
 			}
 			// func (*Context).QueryParams() net/url.Values
 			{
 				var receiverContext881 clevergo.Context
 				result186 := receiverContext881.QueryParams()
-				sink(result186) // $ untrustedFlowSource
+				sink(result186) // $ remoteFlowSource
 			}
 			// func (*Context).QueryString() string
 			{
 				var receiverContext284 clevergo.Context
 				result908 := receiverContext284.QueryString()
-				sink(result908) // $ untrustedFlowSource
+				sink(result908) // $ remoteFlowSource
 			}
 		}
-		// Untrusted flow sources from method calls on clevergo.tech/clevergo.Params.
+		// Remote flow sources from method calls on clevergo.tech/clevergo.Params.
 		{
 			// func (Params).String(name string) string
 			{
 				var receiverParams137 clevergo.Params
 				result494 := receiverParams137.String("")
-				sink(result494) // $ untrustedFlowSource
+				sink(result494) // $ remoteFlowSource
 			}
 		}
 	}
-	// Untrusted flow sources from interface method calls.
+	// Remote flow sources from interface method calls.
 	{
-		// Untrusted flow sources from method calls on clevergo.tech/clevergo.Decoder interface.
+		// Remote flow sources from method calls on clevergo.tech/clevergo.Decoder interface.
 		{
 			// func (Decoder).Decode(req *net/http.Request, v interface{}) error
 			{
 				var receiverDecoder873 clevergo.Decoder
 				var paramV599 interface{}
 				receiverDecoder873.Decode(nil, paramV599)
-				sink(paramV599) // $ untrustedFlowSource
+				sink(paramV599) // $ remoteFlowSource
 			}
 		}
 	}
-	// Untrusted flow sources from struct fields.
+	// Remote flow sources from struct fields.
 	{
-		// Untrusted flow sources from clevergo.tech/clevergo.Context struct fields.
+		// Remote flow sources from clevergo.tech/clevergo.Context struct fields.
 		{
 			structContext409 := new(clevergo.Context)
-			sink(structContext409.Params) // $ untrustedFlowSource
+			sink(structContext409.Params) // $ remoteFlowSource
 		}
-		// Untrusted flow sources from clevergo.tech/clevergo.Param struct fields.
+		// Remote flow sources from clevergo.tech/clevergo.Param struct fields.
 		{
 			structParam246 := new(clevergo.Param)
-			sink(structParam246.Key)   // $ untrustedFlowSource
+			sink(structParam246.Key)   // $ remoteFlowSource
-			sink(structParam246.Value) // $ untrustedFlowSource
+			sink(structParam246.Value) // $ remoteFlowSource
 		}
 	}
-	// Untrusted flow sources from types.
+	// Remote flow sources from types.
 	{
 		{
 			var typeParams898 clevergo.Params
-			sink(typeParams898) // $ untrustedFlowSource
+			sink(typeParams898) // $ remoteFlowSource
 		}
 	}
 }
--- a/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.ql
+++ b/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.ql
@@ -2,15 +2,15 @@ import go
 import TestUtilities.InlineExpectationsTest
 import experimental.frameworks.CleverGo
-module UntrustedFlowSourceTest implements TestSig {
+module RemoteFlowSourceTest implements TestSig {
-  string getARelevantTag() { result = "untrustedFlowSource" }
+  string getARelevantTag() { result = "remoteFlowSource" }
  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "untrustedFlowSource" and
+    tag = "remoteFlowSource" and
    exists(DataFlow::CallNode sinkCall, DataFlow::ArgumentNode arg |
      sinkCall.getCalleeName() = "sink" and
      arg = sinkCall.getAnArgument() and
-      arg.getAPredecessor*() instanceof UntrustedFlowSource
+      arg.getAPredecessor*() instanceof RemoteFlowSource
    |
      element = arg.toString() and
      value = "" and
@@ -20,4 +20,4 @@ module UntrustedFlowSourceTest implements TestSig {
  }
 }
-import MakeTest<UntrustedFlowSourceTest>
+import MakeTest<RemoteFlowSourceTest>
--- a/go/ql/test/experimental/frameworks/CleverGo/TaintTracking.go
+++ b/go/ql/test/experimental/frameworks/CleverGo/TaintTracking.go
@@ -55,7 +55,7 @@ func TaintTracking_ClevergoTechClevergoV052() {
 			{
 				fromParams396 := source().(clevergo.Params)
 				intoString707 := fromParams396.String("")
-				sink(intoString707) // $ hasTaintFlow="intoString707" untrustedFlowSource
+				sink(intoString707) // $ hasTaintFlow="intoString707" remoteFlowSource
 			}
 		}
 	}
@@ -69,7 +69,7 @@ func TaintTracking_ClevergoTechClevergoV052() {
 				var intoInterface718 interface{}
 				var mediumObjCQL clevergo.Decoder
 				mediumObjCQL.Decode(fromRequest912, intoInterface718)
-				sink(intoInterface718) // $ hasTaintFlow="intoInterface718" untrustedFlowSource
+				sink(intoInterface718) // $ hasTaintFlow="intoInterface718" remoteFlowSource
 			}
 		}
 		// Taint-tracking through method calls on clevergo.tech/clevergo.Renderer interface.
