Merge branch 'main' into automated-subclass-models

2025-12-18 09:43:15 +01:00 · 2023-12-19 17:08:25 +01:00
parent 56d86f9980 4009b42891
commit 72687e0368
1196 changed files with 63696 additions and 53126 deletions
--- a/python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql
+++ b/python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql
@@ -16,15 +16,13 @@ private import semmle.python.dataflow.new.RemoteFlowSources
 private import meta.MetaMetrics
 private import semmle.python.dataflow.new.internal.PrintNode

-class RemoteFlowSourceReach extends TaintTracking::Configuration {
-  RemoteFlowSourceReach() { this = "RemoteFlowSourceReach" }
-
-  override predicate isSource(DataFlow::Node node) {
+module RemoteFlowSourceReachConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) {
    node instanceof RemoteFlowSource and
    not node.getLocation().getFile() instanceof IgnoredFile
  }

-  override predicate isSink(DataFlow::Node node) {
+  predicate isSink(DataFlow::Node node) {
    not node.getLocation().getFile() instanceof IgnoredFile
    // We could try to reduce the number of sinks in this configuration, by only
    // allowing something that is on one end of a localFlowStep, readStep or storeStep,
@@ -37,6 +35,8 @@ class RemoteFlowSourceReach extends TaintTracking::Configuration {
  }
 }

-from RemoteFlowSourceReach cfg, DataFlow::Node reachable
-where cfg.hasFlow(_, reachable)
+module RemoteFlowSourceReachFlow = TaintTracking::Global<RemoteFlowSourceReachConfig>;
+
+from DataFlow::Node reachable
+where RemoteFlowSourceReachFlow::flow(_, reachable)
 select reachable, prettyNode(reachable)
--- a/python/ql/src/meta/analysis-quality/TTCallGraph.ql
+++ b/python/ql/src/meta/analysis-quality/TTCallGraph.ql
@@ -3,7 +3,6 @@
 * @kind problem
 * @problem.severity recommendation
 * @id py/meta/type-tracking-call-graph
- * @tags meta
 * @precision very-low
 */

--- a/python/ql/src/meta/analysis-quality/TTCallGraphMissing.ql
+++ b/python/ql/src/meta/analysis-quality/TTCallGraphMissing.ql
@@ -3,7 +3,6 @@
 * @kind problem
 * @problem.severity recommendation
 * @id py/meta/call-graph-missing
- * @tags meta
 * @precision very-low
 */

--- a/python/ql/src/meta/analysis-quality/TTCallGraphNew.ql
+++ b/python/ql/src/meta/analysis-quality/TTCallGraphNew.ql
@@ -3,7 +3,6 @@
 * @kind problem
 * @problem.severity recommendation
 * @id py/meta/call-graph-new
- * @tags meta
 * @precision very-low
 */

--- a/python/ql/src/meta/analysis-quality/TTCallGraphNewAmbiguous.ql
+++ b/python/ql/src/meta/analysis-quality/TTCallGraphNewAmbiguous.ql
@@ -3,7 +3,6 @@
 * @kind problem
 * @problem.severity recommendation
 * @id py/meta/call-graph-new-ambiguous
- * @tags meta
 * @precision very-low
 */

--- a/python/ql/src/meta/analysis-quality/TTCallGraphShared.ql
+++ b/python/ql/src/meta/analysis-quality/TTCallGraphShared.ql
@@ -3,7 +3,6 @@
 * @kind problem
 * @problem.severity recommendation
 * @id py/meta/call-graph-shared
- * @tags meta
 * @precision very-low
 */