Remove deprecated Rust dataflow predicates and associated classes

Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com>
2026-04-29 18:55:14 +02:00 · 2025-07-23 08:49:24 +00:00
parent 69d50e103f
commit 0245cd872c
2 changed files with 3 additions and 132 deletions
--- a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
@@ -49,22 +49,7 @@ private import codeql.rust.dataflow.FlowSource
 private import codeql.rust.dataflow.FlowSink
 private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl

-/**
- * DEPRECATED: Do not use.
- *
- * Holds if in a call to the function with canonical path `path`, defined in the
- * crate `crate`, the value referred to by `output` is a flow source of the given
- * `kind`.
- *
- * `output = "ReturnValue"` simply means the result of the call itself.
- *
- * For more information on the `kind` parameter, see
- * https://github.com/github/codeql/blob/main/docs/codeql/reusables/threat-model-description.rst.
- */
-extensible predicate sourceModelDeprecated(
-  string crate, string path, string output, string kind, string provenance,
-  QlBuiltins::ExtensionId madId
-);
+

 /**
 * Holds if in a call to the function with canonical path `path`, the value referred
@@ -79,23 +64,7 @@ extensible predicate sourceModel(
  string path, string output, string kind, string provenance, QlBuiltins::ExtensionId madId
 );

-/**
- * DEPRECATED: Do not use.
- *
- * Holds if in a call to the function with canonical path `path`, defined in the
- * crate `crate`, the value referred to by `input` is a flow sink of the given
- * `kind`.
- *
- * For example, `input = Argument[0]` means the first argument of the call.
- *
- * The following kinds are supported:
- *
- * - `sql-injection`: a flow sink for SQL injection.
- */
-extensible predicate sinkModelDeprecated(
-  string crate, string path, string input, string kind, string provenance,
-  QlBuiltins::ExtensionId madId
-);
+

 /**
 * Holds if in a call to the function with canonical path `path`, the value referred
@@ -111,20 +80,7 @@ extensible predicate sinkModel(
  string path, string input, string kind, string provenance, QlBuiltins::ExtensionId madId
 );

-/**
- * DEPRECATED: Do not use.
- *
- * Holds if in a call to the function with canonical path `path`, defined in the
- * crate `crate`, the value referred to by `input` can flow to the value referred
- * to by `output`.
- *
- * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving
- * steps, respectively.
- */
-extensible predicate summaryModelDeprecated(
-  string crate, string path, string input, string output, string kind, string provenance,
-  QlBuiltins::ExtensionId madId
-);
+

 /**
 * Holds if in a call to the function with canonical path `path`, the value referred
@@ -144,66 +100,23 @@ extensible predicate summaryModel(
 * This predicate should only be used in tests.
 */
 predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
-  exists(string crate, string path, string output, string kind |
-    sourceModelDeprecated(crate, path, output, kind, _, madId) and
-    model = "Source: " + crate + "; " + path + "; " + output + "; " + kind
-  )
-  or
  exists(string path, string output, string kind |
    sourceModel(path, output, kind, _, madId) and
    model = "Source: " + path + "; " + output + "; " + kind
  )
  or
-  exists(string crate, string path, string input, string kind |
-    sinkModelDeprecated(crate, path, input, kind, _, madId) and
-    model = "Sink: " + crate + "; " + path + "; " + input + "; " + kind
-  )
-  or
  exists(string path, string input, string kind |
    sinkModel(path, input, kind, _, madId) and
    model = "Sink: " + path + "; " + input + "; " + kind
  )
  or
-  exists(string type, string path, string input, string output, string kind |
-    summaryModelDeprecated(type, path, input, output, kind, _, madId) and
-    model = "Summary: " + type + "; " + path + "; " + input + "; " + output + "; " + kind
-  )
-  or
  exists(string path, string input, string output, string kind |
    summaryModel(path, input, output, kind, _, madId) and
    model = "Summary: " + path + "; " + input + "; " + output + "; " + kind
  )
 }

-private class SummarizedCallableFromModelDeprecated extends SummarizedCallable::Range {
-  private string crate;
-  private string path;

-  SummarizedCallableFromModelDeprecated() {
-    summaryModelDeprecated(crate, path, _, _, _, _, _) and
-    exists(CallExprBase call, Resolvable r |
-      call.getStaticTarget() = this and
-      r = CallExprBaseImpl::getCallResolvable(call) and
-      r.getResolvedPath() = path and
-      r.getResolvedCrateOrigin() = crate
-    )
-  }
-
-  override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
-  ) {
-    exists(string kind, QlBuiltins::ExtensionId madId |
-      summaryModelDeprecated(crate, path, input, output, kind, _, madId) and
-      model = "MaD:" + madId.toString()
-    |
-      kind = "value" and
-      preservesValue = true
-      or
-      kind = "taint" and
-      preservesValue = false
-    )
-  }
-}

 private class SummarizedCallableFromModel extends SummarizedCallable::Range {
  private string path;
@@ -233,22 +146,7 @@ private class SummarizedCallableFromModel extends SummarizedCallable::Range {
  }
 }

-private class FlowSourceFromModelDeprecated extends FlowSource::Range {
-  private string crate;
-  private string path;

-  FlowSourceFromModelDeprecated() {
-    sourceModelDeprecated(crate, path, _, _, _, _) and
-    this.callResolvesTo(crate, path)
-  }
-
-  override predicate isSource(string output, string kind, Provenance provenance, string model) {
-    exists(QlBuiltins::ExtensionId madId |
-      sourceModelDeprecated(crate, path, output, kind, provenance, madId) and
-      model = "MaD:" + madId.toString()
-    )
-  }
-}

 private class FlowSourceFromModel extends FlowSource::Range {
  private string path;
@@ -266,22 +164,7 @@ private class FlowSourceFromModel extends FlowSource::Range {
  }
 }

-private class FlowSinkFromModelDeprecated extends FlowSink::Range {
-  private string crate;
-  private string path;

-  FlowSinkFromModelDeprecated() {
-    sinkModelDeprecated(crate, path, _, _, _, _) and
-    this.callResolvesTo(crate, path)
-  }
-
-  override predicate isSink(string input, string kind, Provenance provenance, string model) {
-    exists(QlBuiltins::ExtensionId madId |
-      sinkModelDeprecated(crate, path, input, kind, provenance, madId) and
-      model = "MaD:" + madId.toString()
-    )
-  }
-}

 private class FlowSinkFromModel extends FlowSink::Range {
  private string path;
--- a/rust/ql/lib/codeql/rust/dataflow/internal/empty.model.yml
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/empty.model.yml
@@ -1,28 +1,16 @@
 extensions:
  # Make sure that the extensible model predicates have at least one definition
  # to avoid errors about undefined extensionals.
-  - addsTo:
-      pack: codeql/rust-all
-      extensible: sourceModelDeprecated
-    data: []
  - addsTo:
      pack: codeql/rust-all
      extensible: sourceModel
    data: []

-  - addsTo:
-      pack: codeql/rust-all
-      extensible: sinkModelDeprecated
-    data: []
  - addsTo:
      pack: codeql/rust-all
      extensible: sinkModel
    data: []

-  - addsTo:
-      pack: codeql/rust-all
-      extensible: summaryModelDeprecated
-    data: []
  - addsTo:
      pack: codeql/rust-all
      extensible: summaryModel