From 79f61cc645bbcfaffc35fed6482b0a08fe33306b Mon Sep 17 00:00:00 2001
From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local>
Date: Fri, 2 Jun 2023 13:54:45 -0400
Subject: [PATCH] Java/C#/Go/Swift: use 'SharedModelValidation' file

---
 .../code/csharp/dataflow/ExternalFlow.qll     | 15 ++++++----
 go/ql/lib/semmle/go/dataflow/ExternalFlow.qll |  4 ++-
 .../code/java/dataflow/ExternalFlow.qll       | 29 +++++++++++--------
 .../codeql/swift/dataflow/ExternalFlow.qll    |  4 ++-
 4 files changed, 33 insertions(+), 19 deletions(-)

diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
index 46a19828a81..902d6f246c9 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
@@ -95,6 +95,7 @@ private import internal.DataFlowPublic
 private import internal.FlowSummaryImpl::Public
 private import internal.FlowSummaryImpl::Private::External
 private import internal.FlowSummaryImplSpecific
+private import SharedModelValidation
 
 /** Holds if a source model exists for the given parameters. */
 predicate sourceModel = Extensions::sourceModel/9;
@@ -206,24 +207,28 @@ module ModelValidation {
 
   private string getInvalidModelKind() {
     exists(string kind | summaryModel(_, _, _, _, _, _, _, _, kind, _) |
-      not kind = ["taint", "value"] and
+      not kind instanceof ValidSummaryKind and
+      //not kind = ["taint", "value"] and
       result = "Invalid kind \"" + kind + "\" in summary model."
     )
     or
     exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) |
-      not kind =
-        ["code-injection", "sql-injection", "js-injection", "html-injection", "file-content-store"] and
+      not kind instanceof ValidSinkKind and
+      // not kind =
+      //   ["code-injection", "sql-injection", "js-injection", "html-injection", "file-content-store"] and
       not kind.matches("encryption-%") and
       result = "Invalid kind \"" + kind + "\" in sink model."
     )
     or
     exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) |
-      not kind = ["local", "remote", "file", "file-write"] and
+      not kind instanceof ValidSourceKind and
+      //not kind = ["local", "remote", "file", "file-write"] and
       result = "Invalid kind \"" + kind + "\" in source model."
     )
     or
     exists(string kind | neutralModel(_, _, _, _, kind, _) |
-      not kind = ["summary", "source", "sink"] and
+      not kind instanceof ValidNeutralKind and
+      //not kind = ["summary", "source", "sink"] and
       result = "Invalid kind \"" + kind + "\" in neutral model."
     )
   }
diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
index 0c6ee1c3134..05818ab68c7 100644
--- a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
+++ b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
@@ -68,6 +68,7 @@ private import internal.FlowSummaryImpl::Private::External
 private import internal.FlowSummaryImplSpecific
 private import internal.AccessPathSyntax
 private import FlowSummary
+private import SharedModelValidation
 
 /**
  * A module importing the frameworks that provide external flow data,
@@ -190,7 +191,8 @@ module ModelValidation {
 
   private string getInvalidModelKind() {
     exists(string kind | summaryModel(_, _, _, _, _, _, _, _, kind, _) |
-      not kind = ["taint", "value"] and
+      not kind instanceof ValidSummaryKind and
+      //not kind = ["taint", "value"] and
       result = "Invalid kind \"" + kind + "\" in summary model."
     )
   }
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
index bb8485cd601..b3a128fb4e1 100644
--- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -87,6 +87,7 @@ private import internal.FlowSummaryImplSpecific as FlowSummaryImplSpecific
 private import internal.AccessPathSyntax
 private import ExternalFlowExtensions as Extensions
 private import FlowSummary
+private import SharedModelValidation
 
 /**
  * A class for activating additional model rows.
@@ -311,20 +312,22 @@ module ModelValidation {
 
   private string getInvalidModelKind() {
     exists(string kind | summaryModel(_, _, _, _, _, _, _, _, kind, _) |
-      not kind = ["taint", "value"] and
+      not kind instanceof ValidSummaryKind and
+      //not kind = ["taint", "value"] and
       result = "Invalid kind \"" + kind + "\" in summary model."
     )
     or
     exists(string kind, string msg | sinkModel(_, _, _, _, _, _, _, kind, _) |
-      not kind =
-        [
-          "request-forgery", "jndi-injection", "ldap-injection", "sql-injection", "log-injection",
-          "mvel-injection", "xpath-injection", "groovy-injection", "html-injection", "js-injection",
-          "ognl-injection", "intent-redirection", "pending-intents", "url-redirection",
-          "path-injection", "file-content-store", "hostname-verification", "response-splitting",
-          "information-leak", "xslt-injection", "jexl-injection", "bean-validation",
-          "template-injection", "fragment-injection", "command-injection"
-        ] and
+      not kind instanceof ValidSinkKind and
+      // not kind =
+      //   [
+      //     "request-forgery", "jndi-injection", "ldap-injection", "sql-injection", "log-injection",
+      //     "mvel-injection", "xpath-injection", "groovy-injection", "html-injection", "js-injection",
+      //     "ognl-injection", "intent-redirection", "pending-intents", "url-redirection",
+      //     "path-injection", "file-content-store", "hostname-verification", "response-splitting",
+      //     "information-leak", "xslt-injection", "jexl-injection", "bean-validation",
+      //     "template-injection", "fragment-injection", "command-injection"
+      //   ] and
       not kind.matches("regex-use%") and
       not kind.matches("qltest%") and
       msg = "Invalid kind \"" + kind + "\" in sink model." and
@@ -335,13 +338,15 @@ module ModelValidation {
     )
     or
     exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) |
-      not kind = ["remote", "contentprovider", "android-external-storage-dir"] and
+      not kind instanceof ValidSourceKind and
+      // not kind = ["remote", "contentprovider", "android-widget", "android-external-storage-dir"] and
       not kind.matches("qltest%") and
       result = "Invalid kind \"" + kind + "\" in source model."
     )
     or
     exists(string kind | neutralModel(_, _, _, _, kind, _) |
-      not kind = ["summary", "source", "sink"] and
+      not kind instanceof ValidNeutralKind and
+      //not kind = ["summary", "source", "sink"] and
       result = "Invalid kind \"" + kind + "\" in neutral model."
     )
   }
diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
index 82daf14a39a..0adc9be7373 100644
--- a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
@@ -74,6 +74,7 @@ private import internal.FlowSummaryImpl::Public
 private import internal.FlowSummaryImpl::Private::External
 private import internal.FlowSummaryImplSpecific
 private import FlowSummary as FlowSummary
+private import SharedModelValidation
 
 /**
  * A unit class for adding additional source model rows.
@@ -266,7 +267,8 @@ module CsvValidation {
   private string getInvalidModelKind() {
     exists(string row, string kind | summaryModel(row) |
       kind = row.splitAt(";", 8) and
-      not kind = ["taint", "value"] and
+      not kind instanceof ValidSummaryKind and
+      //not kind = ["taint", "value"] and
       result = "Invalid kind \"" + kind + "\" in summary model."
     )
   }