From 7b629f5d63deb67fc8ec10cc7fdf652a4de3bb0e Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Mon, 5 Jun 2023 08:23:31 -0400 Subject: [PATCH] Shared: include 'qltest%' and 'test-%' --- .../code/csharp/dataflow/SharedModelValidation.qll | 12 ++++++++---- .../lib/semmle/go/dataflow/SharedModelValidation.qll | 12 ++++++++---- .../lib/semmle/code/java/dataflow/ExternalFlow.qll | 2 -- .../code/java/dataflow/SharedModelValidation.qll | 12 ++++++++---- .../frameworks/data/internal/ApiGraphModels.qll | 1 - .../data/internal/SharedModelValidation.qll | 12 ++++++++---- .../frameworks/data/internal/ApiGraphModels.qll | 1 - .../data/internal/SharedModelValidation.qll | 12 ++++++++---- .../ruby/frameworks/data/internal/ApiGraphModels.qll | 1 - .../data/internal/SharedModelValidation.qll | 12 ++++++++---- .../codeql/swift/dataflow/SharedModelValidation.qll | 12 ++++++++---- 11 files changed, 56 insertions(+), 33 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/SharedModelValidation.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/SharedModelValidation.qll index 5b0105ad554..f38e90257d1 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/SharedModelValidation.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/SharedModelValidation.qll @@ -29,7 +29,7 @@ class ValidSinkKind extends string { or this.matches([ // shared - "encryption-%", + "encryption-%", "qltest%", "test-%", // Java-only currently, but may be shared in the future "regex-use%", // JavaScript-only currently, but may be shared in the future @@ -53,11 +53,15 @@ class ValidSourceKind extends string { // C# "file", "file-write", // JavaScript - "database-access-result" + "database-access-result", "remote-flow" ] or - // Swift - this.matches("%string-%length") + this.matches([ + // shared + "qltest%", "test-%", + // Swift + "%string-%length" + ]) } } diff --git a/go/ql/lib/semmle/go/dataflow/SharedModelValidation.qll b/go/ql/lib/semmle/go/dataflow/SharedModelValidation.qll index 5b0105ad554..f38e90257d1 100644 --- a/go/ql/lib/semmle/go/dataflow/SharedModelValidation.qll +++ b/go/ql/lib/semmle/go/dataflow/SharedModelValidation.qll @@ -29,7 +29,7 @@ class ValidSinkKind extends string { or this.matches([ // shared - "encryption-%", + "encryption-%", "qltest%", "test-%", // Java-only currently, but may be shared in the future "regex-use%", // JavaScript-only currently, but may be shared in the future @@ -53,11 +53,15 @@ class ValidSourceKind extends string { // C# "file", "file-write", // JavaScript - "database-access-result" + "database-access-result", "remote-flow" ] or - // Swift - this.matches("%string-%length") + this.matches([ + // shared + "qltest%", "test-%", + // Swift + "%string-%length" + ]) } } diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 3004910dc3f..2c63d9d37a0 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -318,7 +318,6 @@ module ModelValidation { or exists(string kind, string msg | sinkModel(_, _, _, _, _, _, _, kind, _) | not kind instanceof ValidSinkKind and - not kind.matches("qltest%") and msg = "Invalid kind \"" + kind + "\" in sink model." and // The part of this message that refers to outdated sink kinds can be deleted after June 1st, 2024. if kind instanceof OutdatedSinkKind @@ -328,7 +327,6 @@ module ModelValidation { or exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) | not kind instanceof ValidSourceKind and - not kind.matches("qltest%") and result = "Invalid kind \"" + kind + "\" in source model." ) or diff --git a/java/ql/lib/semmle/code/java/dataflow/SharedModelValidation.qll b/java/ql/lib/semmle/code/java/dataflow/SharedModelValidation.qll index 5b0105ad554..f38e90257d1 100644 --- a/java/ql/lib/semmle/code/java/dataflow/SharedModelValidation.qll +++ b/java/ql/lib/semmle/code/java/dataflow/SharedModelValidation.qll @@ -29,7 +29,7 @@ class ValidSinkKind extends string { or this.matches([ // shared - "encryption-%", + "encryption-%", "qltest%", "test-%", // Java-only currently, but may be shared in the future "regex-use%", // JavaScript-only currently, but may be shared in the future @@ -53,11 +53,15 @@ class ValidSourceKind extends string { // C# "file", "file-write", // JavaScript - "database-access-result" + "database-access-result", "remote-flow" ] or - // Swift - this.matches("%string-%length") + this.matches([ + // shared + "qltest%", "test-%", + // Swift + "%string-%length" + ]) } } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll index dd46283be4b..b0dd297b6c6 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll @@ -663,7 +663,6 @@ module ModelOutput { or exists(string kind | sinkModel(_, _, kind) | not kind instanceof ValidSinkKind and - not kind.matches("test-%") and result = "Invalid kind \"" + kind + "\" in sink model." ) or diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/SharedModelValidation.