Replace branch with acceptingValue

2026-04-17 21:14:02 +02:00 · 2026-03-27 22:39:10 +00:00
parent a7fdc4b543
commit 37aac05964
8 changed files with 67 additions and 66 deletions
--- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll
@@ -13,7 +13,7 @@
 * - Barriers:
 *   `type, path, kind`
 * - BarrierGuards:
- *   `type, path, branch, kind`
+ *   `type, path, acceptingValue, kind`
 * - Types:
 *   `type1, type2, path`
 *
@@ -46,7 +46,7 @@
 * 3. The `input` and `output` columns specify how data enters and leaves the element selected by the
 *    first `(type, path)` tuple. Both strings are `.`-separated access paths
 *    of the same syntax as the `path` column.
- * 4. The `branch` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
+ * 4. The `acceptingValue` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
 * 5. The `kind` column is a tag that can be referenced from QL to determine to
 *    which classes the interpreted elements should be added. For example, for
 *    sources `"remote"` indicates a default remote flow source, and for summaries
@@ -360,11 +360,11 @@ private predicate barrierModel(string type, string path, string kind, string mod

 /** Holds if a barrier guard model exists for the given parameters. */
 private predicate barrierGuardModel(
-  string type, string path, string branch, string kind, string model
+  string type, string path, string acceptingValue, string kind, string model
 ) {
  // No deprecation adapter for barrier models, they were not around back then.
  exists(QlBuiltins::ExtensionId madId |
-    Extensions::barrierGuardModel(type, path, branch, kind, madId) and
+    Extensions::barrierGuardModel(type, path, acceptingValue, kind, madId) and
    model = "MaD:" + madId.toString()
  )
 }
@@ -788,16 +788,16 @@ module ModelOutput {
    }

    /**
-     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `branch`.
+     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `acceptingValue`.
     */
    cached
-    API::Node getABarrierGuardNode(string kind, boolean branch, string model) {
-      exists(string type, string path, string branch_str |
-        branch = true and branch_str = "true"
+    API::Node getABarrierGuardNode(string kind, boolean acceptingValue, string model) {
+      exists(string type, string path, string acceptingValue_str |
+        acceptingValue = true and acceptingValue_str = "true"
        or
-        branch = false and branch_str = "false"
+        acceptingValue = false and acceptingValue_str = "false"
      |
-        barrierGuardModel(type, path, branch_str, kind, model) and
+        barrierGuardModel(type, path, acceptingValue_str, kind, model) and
        result = getNodeFromPath(type, path)
      )
    }
@@ -861,12 +861,12 @@ module ModelOutput {
  API::Node getABarrierNode(string kind) { result = getABarrierNode(kind, _) }

  /**
-   * Holds if an external model contributed `barrier-guard` with the given `kind` and `branch`.
+   * Holds if an external model contributed `barrier-guard` with the given `kind` and `acceptingValue`.
   *
   * INTERNAL: Do not use.
   */
-  API::Node getABarrierGuardNode(string kind, boolean branch) {
-    result = getABarrierGuardNode(kind, branch, _)
+  API::Node getABarrierGuardNode(string kind, boolean acceptingValue) {
+    result = getABarrierGuardNode(kind, acceptingValue, _)
  }

  /**
--- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll
@@ -33,11 +33,11 @@ extensible predicate barrierModel(
 * of the given `kind` and `madId` is the data extension row number.
 * `path` is assumed to lead to a parameter of a call (possibly `self`), and
 * the call is guarding the parameter.
- * `branch` is either `true` or `false`, indicating which branch of the guard
- * is protecting the parameter.
+ * `acceptingValue` is either `true` or `false`, indicating which branch of
+ * the guard is protecting the parameter.
 */
 extensible predicate barrierGuardModel(
-  string type, string path, string branch, string kind, QlBuiltins::ExtensionId madId
+  string type, string path, string acceptingValue, string kind, QlBuiltins::ExtensionId madId
 );