--- a/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.expected
+++ b/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.expected
--- a/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.go
+++ b/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.go
@@ -5,132 +5,132 @@ package main
 import "github.com/gofiber/fiber"
 // Package github.com/gofiber/fiber@v1.14.6
-func UntrustedFlowSources_GithubComGofiberFiberV1146() {
+func RemoteFlowSources_GithubComGofiberFiberV1146() {
-	// Untrusted flow sources from method calls.
+	// Remote flow sources from method calls.
 	{
-		// Untrusted flow sources from method calls on github.com/gofiber/fiber.Ctx.
+		// Remote flow sources from method calls on github.com/gofiber/fiber.Ctx.
 		{
 			// func (*Ctx).BaseURL() string
 			{
 				var receiverCtx273 fiber.Ctx
 				result982 := receiverCtx273.BaseURL()
-				sink(result982) // $ untrustedFlowSource
+				sink(result982) // $ remoteFlowSource
 			}
 			// func (*Ctx).Body() string
 			{
 				var receiverCtx458 fiber.Ctx
 				result506 := receiverCtx458.Body()
-				sink(result506) // $ untrustedFlowSource
+				sink(result506) // $ remoteFlowSource
 			}
 			// func (*Ctx).BodyParser(out interface{}) error
 			{
 				var receiverCtx213 fiber.Ctx
 				var paramOut468 interface{}
 				receiverCtx213.BodyParser(paramOut468)
-				sink(paramOut468) // $ untrustedFlowSource
+				sink(paramOut468) // $ remoteFlowSource
 			}
 			// func (*Ctx).Cookies(key string, defaultValue ...string) string
 			{
 				var receiverCtx219 fiber.Ctx
 				result265 := receiverCtx219.Cookies("", "")
-				sink(result265) // $ untrustedFlowSource
+				sink(result265) // $ remoteFlowSource
 			}
 			// func (*Ctx).FormFile(key string) (*mime/multipart.FileHeader, error)
 			{
 				var receiverCtx971 fiber.Ctx
 				result320, _ := receiverCtx971.FormFile("")
-				sink(result320) // $ untrustedFlowSource
+				sink(result320) // $ remoteFlowSource
 			}
 			// func (*Ctx).FormValue(key string) (value string)
 			{
 				var receiverCtx545 fiber.Ctx
 				resultValue566 := receiverCtx545.FormValue("")
-				sink(resultValue566) // $ untrustedFlowSource
+				sink(resultValue566) // $ remoteFlowSource
 			}
 			// func (*Ctx).Get(key string, defaultValue ...string) string
 			{
 				var receiverCtx497 fiber.Ctx
 				result274 := receiverCtx497.Get("", "")
-				sink(result274) // $ untrustedFlowSource
+				sink(result274) // $ remoteFlowSource
 			}
 			// func (*Ctx).Hostname() string
 			{
 				var receiverCtx783 fiber.Ctx
 				result905 := receiverCtx783.Hostname()
-				sink(result905) // $ untrustedFlowSource
+				sink(result905) // $ remoteFlowSource
 			}
 			// func (*Ctx).Method(override ...string) string
 			{
 				var receiverCtx389 fiber.Ctx
 				result198 := receiverCtx389.Method("")
-				sink(result198) // $ untrustedFlowSource
+				sink(result198) // $ remoteFlowSource
 			}
 			// func (*Ctx).MultipartForm() (*mime/multipart.Form, error)
 			{
