Merge branch 'main' into python/enable-summaries-from-models

javascript/ql/lib/CHANGELOG.md

@@ -1,3 +1,23 @@
+## 0.6.3
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 5.1.
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `localTaintStep` predicate from `DataFlow.qll`.
+* Deleted the deprecated `stringStep`, and `localTaintStep` predicates from `TaintTracking.qll`.
+* Deleted many modules that started with a lowercase letter. Use the versions that start with an uppercase letter instead.
+* Deleted the deprecated `HtmlInjectionConfiguration` and `JQueryHtmlOrSelectorInjectionConfiguration` classes from `DomBasedXssQuery.qll`, use `Configuration` instead.
+* Deleted the deprecated `DefiningIdentifier` class and the `Definitions.qll` file it was in. Use `SsaDefinition` instead.
+* Deleted the deprecated `definitionReaches`, `localDefinitionReaches`, `getAPseudoDefinitionInput`, `nextDefAfter`, and `localDefinitionOverwrites` predicates from `DefUse.qll`.
+* Updated the following JavaScript sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
+  * `command-line-injection` to `command-injection`
+  * `credentials[kind]` to `credentials-kind`
+* Added a support of sub modules in `node_modules`.
+
 ## 0.6.2
 
 ### Minor Analysis Improvements

javascript/ql/lib/change-notes/2023-04-19-typescript-5-1.md

@@ -1,4 +0,0 @@
----
-category: majorAnalysis
----
-* Added support for TypeScript 5.1.

javascript/ql/lib/change-notes/2023-04-30-npm-submodule.md

@@ -1,5 +0,0 @@
----
-category: minorAnalysis
----
-
-- Added a support of sub modules in `node_modules`.

javascript/ql/lib/change-notes/2023-05-12-update-js-sink-kinds.md

@@ -1,6 +0,0 @@
----
-category: minorAnalysis
----
-* Updated the following JavaScript sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
-  * `command-line-injection` to `command-injection`
-  * `credentials[kind]` to `credentials-kind`

javascript/ql/lib/change-notes/released/0.6.3.md

@@ -1,10 +1,19 @@
----
-category: minorAnalysis
----
+## 0.6.3
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 5.1.
+
+### Minor Analysis Improvements
+
 * Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `localTaintStep` predicate from `DataFlow.qll`.
 * Deleted the deprecated `stringStep`, and `localTaintStep` predicates from `TaintTracking.qll`.
 * Deleted many modules that started with a lowercase letter. Use the versions that start with an uppercase letter instead.
 * Deleted the deprecated `HtmlInjectionConfiguration` and `JQueryHtmlOrSelectorInjectionConfiguration` classes from `DomBasedXssQuery.qll`, use `Configuration` instead.
 * Deleted the deprecated `DefiningIdentifier` class and the `Definitions.qll` file it was in. Use `SsaDefinition` instead.
-* Deleted the deprecated `definitionReaches`, `localDefinitionReaches`, `getAPseudoDefinitionInput`, `nextDefAfter`, and `localDefinitionOverwrites` predicates from `DefUse.qll`.
+* Deleted the deprecated `definitionReaches`, `localDefinitionReaches`, `getAPseudoDefinitionInput`, `nextDefAfter`, and `localDefinitionOverwrites` predicates from `DefUse.qll`.
+* Updated the following JavaScript sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
+  * `command-line-injection` to `command-injection`
+  * `credentials[kind]` to `credentials-kind`
+* Added a support of sub modules in `node_modules`.

javascript/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.6.3

javascript/ql/lib/qlpack.yml

@@ -1,11 +1,12 @@
 name: codeql/javascript-all
-version: 0.6.3-dev
+version: 0.6.4-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
 library: true
 upgrades: upgrades
 dependencies:
+  codeql/mad: ${workspace}
   codeql/regex: ${workspace}
   codeql/tutorial: ${workspace}
   codeql/util: ${workspace}

javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll

@@ -662,6 +662,17 @@ module ModelOutput {
 
   import Cached
   import Specific::ModelOutputSpecific
+  private import codeql.mad.ModelValidation as SharedModelVal
+
+  private module KindValConfig implements SharedModelVal::KindValidationConfigSig {
+    predicate summaryKind(string kind) { summaryModel(_, _, _, _, kind) }
+
+    predicate sinkKind(string kind) { sinkModel(_, _, kind) }
+
+    predicate sourceKind(string kind) { sourceModel(_, _, kind) }
+  }
+
+  private module KindVal = SharedModelVal::KindValidation<KindValConfig>;
 
   /**
    * Gets an error message relating to an invalid CSV row in a model.
@@ -707,5 +718,8 @@ module ModelOutput {
       not isValidNoArgumentTokenInIdentifyingAccessPath(token.getName()) and
       result = "Invalid token '" + token + "' is missing its arguments, in access path: " + path
     )
+    or
+    // Check for invalid model kinds
+    result = KindVal::getInvalidModelKind()
   }
 }