From a6377145ac11808edcc1862b2a329f517a74293a Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 26 Mar 2026 12:38:19 +0000
Subject: [PATCH] Convert C++ CSV models from QL files to .model.yml data
 extensions

Migrate ZeroMQ models from ZMQ.qll and getc-family source models
from Gets.qll into new .model.yml files in the ext/ directory.

Agent-Logs-Url: https://github.com/github/codeql/sessions/da8f5e5b-35f7-47a4-afa0-750616e3df5b

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
---
 .../2026-03-26-convert-csv-models-to-yml.md   |  4 ++
 cpp/ql/lib/ext/ZMQ.model.yml                  | 22 +++++++++
 cpp/ql/lib/ext/getc.model.yml                 | 19 ++++++++
 cpp/ql/lib/semmle/code/cpp/models/Models.qll  |  1 -
 .../code/cpp/models/implementations/Gets.qll  | 17 -------
 .../code/cpp/models/implementations/ZMQ.qll   | 45 -------------------
 6 files changed, 45 insertions(+), 63 deletions(-)
 create mode 100644 cpp/ql/lib/change-notes/2026-03-26-convert-csv-models-to-yml.md
 create mode 100644 cpp/ql/lib/ext/ZMQ.model.yml
 create mode 100644 cpp/ql/lib/ext/getc.model.yml
 delete mode 100644 cpp/ql/lib/semmle/code/cpp/models/implementations/ZMQ.qll

diff --git a/cpp/ql/lib/change-notes/2026-03-26-convert-csv-models-to-yml.md b/cpp/ql/lib/change-notes/2026-03-26-convert-csv-models-to-yml.md
new file mode 100644
index 00000000000..9fd99403bc4
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2026-03-26-convert-csv-models-to-yml.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* ZeroMQ and `getc`-family models have been migrated from inline CSV specifications in QL files to `.model.yml` data extension files in the `ext/` directory.
diff --git a/cpp/ql/lib/ext/ZMQ.model.yml b/cpp/ql/lib/ext/ZMQ.model.yml
new file mode 100644
index 00000000000..62c3bb1a3bf
--- /dev/null
+++ b/cpp/ql/lib/ext/ZMQ.model.yml
@@ -0,0 +1,22 @@
+# ZeroMQ networking library models
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: sourceModel
+    data: # namespace, type, subtypes, name, signature, ext, output, kind, provenance
+      - ["", "", False, "zmq_recv", "", "", "Argument[*1]", "remote", "manual"]
+      - ["", "", False, "zmq_recvmsg", "", "", "Argument[*1]", "remote", "manual"]
+      - ["", "", False, "zmq_msg_recv", "", "", "Argument[*0]", "remote", "manual"]
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: sinkModel
+    data: # namespace, type, subtypes, name, signature, ext, input, kind, provenance
+      - ["", "", False, "zmq_send", "", "", "Argument[*1]", "remote-sink", "manual"]
+      - ["", "", False, "zmq_sendmsg", "", "", "Argument[*1]", "remote-sink", "manual"]
+      - ["", "", False, "zmq_msg_send", "", "", "Argument[*0]", "remote-sink", "manual"]
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: summaryModel
+    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
+      - ["", "", False, "zmq_msg_init_data", "", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
+      - ["", "", False, "zmq_msg_data", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
diff --git a/cpp/ql/lib/ext/getc.model.yml b/cpp/ql/lib/ext/getc.model.yml
new file mode 100644
index 00000000000..43958205e0b
--- /dev/null
+++ b/cpp/ql/lib/ext/getc.model.yml
@@ -0,0 +1,19 @@
+# Models for getc and similar character-reading functions
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: sourceModel
+    data: # namespace, type, subtypes, name, signature, ext, output, kind, provenance
+      - ["", "", False, "getc", "", "", "ReturnValue", "remote", "manual"]
+      - ["", "", False, "getwc", "", "", "ReturnValue", "remote", "manual"]
+      - ["", "", False, "_getc_nolock", "", "", "ReturnValue", "remote", "manual"]
+      - ["", "", False, "_getwc_nolock", "", "", "ReturnValue", "remote", "manual"]
+      - ["", "", False, "getch", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getch", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getwch", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getch_nolock", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getwch_nolock", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "getchar", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "getwchar", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getchar_nolock", "", "", "ReturnValue", "local", "manual"]
+      - ["", "", False, "_getwchar_nolock", "", "", "ReturnValue", "local", "manual"]
diff --git a/cpp/ql/lib/semmle/code/cpp/models/Models.qll b/cpp/ql/lib/semmle/code/cpp/models/Models.qll
index 09f0a0df966..3ac08ee7aff 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/Models.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/Models.qll
@@ -48,7 +48,6 @@ private import implementations.SqLite3
 private import implementations.PostgreSql
 private import implementations.System
 private import implementations.StructuredExceptionHandling
-private import implementations.ZMQ
 private import implementations.Win32CommandExecution
 private import implementations.CA2AEX
 private import implementations.CComBSTR
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll
index b5d12083035..66d7730a818 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll
@@ -113,20 +113,3 @@ private class GetsFunction extends DataFlowFunction, ArrayFunction, AliasFunctio
   override predicate hasArrayOutput(int bufParam) { bufParam = 0 }
 }
 
-/**
- * A model for `getc` and similar functions that are flow sources.
- */
-private class GetcSource extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        ";;false;getc;;;ReturnValue;remote", ";;false;getwc;;;ReturnValue;remote",
-        ";;false;_getc_nolock;;;ReturnValue;remote", ";;false;_getwc_nolock;;;ReturnValue;remote",
-        ";;false;getch;;;ReturnValue;local", ";;false;_getch;;;ReturnValue;local",
-        ";;false;_getwch;;;ReturnValue;local", ";;false;_getch_nolock;;;ReturnValue;local",
-        ";;false;_getwch_nolock;;;ReturnValue;local", ";;false;getchar;;;ReturnValue;local",
-        ";;false;getwchar;;;ReturnValue;local", ";;false;_getchar_nolock;;;ReturnValue;local",
-        ";;false;_getwchar_nolock;;;ReturnValue;local",
-      ]
-  }
-}
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/ZMQ.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/ZMQ.qll
deleted file mode 100644
index 22f04cb9c82..00000000000
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/ZMQ.qll
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Provides implementation classes modeling the ZeroMQ networking library.
- */
-
-import semmle.code.cpp.models.interfaces.FlowSource
-
-/**
- * Remote flow sources.
- */
-private class ZmqSource extends SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        ";;false;zmq_recv;;;Argument[*1];remote", ";;false;zmq_recvmsg;;;Argument[*1];remote",
-        ";;false;zmq_msg_recv;;;Argument[*0];remote",
-      ]
-  }
-}
-
-/**
- * Remote flow sinks.
- */
-private class ZmqSinks extends SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        ";;false;zmq_send;;;Argument[*1];remote-sink",
-        ";;false;zmq_sendmsg;;;Argument[*1];remote-sink",
-        ";;false;zmq_msg_send;;;Argument[*0];remote-sink",
-      ]
-  }
-}
-
-/**
- * Flow steps.
- */
-private class ZmqSummaries extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        ";;false;zmq_msg_init_data;;;Argument[*1];Argument[*0];taint",
-        ";;false;zmq_msg_data;;;Argument[*0];ReturnValue[*];taint",
-      ]
-  }
-}