 				var receiverCtx477 fiber.Ctx
 				result544, _ := receiverCtx477.MultipartForm()
-				sink(result544) // $ untrustedFlowSource
+				sink(result544) // $ remoteFlowSource
 			}
 			// func (*Ctx).OriginalURL() string
 			{
 				var receiverCtx382 fiber.Ctx
 				result715 := receiverCtx382.OriginalURL()
-				sink(result715) // $ untrustedFlowSource
+				sink(result715) // $ remoteFlowSource
 			}
 			// func (*Ctx).Params(key string, defaultValue ...string) string
 			{
 				var receiverCtx179 fiber.Ctx
 				result366 := receiverCtx179.Params("", "")
-				sink(result366) // $ untrustedFlowSource
+				sink(result366) // $ remoteFlowSource
 			}
 			// func (*Ctx).Path(override ...string) string
 			{
 				var receiverCtx648 fiber.Ctx
 				result544 := receiverCtx648.Path("")
-				sink(result544) // $ untrustedFlowSource
+				sink(result544) // $ remoteFlowSource
 			}
 			// func (*Ctx).Query(key string, defaultValue ...string) string
 			{
 				var receiverCtx754 fiber.Ctx
 				result680 := receiverCtx754.Query("", "")
-				sink(result680) // $ untrustedFlowSource
+				sink(result680) // $ remoteFlowSource
 			}
 			// func (*Ctx).QueryParser(out interface{}) error
 			{
 				var receiverCtx722 fiber.Ctx
 				var paramOut506 interface{}
 				receiverCtx722.QueryParser(paramOut506)
-				sink(paramOut506) // $ untrustedFlowSource
+				sink(paramOut506) // $ remoteFlowSource
 			}
 			// func (*Ctx).Range(size int) (rangeData Range, err error)
 			{
 				var receiverCtx121 fiber.Ctx
 				resultRangeData293, _ := receiverCtx121.Range(0)
-				sink(resultRangeData293) // $ untrustedFlowSource
+				sink(resultRangeData293) // $ remoteFlowSource
 			}
 			// func (*Ctx).Subdomains(offset ...int) []string
 			{
 				var receiverCtx151 fiber.Ctx
 				result849 := receiverCtx151.Subdomains(0)
-				sink(result849) // $ untrustedFlowSource
+				sink(result849) // $ remoteFlowSource
 			}
 		}
 	}
-	// Untrusted flow sources from struct fields.
+	// Remote flow sources from struct fields.
 	{
-		// Untrusted flow sources from github.com/gofiber/fiber.Cookie struct fields.
+		// Remote flow sources from github.com/gofiber/fiber.Cookie struct fields.
 		{
 			structCookie322 := new(fiber.Cookie)
-			sink(structCookie322.Domain)   // $ untrustedFlowSource
+			sink(structCookie322.Domain)   // $ remoteFlowSource
-			sink(structCookie322.Name)     // $ untrustedFlowSource
+			sink(structCookie322.Name)     // $ remoteFlowSource
-			sink(structCookie322.Path)     // $ untrustedFlowSource
+			sink(structCookie322.Path)     // $ remoteFlowSource
-			sink(structCookie322.SameSite) // $ untrustedFlowSource
+			sink(structCookie322.SameSite) // $ remoteFlowSource
-			sink(structCookie322.Value)    // $ untrustedFlowSource
+			sink(structCookie322.Value)    // $ remoteFlowSource
 		}
-		// Untrusted flow sources from github.com/gofiber/fiber.Error struct fields.
+		// Remote flow sources from github.com/gofiber/fiber.Error struct fields.
