Convert C++ CSV models from QL files to .model.yml data extensions

Migrate ZeroMQ models from ZMQ.qll and getc-family source models
from Gets.qll into new .model.yml files in the ext/ directory.

Agent-Logs-Url: https://github.com/github/codeql/sessions/da8f5e5b-35f7-47a4-afa0-750616e3df5b

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>

cpp/ql/lib/change-notes/2026-03-26-convert-csv-models-to-yml.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* ZeroMQ and `getc`-family models have been migrated from inline CSV specifications in QL files to `.model.yml` data extension files in the `ext/` directory.

cpp/ql/lib/ext/ZMQ.model.yml

@@ -0,0 +1,22 @@
+# ZeroMQ networking library models
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: sourceModel
+    data: # namespace, type, subtypes, name, signature, ext, output, kind, provenance
+      - ["", "", False, "zmq_recv", "", "", "Argument[*1]", "remote", "manual"]
+      - ["", "", False, "zmq_recvmsg", "", "", "Argument[*1]", "remote", "manual"]
+      - ["", "", False, "zmq_msg_recv", "", "", "Argument[*0]", "remote", "manual"]
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: sinkModel
+    data: # namespace, type, subtypes, name, signature, ext, input, kind, provenance
+      - ["", "", False, "zmq_send", "", "", "Argument[*1]", "remote-sink", "manual"]
+      - ["", "", False, "zmq_sendmsg", "", "", "Argument[*1]", "remote-sink", "manual"]
+      - ["", "", False, "zmq_msg_send", "", "", "Argument[*0]", "remote-sink", "manual"]
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: summaryModel
+    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
+      - ["", "", False, "zmq_msg_init_data", "", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
+      - ["", "", False, "zmq_msg_data", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]

cpp/ql/lib/ext/getc.model.yml

@@ -0,0 +1,19 @@
+# Models for getc and similar character-reading functions
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: sourceModel
+    data: # namespace, type, subtypes, name, signature, ext, output, kind, provenance
+      - ["", "", False, "getc", "", "", "ReturnValue", "remote", "manual"]
+      - ["", "", False, "getwc", "", "", "ReturnValue", "remote", "manual"]
+      - ["", "", False, "_getc_nolock", "", "", "ReturnValue", "remote", "manual"]
+      - ["", "", False, "_getwc_nolock", "", "", "ReturnValue", "remote", "manual"]
+      - ["", "", False, "getch", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getch", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getwch", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getch_nolock", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getwch_nolock", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "getchar", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "getwchar", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getchar_nolock", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getwchar_nolock", "", "", "ReturnValue", "local", "manual"]

cpp/ql/lib/semmle/code/cpp/models/Models.qll

@@ -48,7 +48,6 @@ private import implementations.SqLite3
 private import implementations.PostgreSql
 private import implementations.System
 private import implementations.StructuredExceptionHandling
-private import implementations.ZMQ
 private import implementations.Win32CommandExecution
 private import implementations.CA2AEX
 private import implementations.CComBSTR

cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll

@@ -113,20 +113,3 @@ private class GetsFunction extends DataFlowFunction, ArrayFunction, AliasFunctio
   override predicate hasArrayOutput(int bufParam) { bufParam = 0 }
 }
 
-/**
- * A model for `getc` and similar functions that are flow sources.
- */
-private class GetcSource extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        ";;false;getc;;;ReturnValue;remote", ";;false;getwc;;;ReturnValue;remote",
-        ";;false;_getc_nolock;;;ReturnValue;remote", ";;false;_getwc_nolock;;;ReturnValue;remote",
-        ";;false;getch;;;ReturnValue;local", ";;false;_getch;;;ReturnValue;local",
-        ";;false;_getwch;;;ReturnValue;local", ";;false;_getch_nolock;;;ReturnValue;local",
-        ";;false;_getwch_nolock;;;ReturnValue;local", ";;false;getchar;;;ReturnValue;local",
-        ";;false;getwchar;;;ReturnValue;local", ";;false;_getchar_nolock;;;ReturnValue;local",
-        ";;false;_getwchar_nolock;;;ReturnValue;local",
-      ]
-  }
-}

cpp/ql/lib/semmle/code/cpp/models/implementations/ZMQ.qll

@@ -1,45 +0,0 @@
-/**
- * Provides implementation classes modeling the ZeroMQ networking library.
- */
-
-import semmle.code.cpp.models.interfaces.FlowSource
-
-/**
- * Remote flow sources.
- */
-private class ZmqSource extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        ";;false;zmq_recv;;;Argument[*1];remote", ";;false;zmq_recvmsg;;;Argument[*1];remote",
-        ";;false;zmq_msg_recv;;;Argument[*0];remote",
-      ]
-  }
-}
-
-/**
- * Remote flow sinks.
- */
-private class ZmqSinks extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        ";;false;zmq_send;;;Argument[*1];remote-sink",
-        ";;false;zmq_sendmsg;;;Argument[*1];remote-sink",
-        ";;false;zmq_msg_send;;;Argument[*0];remote-sink",
-      ]
-  }
-}
-
-/**
- * Flow steps.
- */
-private class ZmqSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        ";;false;zmq_msg_init_data;;;Argument[*1];Argument[*0];taint",
-        ";;false;zmq_msg_data;;;Argument[*0];ReturnValue[*];taint",
-      ]
-  }
-}