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/SharedModelValidation.qll index 5b0105ad554..f38e90257d1 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/SharedModelValidation.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/SharedModelValidation.qll @@ -29,7 +29,7 @@ class ValidSinkKind extends string { or this.matches([ // shared - "encryption-%", + "encryption-%", "qltest%", "test-%", // Java-only currently, but may be shared in the future "regex-use%", // JavaScript-only currently, but may be shared in the future @@ -53,11 +53,15 @@ class ValidSourceKind extends string { // C# "file", "file-write", // JavaScript - "database-access-result" + "database-access-result", "remote-flow" ] or - // Swift - this.matches("%string-%length") + this.matches([ + // shared + "qltest%", "test-%", + // Swift + "%string-%length" + ]) } } diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll index dd46283be4b..b0dd297b6c6 100644 --- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll +++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll @@ -663,7 +663,6 @@ module ModelOutput { or exists(string kind | sinkModel(_, _, kind) | not kind instanceof ValidSinkKind and - not kind.matches("test-%") and result = "Invalid kind \"" + kind + "\" in sink model." ) or diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/SharedModelValidation.qll b/python/ql/lib/semmle/python/frameworks/data/internal/SharedModelValidation.qll index 5b0105ad554..f38e90257d1 100644 --- a/python/ql/lib/semmle/python/frameworks/data/internal/SharedModelValidation.qll +++ b/python/ql/lib/semmle/python/frameworks/data/internal/SharedModelValidation.qll @@ -29,7 +29,7 @@ class ValidSinkKind extends string { or this.matches([ // shared - "encryption-%", + "encryption-%", "qltest%", "test-%", // Java-only currently, but may be shared in the future "regex-use%", // JavaScript-only currently, but may be shared in the future @@ -53,11 +53,15 @@ class ValidSourceKind extends string { // C# "file", "file-write", // JavaScript - "database-access-result" + "database-access-result", "remote-flow" ] or - // Swift - this.matches("%string-%length") + this.matches([ + // shared + "qltest%", "test-%", + // Swift + "%string-%length" + ]) } } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll index dd46283be4b..b0dd297b6c6 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll @@ -663,7 +663,6 @@ module ModelOutput { or exists(string kind | sinkModel(_, _, kind) | not kind instanceof ValidSinkKind and - not kind.matches("test-%") and result = "Invalid kind \"" + kind + "\" in sink model." ) or diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/SharedModelValidation.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/SharedModelValidation.qll index 5b0105ad554..f38e90257d1 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/SharedModelValidation.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/SharedModelValidation.qll @@ -29,7 +29,7 @@ class ValidSinkKind extends string { or this.matches([ // shared - "encryption-%", + "encryption-%", "qltest%", "test-%", // Java-only currently, but may be shared in the future "regex-use%", // JavaScript-only currently, but may be shared in the future @@ -53,11 +53,15 @@ class ValidSourceKind extends string { // C# "file", "file-write", // JavaScript - "database-access-result" + "database-access-result", "remote-flow" ] or - // Swift - this.matches("%string-%length") + this.matches([ + // shared + "qltest%", "test-%", + // Swift + "%string-%length" + ]) } } diff --git a/swift/ql/lib/codeql/swift/dataflow/SharedModelValidation.qll b/swift/ql/lib/codeql/swift/dataflow/SharedModelValidation.qll index 5b0105ad554..f38e90257d1 100644 --- a/swift/ql/lib/codeql/swift/dataflow/SharedModelValidation.qll +++ b/swift/ql/lib/codeql/swift/dataflow/SharedModelValidation.qll @@ -29,7 +29,7 @@ class ValidSinkKind extends string { or this.matches([ // shared - "encryption-%", + "encryption-%", "qltest%", "test-%", // Java-only currently, but may be shared in the future "regex-use%", // JavaScript-only currently, but may be shared in the future @@ -53,11 +53,15 @@ class ValidSourceKind extends string { // C# "file", "file-write", // JavaScript - "database-access-result" + "database-access-result", "remote-flow" ] or - // Swift - this.matches("%string-%length") + this.matches([ + // shared + "qltest%", "test-%", + // Swift + "%string-%length" + ]) } }