 		{
 			structError339 := new(fiber.Error)
-			sink(structError339.Message) // $ untrustedFlowSource
+			sink(structError339.Message) // $ remoteFlowSource
 		}
 	}
 }
--- a/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.ql
+++ b/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.ql
@@ -2,15 +2,15 @@ import go
 import TestUtilities.InlineExpectationsTest
 import experimental.frameworks.Fiber
-module UntrustedFlowSourceTest implements TestSig {
+module RemoteFlowSourceTest implements TestSig {
-  string getARelevantTag() { result = "untrustedFlowSource" }
+  string getARelevantTag() { result = "remoteFlowSource" }
  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "untrustedFlowSource" and
+    tag = "remoteFlowSource" and
    exists(DataFlow::CallNode sinkCall, DataFlow::ArgumentNode arg |
      sinkCall.getCalleeName() = "sink" and
      arg = sinkCall.getAnArgument() and
-      arg.getAPredecessor*() instanceof UntrustedFlowSource
+      arg.getAPredecessor*() instanceof RemoteFlowSource
    |
      element = arg.toString() and
      value = "" and
@@ -20,4 +20,4 @@ module UntrustedFlowSourceTest implements TestSig {
  }
 }
-import MakeTest<UntrustedFlowSourceTest>
+import MakeTest<RemoteFlowSourceTest>
--- a/go/ql/test/library-tests/semmle/go/concepts/HTTP/UntrustedFlowSources.expected
+++ b/go/ql/test/library-tests/semmle/go/concepts/HTTP/UntrustedFlowSources.expected
--- a/go/ql/test/library-tests/semmle/go/concepts/HTTP/RemoteFlowSources.ql
+++ b/go/ql/test/library-tests/semmle/go/concepts/HTTP/RemoteFlowSources.ql
@@ -0,0 +1,3 @@
 import go
 select any(RemoteFlowSource ufs)
--- a/go/ql/test/library-tests/semmle/go/concepts/HTTP/UntrustedFlowSources.ql
+++ b/go/ql/test/library-tests/semmle/go/concepts/HTTP/UntrustedFlowSources.ql
@@ -1,3 +0,0 @@
 import go
 select any(UntrustedFlowSource ufs)
--- a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.ql
+++ b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.ql
@@ -6,7 +6,7 @@
 import go
 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node n) { any(ReturnStmt s).getAnExpr() = n.asExpr() }
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/AwsLambda/test.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/AwsLambda/test.ql
@@ -2,7 +2,7 @@ import go
 import TestUtilities.InlineFlowTest
 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) {
    exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
--- a/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/main.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/main.go
@@ -11,7 +11,7 @@ import (
 )
 func handler(r *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
-	data := ctx.UserData // $ untrustedflowsource="selection of UserData"
+	data := ctx.UserData // $ remoteflowsource="selection of UserData"
 	// note no content type result here because we don't seem to extract the value of `ContentTypeHtml`
 	return r, goproxy.NewResponse(r, goproxy.ContentTypeHtml, http.StatusForbidden, fmt.Sprintf("<body>Bad request: %v</body>", data)) // $ headerwrite=status:403
--- a/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/test.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/test.ql
@@ -1,13 +1,13 @@
 import go
 import TestUtilities.InlineExpectationsTest
-module UntrustedFlowSourceTest implements TestSig {
+module RemoteFlowSourceTest implements TestSig {
-  string getARelevantTag() { result = "untrustedflowsource" }
+  string getARelevantTag() { result = "remoteflowsource" }
  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "untrustedflowsource" and
+    tag = "remoteflowsource" and
    value = element and
-    exists(UntrustedFlowSource src | value = "\"" + src.toString() + "\"" |
+    exists(RemoteFlowSource src | value = "\"" + src.toString() + "\"" |
      src.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
        location.getStartColumn(), location.getEndLine(), location.getEndColumn())
    )
@@ -70,4 +70,4 @@ module TaintFlow implements TestSig {
  }
 }
-import MakeTest<MergeTests4<UntrustedFlowSourceTest, HeaderWriteTest, LoggerTest, TaintFlow>>
+import MakeTest<MergeTests4<RemoteFlowSourceTest, HeaderWriteTest, LoggerTest, TaintFlow>>