 /**
--- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
+++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
@@ -13,7 +13,7 @@
 * - Barriers:
 *   `type, path, kind`
 * - BarrierGuards:
- *   `type, path, branch, kind`
+ *   `type, path, acceptingValue, kind`
 * - Types:
 *   `type1, type2, path`
 *
@@ -46,7 +46,7 @@
 * 3. The `input` and `output` columns specify how data enters and leaves the element selected by the
 *    first `(type, path)` tuple. Both strings are `.`-separated access paths
 *    of the same syntax as the `path` column.
- * 4. The `branch` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
+ * 4. The `acceptingValue` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
 * 5. The `kind` column is a tag that can be referenced from QL to determine to
 *    which classes the interpreted elements should be added. For example, for
 *    sources `"remote"` indicates a default remote flow source, and for summaries
@@ -360,11 +360,11 @@ private predicate barrierModel(string type, string path, string kind, string mod

 /** Holds if a barrier guard model exists for the given parameters. */
 private predicate barrierGuardModel(
-  string type, string path, string branch, string kind, string model
+  string type, string path, string acceptingValue, string kind, string model
 ) {
  // No deprecation adapter for barrier models, they were not around back then.
  exists(QlBuiltins::ExtensionId madId |
-    Extensions::barrierGuardModel(type, path, branch, kind, madId) and
+    Extensions::barrierGuardModel(type, path, acceptingValue, kind, madId) and
    model = "MaD:" + madId.toString()
  )
 }
@@ -788,16 +788,16 @@ module ModelOutput {
    }

    /**
-     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `branch`.
+     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `acceptingValue`.
     */
    cached
-    API::Node getABarrierGuardNode(string kind, boolean branch, string model) {
-      exists(string type, string path, string branch_str |
-        branch = true and branch_str = "true"
+    API::Node getABarrierGuardNode(string kind, boolean acceptingValue, string model) {
+      exists(string type, string path, string acceptingValue_str |
+        acceptingValue = true and acceptingValue_str = "true"
        or
-        branch = false and branch_str = "false"
+        acceptingValue = false and acceptingValue_str = "false"
      |
-        barrierGuardModel(type, path, branch_str, kind, model) and
+        barrierGuardModel(type, path, acceptingValue_str, kind, model) and
        result = getNodeFromPath(type, path)
      )
    }
@@ -861,12 +861,12 @@ module ModelOutput {
  API::Node getABarrierNode(string kind) { result = getABarrierNode(kind, _) }

  /**
-   * Holds if an external model contributed `barrier-guard` with the given `kind` and `branch`.
+   * Holds if an external model contributed `barrier-guard` with the given `kind` and `acceptingValue`.
   *
   * INTERNAL: Do not use.
   */
-  API::Node getABarrierGuardNode(string kind, boolean branch) {
-    result = getABarrierGuardNode(kind, branch, _)
+  API::Node getABarrierGuardNode(string kind, boolean acceptingValue) {
+    result = getABarrierGuardNode(kind, acceptingValue, _)
  }

  /**
--- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll
+++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll
@@ -33,11 +33,11 @@ extensible predicate barrierModel(
 * of the given `kind` and `madId` is the data extension row number.
 * `path` is assumed to lead to a parameter of a call (possibly `self`), and
 * the call is guarding the parameter.
- * `branch` is either `true` or `false`, indicating which branch of the guard
- * is protecting the parameter.
+ * `acceptingValue` is either `true` or `false`, indicating which branch of
+ * the guard is protecting the parameter.
 */
 extensible predicate barrierGuardModel(
-  string type, string path, string branch, string kind, QlBuiltins::ExtensionId madId
+  string type, string path, string acceptingValue, string kind, QlBuiltins::ExtensionId madId
 );

