Merge pull request #14120 from asgerf/dynamic/typemodel-istypeused

Dynamic: add TypeModel.isTypeUsed
2026-04-26 01:05:15 +02:00 · 2024-06-06 15:31:16 +02:00
parent 5deb9002bf 0b78d1d953
commit 6e0f3df573
10 changed files with 90 additions and 2 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -9,6 +9,7 @@ import Attributes
 import LocalSources
 private import semmle.python.essa.SsaCompute
 private import semmle.python.dataflow.new.internal.ImportStar
+private import semmle.python.frameworks.data.ModelsAsData
 private import FlowSummaryImpl as FlowSummaryImpl
 private import semmle.python.frameworks.data.ModelsAsData

@@ -125,6 +126,13 @@ newtype TNode =
    f = any(VariableCapture::CapturedVariable v).getACapturingScope() and
    // TODO: Remove this restriction when adding proper support for captured variables in the body of the function we generate for comprehensions
    exists(TFunction(f))
+  } or
+  /** An empty, unused node type that exists to prevent unwanted dependencies on data flow nodes. */
+  TForbiddenRecursionGuard() {
+    none() and
+    // We want to prune irrelevant models before materialising data flow nodes, so types contributed
+    // directly from CodeQL must expose their pruning info without depending on data flow nodes.
+    (any(ModelInput::TypeModel tm).isTypeUsed("") implies any())
  }

 private import semmle.python.internal.CachedStages
--- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
+++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
@@ -168,9 +168,20 @@ module ModelInput {
   * A unit class for adding additional type model rows from CodeQL models.
   */
  class TypeModel extends Unit {
+    /**
+     * Holds if any of the other predicates in this class might have a result
+     * for the given `type`.
+     *
+     * The implementation of this predicate should not depend on `DataFlow::Node`.
+     */
+    bindingset[type]
+    predicate isTypeUsed(string type) { none() }
+
    /**
     * Gets a data-flow node that is a source of the given `type`.
     *
+     * Note that `type` should also be included in `isTypeUsed`.
+     *
     * This must not depend on API graphs, but ensures that an API node is generated for
     * the source.
     */
@@ -180,6 +191,8 @@ module ModelInput {
     * Gets a data-flow node that is a sink of the given `type`,
     * usually because it is an argument passed to a parameter of that type.
     *
+     * Note that `type` should also be included in `isTypeUsed`.
+     *
     * This must not depend on API graphs, but ensures that an API node is generated for
     * the sink.
     */
@@ -188,6 +201,8 @@ module ModelInput {
    /**
     * Gets an API node that is a source or sink of the given `type`.
     *
+     * Note that `type` should also be included in `isTypeUsed`.
+     *
     * Unlike `getASource` and `getASink`, this may depend on API graphs.
     */
    API::Node getAnApiNode(string type) { none() }
@@ -367,6 +382,8 @@ predicate isRelevantType(string type) {
  (
    Specific::isTypeUsed(type)
    or
+    any(TypeModel model).isTypeUsed(type)
+    or
    exists(TestAllModels t)
  )
  or