--- a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.ql
@@ -6,8 +6,8 @@ class UntrustedFunction extends Function {
  UntrustedFunction() { this.getName() = ["getUntrustedString", "getUntrustedBytes"] }
 }
-class UntrustedSource extends DataFlow::Node, UntrustedFlowSource::Range {
+class RemoteSource extends DataFlow::Node, RemoteFlowSource::Range {
-  UntrustedSource() { this = any(UntrustedFunction f).getACall() }
+  RemoteSource() { this = any(UntrustedFunction f).getACall() }
 }
 from CommandInjection::Flow::PathNode source, CommandInjection::Flow::PathNode sink
--- a/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/UntrustedRemoteFlowSource.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/UntrustedRemoteFlowSource.expected
--- a/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/UntrustedRemoteFlowSource.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/UntrustedRemoteFlowSource.ql
@@ -2,16 +2,16 @@ import go
 import TestUtilities.InlineExpectationsTest
 module FasthttpTest implements TestSig {
-  string getARelevantTag() { result = "UntrustedFlowSource" }
+  string getARelevantTag() { result = "RemoteFlowSource" }
  predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(UntrustedFlowSource source |
+    exists(RemoteFlowSource source |
      source
          .hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
            location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
      element = source.toString() and
      value = "\"" + source.toString() + "\"" and
-      tag = "UntrustedFlowSource"
+      tag = "RemoteFlowSource"
    )
  }
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go
@@ -96,7 +96,7 @@ func main() {
 func fasthttpServer() {
 	ln, _ := net.Listen("tcp4", "127.0.0.1:8080")
 	requestHandler := func(requestCtx *fasthttp.RequestCtx) {
-		filePath := requestCtx.QueryArgs().Peek("filePath") // $ UntrustedFlowSource="call to Peek"
+		filePath := requestCtx.QueryArgs().Peek("filePath") // $ RemoteFlowSource="call to Peek"
 		// File System Access
 		filePath_string := string(filePath)
 		_ = requestCtx.Response.SendFile(filePath_string) // $ FileSystemAccess=filePath_string
@@ -112,67 +112,67 @@ func fasthttpServer() {
 		dstReader := &bufio.Reader{}
 		// user controlled methods as source
 		requestHeader := &fasthttp.RequestHeader{}
-		requestHeader.Header()                         // $ UntrustedFlowSource="call to Header"
+		requestHeader.Header()                         // $ RemoteFlowSource="call to Header"
-		requestHeader.TrailerHeader()                  // $ UntrustedFlowSource="call to TrailerHeader"
+		requestHeader.TrailerHeader()                  // $ RemoteFlowSource="call to TrailerHeader"
-		requestHeader.String()                         // $ UntrustedFlowSource="call to String"
+		requestHeader.String()                         // $ RemoteFlowSource="call to String"
-		requestHeader.RequestURI()                     // $ UntrustedFlowSource="call to RequestURI"
+		requestHeader.RequestURI()                     // $ RemoteFlowSource="call to RequestURI"
-		requestHeader.Host()                           // $ UntrustedFlowSource="call to Host"
+		requestHeader.Host()                           // $ RemoteFlowSource="call to Host"
-		requestHeader.UserAgent()                      // $ UntrustedFlowSource="call to UserAgent"
+		requestHeader.UserAgent()                      // $ RemoteFlowSource="call to UserAgent"
-		requestHeader.ContentEncoding()                // $ UntrustedFlowSource="call to ContentEncoding"
+		requestHeader.ContentEncoding()                // $ RemoteFlowSource="call to ContentEncoding"
-		requestHeader.ContentType()                    // $ UntrustedFlowSource="call to ContentType"
+		requestHeader.ContentType()                    // $ RemoteFlowSource="call to ContentType"
-		requestHeader.Cookie("ACookie")                // $ UntrustedFlowSource="call to Cookie"
+		requestHeader.Cookie("ACookie")                // $ RemoteFlowSource="call to Cookie"
-		requestHeader.CookieBytes([]byte("ACookie"))   // $ UntrustedFlowSource="call to CookieBytes"
+		requestHeader.CookieBytes([]byte("ACookie"))   // $ RemoteFlowSource="call to CookieBytes"