 /**
--- a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll
@@ -13,7 +13,7 @@
 * - Barriers:
 *   `type, path, kind`
 * - BarrierGuards:
- *   `type, path, branch, kind`
+ *   `type, path, acceptingValue, kind`
 * - Types:
 *   `type1, type2, path`
 *
@@ -46,7 +46,7 @@
 * 3. The `input` and `output` columns specify how data enters and leaves the element selected by the
 *    first `(type, path)` tuple. Both strings are `.`-separated access paths
 *    of the same syntax as the `path` column.
- * 4. The `branch` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
+ * 4. The `acceptingValue` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
 * 5. The `kind` column is a tag that can be referenced from QL to determine to
 *    which classes the interpreted elements should be added. For example, for
 *    sources `"remote"` indicates a default remote flow source, and for summaries
@@ -360,11 +360,11 @@ private predicate barrierModel(string type, string path, string kind, string mod

 /** Holds if a barrier guard model exists for the given parameters. */
 private predicate barrierGuardModel(
-  string type, string path, string branch, string kind, string model
+  string type, string path, string acceptingValue, string kind, string model
 ) {
  // No deprecation adapter for barrier models, they were not around back then.
  exists(QlBuiltins::ExtensionId madId |
-    Extensions::barrierGuardModel(type, path, branch, kind, madId) and
+    Extensions::barrierGuardModel(type, path, acceptingValue, kind, madId) and
    model = "MaD:" + madId.toString()
  )
 }
@@ -788,16 +788,16 @@ module ModelOutput {
    }

    /**
-     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `branch`.
+     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `acceptingValue`.
     */
    cached
-    API::Node getABarrierGuardNode(string kind, boolean branch, string model) {
-      exists(string type, string path, string branch_str |
-        branch = true and branch_str = "true"
+    API::Node getABarrierGuardNode(string kind, boolean acceptingValue, string model) {
+      exists(string type, string path, string acceptingValue_str |
+        acceptingValue = true and acceptingValue_str = "true"
        or
-        branch = false and branch_str = "false"
+        acceptingValue = false and acceptingValue_str = "false"
      |
-        barrierGuardModel(type, path, branch_str, kind, model) and
+        barrierGuardModel(type, path, acceptingValue_str, kind, model) and
        result = getNodeFromPath(type, path)
      )
    }
@@ -861,12 +861,12 @@ module ModelOutput {
  API::Node getABarrierNode(string kind) { result = getABarrierNode(kind, _) }

  /**
-   * Holds if an external model contributed `barrier-guard` with the given `kind` and `branch`.
+   * Holds if an external model contributed `barrier-guard` with the given `kind` and `acceptingValue`.
   *
   * INTERNAL: Do not use.
   */
-  API::Node getABarrierGuardNode(string kind, boolean branch) {
-    result = getABarrierGuardNode(kind, branch, _)
+  API::Node getABarrierGuardNode(string kind, boolean acceptingValue) {
+    result = getABarrierGuardNode(kind, acceptingValue, _)
  }

  /**
--- a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll
@@ -33,11 +33,11 @@ extensible predicate barrierModel(
 * of the given `kind` and `madId` is the data extension row number.
 * `path` is assumed to lead to a parameter of a call (possibly `self`), and
 * the call is guarding the parameter.
- * `branch` is either `true` or `false`, indicating which branch of the guard
- * is protecting the parameter.
+ * `acceptingValue` is either `true` or `false`, indicating which branch of
+ * the guard is protecting the parameter.
 */
 extensible predicate barrierGuardModel(
-  string type, string path, string branch, string kind, QlBuiltins::ExtensionId madId
+  string type, string path, string acceptingValue, string kind, QlBuiltins::ExtensionId madId
 );