-		requestHeader.MultipartFormBoundary()          // $ UntrustedFlowSource="call to MultipartFormBoundary"
+		requestHeader.MultipartFormBoundary()          // $ RemoteFlowSource="call to MultipartFormBoundary"
-		requestHeader.Peek("AHeaderName")              // $ UntrustedFlowSource="call to Peek"
+		requestHeader.Peek("AHeaderName")              // $ RemoteFlowSource="call to Peek"
-		requestHeader.PeekAll("AHeaderName")           // $ UntrustedFlowSource="call to PeekAll"
+		requestHeader.PeekAll("AHeaderName")           // $ RemoteFlowSource="call to PeekAll"
-		requestHeader.PeekBytes([]byte("AHeaderName")) // $ UntrustedFlowSource="call to PeekBytes"
+		requestHeader.PeekBytes([]byte("AHeaderName")) // $ RemoteFlowSource="call to PeekBytes"
-		requestHeader.PeekKeys()                       // $ UntrustedFlowSource="call to PeekKeys"
+		requestHeader.PeekKeys()                       // $ RemoteFlowSource="call to PeekKeys"
-		requestHeader.PeekTrailerKeys()                // $ UntrustedFlowSource="call to PeekTrailerKeys"
+		requestHeader.PeekTrailerKeys()                // $ RemoteFlowSource="call to PeekTrailerKeys"
-		requestHeader.Referer()                        // $ UntrustedFlowSource="call to Referer"
+		requestHeader.Referer()                        // $ RemoteFlowSource="call to Referer"
-		requestHeader.RawHeaders()                     // $ UntrustedFlowSource="call to RawHeaders"
+		requestHeader.RawHeaders()                     // $ RemoteFlowSource="call to RawHeaders"
 		// multipart.Form is already implemented
 		// requestCtx.MultipartForm()
-		requestCtx.URI().Path()            // $ UntrustedFlowSource="call to Path"
+		requestCtx.URI().Path()            // $ RemoteFlowSource="call to Path"
-		requestCtx.URI().PathOriginal()    // $ UntrustedFlowSource="call to PathOriginal"
+		requestCtx.URI().PathOriginal()    // $ RemoteFlowSource="call to PathOriginal"
-		requestCtx.URI().FullURI()         // $ UntrustedFlowSource="call to FullURI"
+		requestCtx.URI().FullURI()         // $ RemoteFlowSource="call to FullURI"
-		requestCtx.URI().LastPathSegment() // $ UntrustedFlowSource="call to LastPathSegment"
+		requestCtx.URI().LastPathSegment() // $ RemoteFlowSource="call to LastPathSegment"
-		requestCtx.URI().QueryString()     // $ UntrustedFlowSource="call to QueryString"
+		requestCtx.URI().QueryString()     // $ RemoteFlowSource="call to QueryString"
-		requestCtx.URI().String()          // $ UntrustedFlowSource="call to String"
+		requestCtx.URI().String()          // $ RemoteFlowSource="call to String"
 		//or requestCtx.PostArgs()
-		requestCtx.URI().QueryArgs().Peek("arg1")                   // $ UntrustedFlowSource="call to Peek"
+		requestCtx.URI().QueryArgs().Peek("arg1")                   // $ RemoteFlowSource="call to Peek"
-		requestCtx.URI().QueryArgs().PeekBytes([]byte("arg1"))      // $ UntrustedFlowSource="call to PeekBytes"
+		requestCtx.URI().QueryArgs().PeekBytes([]byte("arg1"))      // $ RemoteFlowSource="call to PeekBytes"
-		requestCtx.URI().QueryArgs().PeekMulti("arg1")              // $ UntrustedFlowSource="call to PeekMulti"
+		requestCtx.URI().QueryArgs().PeekMulti("arg1")              // $ RemoteFlowSource="call to PeekMulti"
-		requestCtx.URI().QueryArgs().PeekMultiBytes([]byte("arg1")) // $ UntrustedFlowSource="call to PeekMultiBytes"
+		requestCtx.URI().QueryArgs().PeekMultiBytes([]byte("arg1")) // $ RemoteFlowSource="call to PeekMultiBytes"
-		requestCtx.URI().QueryArgs().QueryString()                  // $ UntrustedFlowSource="call to QueryString"
+		requestCtx.URI().QueryArgs().QueryString()                  // $ RemoteFlowSource="call to QueryString"
-		requestCtx.URI().QueryArgs().String()                       // $ UntrustedFlowSource="call to String"
+		requestCtx.URI().QueryArgs().String()                       // $ RemoteFlowSource="call to String"
-		requestCtx.String()                                         // $ UntrustedFlowSource="call to String"
+		requestCtx.String()                                         // $ RemoteFlowSource="call to String"
-		requestCtx.Path() // $ UntrustedFlowSource="call to Path"
+		requestCtx.Path() // $ RemoteFlowSource="call to Path"
 		// multipart.Form is already implemented
 		// requestCtx.FormFile("FileName")
 		// requestCtx.FormValue("ValueName")
-		requestCtx.Referer()           // $ UntrustedFlowSource="call to Referer"
+		requestCtx.Referer()           // $ RemoteFlowSource="call to Referer"
-		requestCtx.PostBody()          // $ UntrustedFlowSource="call to PostBody"
+		requestCtx.PostBody()          // $ RemoteFlowSource="call to PostBody"
-		requestCtx.RequestBodyStream() // $ UntrustedFlowSource="call to RequestBodyStream"
+		requestCtx.RequestBodyStream() // $ RemoteFlowSource="call to RequestBodyStream"
-		requestCtx.RequestURI()        // $ UntrustedFlowSource="call to RequestURI"
+		requestCtx.RequestURI()        // $ RemoteFlowSource="call to RequestURI"
-		requestCtx.UserAgent()         // $ UntrustedFlowSource="call to UserAgent"
+		requestCtx.UserAgent()         // $ RemoteFlowSource="call to UserAgent"
-		requestCtx.Host()              // $ UntrustedFlowSource="call to Host"
+		requestCtx.Host()              // $ RemoteFlowSource="call to Host"
-		requestCtx.Request.Host()                         // $ UntrustedFlowSource="call to Host"
+		requestCtx.Request.Host()                         // $ RemoteFlowSource="call to Host"
-		requestCtx.Request.Body()                         // $ UntrustedFlowSource="call to Body"
+		requestCtx.Request.Body()                         // $ RemoteFlowSource="call to Body"
-		requestCtx.Request.RequestURI()                   // $ UntrustedFlowSource="call to RequestURI"
+		requestCtx.Request.RequestURI()                   // $ RemoteFlowSource="call to RequestURI"
-		body1, _ := requestCtx.Request.BodyGunzip()       // $ UntrustedFlowSource="... := ...[0]"
+		body1, _ := requestCtx.Request.BodyGunzip()       // $ RemoteFlowSource="... := ...[0]"
-		body2, _ := requestCtx.Request.BodyInflate()      // $ UntrustedFlowSource="... := ...[0]"
+		body2, _ := requestCtx.Request.BodyInflate()      // $ RemoteFlowSource="... := ...[0]"
-		body3, _ := requestCtx.Request.BodyUnbrotli()     // $ UntrustedFlowSource="... := ...[0]"
+		body3, _ := requestCtx.Request.BodyUnbrotli()     // $ RemoteFlowSource="... := ...[0]"
-		body4, _ := requestCtx.Request.BodyUncompressed() // $ UntrustedFlowSource="... := ...[0]"
+		body4, _ := requestCtx.Request.BodyUncompressed() // $ RemoteFlowSource="... := ...[0]"
 		fmt.Println(body1, body2, body3, body4)
-		requestCtx.Request.BodyStream() // $ UntrustedFlowSource="call to BodyStream"
+		requestCtx.Request.BodyStream() // $ RemoteFlowSource="call to BodyStream"
-		requestCtx.Request.ReadBody(dstReader, 100, 1000)               // $ UntrustedFlowSource="dstReader"
+		requestCtx.Request.ReadBody(dstReader, 100, 1000)               // $ RemoteFlowSource="dstReader"
-		requestCtx.Request.ReadLimitBody(dstReader, 100)                // $ UntrustedFlowSource="dstReader"
+		requestCtx.Request.ReadLimitBody(dstReader, 100)                // $ RemoteFlowSource="dstReader"
-		requestCtx.Request.ContinueReadBodyStream(dstReader, 100, true) // $ UntrustedFlowSource="dstReader"
+		requestCtx.Request.ContinueReadBodyStream(dstReader, 100, true) // $ RemoteFlowSource="dstReader"
-		requestCtx.Request.ContinueReadBody(dstReader, 100)             // $ UntrustedFlowSource="dstReader"
+		requestCtx.Request.ContinueReadBody(dstReader, 100)             // $ RemoteFlowSource="dstReader"
 		// Response methods
 		// Xss Sinks Related method
--- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.ql
@@ -1,3 +1,3 @@
 import go
-select any(UntrustedFlowSource src)
+select any(RemoteFlowSource src)
--- a/go/ql/test/library-tests/semmle/go/frameworks/GoKit/untrustedflowsource.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/GoKit/untrustedflowsource.expected
--- a/go/ql/test/library-tests/semmle/go/frameworks/GoKit/untrustedflowsource.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/GoKit/untrustedflowsource.ql
@@ -1,11 +1,11 @@
 import go
 import TestUtilities.InlineExpectationsTest
-module UntrustedFlowSourceTest implements TestSig {
+module RemoteFlowSourceTest implements TestSig {
  string getARelevantTag() { result = "source" }
  predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(UntrustedFlowSource source |
+    exists(RemoteFlowSource source |
      source
          .hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
            location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
@@ -16,4 +16,4 @@ module UntrustedFlowSourceTest implements TestSig {
  }
 }
-import MakeTest<UntrustedFlowSourceTest>
+import MakeTest<RemoteFlowSourceTest>
--- a/go/ql/test/library-tests/semmle/go/frameworks/Macaron/Sources.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Macaron/Sources.ql
@@ -1,18 +1,18 @@
 import go
 import TestUtilities.InlineExpectationsTest
-module UntrustedFlowSourceTest implements TestSig {
+module RemoteFlowSourceTest implements TestSig {
-  string getARelevantTag() { result = "UntrustedFlowSource" }
+  string getARelevantTag() { result = "RemoteFlowSource" }
  predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(UntrustedFlowSource src |
+    exists(RemoteFlowSource src |
      src.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
      element = src.toString() and
      value = "" and
-      tag = "UntrustedFlowSource"
+      tag = "RemoteFlowSource"
    )
  }
 }
-import MakeTest<UntrustedFlowSourceTest>
+import MakeTest<RemoteFlowSourceTest>
--- a/go/ql/test/library-tests/semmle/go/frameworks/Macaron/sources.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Macaron/sources.go
@@ -7,16 +7,16 @@ import (
 )
 func sources(ctx *macaron.Context, body *macaron.RequestBody) {
-	_ = ctx.AllParams()                     // $UntrustedFlowSource
+	_ = ctx.AllParams()                     // $RemoteFlowSource
-	_ = ctx.GetCookie("")                   // $UntrustedFlowSource
+	_ = ctx.GetCookie("")                   // $RemoteFlowSource
-	_, _ = ctx.GetSecureCookie("")          // $UntrustedFlowSource
+	_, _ = ctx.GetSecureCookie("")          // $RemoteFlowSource
-	_, _ = ctx.GetSuperSecureCookie("", "") // $UntrustedFlowSource
+	_, _ = ctx.GetSuperSecureCookie("", "") // $RemoteFlowSource
-	_, _, _ = ctx.GetFile("")               // $UntrustedFlowSource
+	_, _, _ = ctx.GetFile("")               // $RemoteFlowSource
-	_ = ctx.Params("")                      // $UntrustedFlowSource
+	_ = ctx.Params("")                      // $RemoteFlowSource
-	_ = ctx.ParamsEscape("")                // $UntrustedFlowSource
+	_ = ctx.ParamsEscape("")                // $RemoteFlowSource
-	_ = ctx.Query("")                       // $UntrustedFlowSource
+	_ = ctx.Query("")                       // $RemoteFlowSource
-	_ = ctx.QueryEscape("")                 // $UntrustedFlowSource
+	_ = ctx.QueryEscape("")                 // $RemoteFlowSource
-	_ = ctx.QueryStrings("")                // $UntrustedFlowSource
+	_ = ctx.QueryStrings("")                // $RemoteFlowSource
-	_, _ = body.Bytes()                     // $UntrustedFlowSource
+	_, _ = body.Bytes()                     // $RemoteFlowSource
-	_, _ = body.String()                    // $UntrustedFlowSource
+	_, _ = body.String()                    // $RemoteFlowSource
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/Mux/UntrustedFlowSources.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Mux/UntrustedFlowSources.expected
--- a/go/ql/test/library-tests/semmle/go/frameworks/Mux/RemoteFlowSources.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Mux/RemoteFlowSources.ql
@@ -0,0 +1,3 @@
 import go
 select any(RemoteFlowSource ufs)
--- a/go/ql/test/library-tests/semmle/go/frameworks/Mux/UntrustedFlowSources.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Mux/UntrustedFlowSources.ql
@@ -1,3 +0,0 @@
 import go
 select any(UntrustedFlowSource ufs)
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/test.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/test.ql
@@ -8,7 +8,7 @@ class Sink extends DataFlow::Node {
 }
 private module TestConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 }
		`@@ -0,0 +1,3 @@`
							`import go`

							`select any(RemoteFlowSource ufs)`
		`@@ -1,3 +0,0 @@`
			`import go`

			`select any(UntrustedFlowSource ufs)`
`@@ -1,3 +1,3 @@`
	`import go`	`import go`

	`select any(UntrustedFlowSource src)`	`select any(RemoteFlowSource src)`