 /**
--- a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
@@ -12,7 +12,7 @@
 * - Barriers:
 *   `path; output; kind; provenance`
 * - BarrierGuards:
- *   `path; input; branch; kind; provenance`
+ *   `path; input; acceptingValue; kind; provenance`
 * - Neutrals:
 *   `path; kind; provenance`
 *   A neutral is used to indicate that a callable is neutral with respect to flow (no summary), source (is not a source) or sink (is not a sink).
@@ -41,7 +41,7 @@
 *     - `Field[i]`: the `i`th element of a tuple.
 *     - `Reference`: the referenced value.
 *     - `Future`: the value being computed asynchronously.
- * 3. The `branch` column of barrier guard models specifies which branch of the
+ * 3. The `acceptingValue` column of barrier guard models specifies which branch of the
 *    guard is blocking flow. It can be "true" or "false". In the future
 *    "no-exception", "not-zero", "null", "not-null" may be supported.
 * 4. The `kind` column is a tag that can be referenced from QL to determine to
@@ -124,11 +124,12 @@ extensible predicate barrierModel(
 * extension row number.
 *
 * The value referred to by `input` is assumed to lead to an argument of a call
- * (possibly `self`), and the call is guarding the argument. `branch` is either `true`
- * or `false`, indicating which branch of the guard is protecting the argument.
+ * (possibly `self`), and the call is guarding the argument.
+ * `acceptingValue` is either `true` or `false`, indicating which branch of
+ * the guard is protecting the parameter.
 */
 extensible predicate barrierGuardModel(
-  string path, string input, string branch, string kind, string provenance,
+  string path, string input, string acceptingValue, string kind, string provenance,
  QlBuiltins::ExtensionId madId
 );

@@ -163,9 +164,9 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
    model = "Barrier: " + path + "; " + output + "; " + kind
  )
  or
-  exists(string path, string input, string branch, string kind |
-    barrierGuardModel(path, input, branch, kind, _, madId) and
-    model = "Barrier guard: " + path + "; " + input + "; " + branch + "; " + kind
+  exists(string path, string input, string acceptingValue, string kind |
+    barrierGuardModel(path, input, acceptingValue, kind, _, madId) and
+    model = "Barrier guard: " + path + "; " + input + "; " + acceptingValue + "; " + kind
  )
 }

@@ -275,10 +276,10 @@ private class FlowBarrierGuardFromModel extends FlowBarrierGuard::Range {
  }

  override predicate isBarrierGuard(
-    string input, string branch, string kind, Provenance provenance, string model
+    string input, string acceptingValue, string kind, Provenance provenance, string model
  ) {
    exists(QlBuiltins::ExtensionId madId |
-      barrierGuardModel(path, input, branch, kind, provenance, madId) and
+      barrierGuardModel(path, input, acceptingValue, kind, provenance, madId) and
      model = "MaD:" + madId.toString()
    )
  }
--- a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
+++ b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
@@ -388,11 +388,11 @@ module Make<

      /**
       * Holds if this element is a flow barrier guard of kind `kind`, for data
-       * flowing in as described by `input`, when `this` evaluates to `branch`.
+       * flowing in as described by `input`, when `this` evaluates to `acceptingValue`.
       */
      pragma[nomagic]
      abstract predicate isBarrierGuard(
-        string input, string branch, string kind, Provenance provenance, string model
+        string input, string acceptingValue, string kind, Provenance provenance, string model
      );
    }

@@ -764,10 +764,10 @@ module Make<
    }

    private predicate isRelevantBarrierGuard(
-      BarrierGuardElement e, string input, string branch, string kind, Provenance provenance,
-      string model
+      BarrierGuardElement e, string input, string acceptingValue, string kind,
+      Provenance provenance, string model
    ) {
-      e.isBarrierGuard(input, branch, kind, provenance, model) and
+      e.isBarrierGuard(input, acceptingValue, kind, provenance, model) and
      (
        provenance.isManual()
        or
@@ -1588,11 +1588,11 @@ module Make<
     * Holds if `barrierGuard` is a relevant barrier guard element with input specification `inSpec`.
     */
    predicate barrierGuardSpec(
-      BarrierGuardElement barrierGuard, SummaryComponentStack inSpec, string branch, string kind,
-      string model
+      BarrierGuardElement barrierGuard, SummaryComponentStack inSpec, string acceptingValue,
+      string kind, string model
    ) {
      exists(string input |
-        isRelevantBarrierGuard(barrierGuard, input, branch, kind, _, model) and
+        isRelevantBarrierGuard(barrierGuard, input, acceptingValue, kind, _, model) and
        External::interpretSpec(input, inSpec)
      )
    }