diff --git a/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 5b3beac3453..93abe205f1a 100644 --- a/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -360,12 +360,6 @@ private module SummaryModelGeneratorInput implements SummaryModelGeneratorInputS result = "Element[" + ec.getIndirectionIndex() + "]" ) } - - predicate isUninterestingForDataFlowModels(Callable api) { none() } - - predicate isUninterestingForHeuristicDataFlowModels(Callable api) { - isUninterestingForDataFlowModels(api) - } } private module SourceModelGeneratorInput implements SourceModelGeneratorInputSig { @@ -377,11 +371,6 @@ private module SourceModelGeneratorInput implements SourceModelGeneratorInputSig SourceTargetApi() { relevant(this) and not hasManualSourceModel(this) } } - predicate irrelevantSourceSinkApi(Callable source, SourceTargetApi api) { none() } - - bindingset[kind] - predicate isRelevantSourceKind(string kind) { any() } - predicate sourceNode = ExternalFlow::sourceNode/2; } @@ -396,8 +385,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig { SinkTargetApi() { relevant(this) and not hasManualSinkModel(this) } } - predicate sinkModelSanitizer(DataFlow::Node node) { none() } - predicate apiSource(DataFlow::Node source) { DataFlowPrivate::nodeHasOperand(source, any(DataFlow::FieldAddress fa), 1) or @@ -416,9 +403,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig { result = qualifierString() } - bindingset[kind] - predicate isRelevantSinkKind(string kind) { any() } - predicate sinkNode = ExternalFlow::sinkNode/2; } diff --git a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 7bf8a248a6f..b0300e4a87f 100644 --- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -234,8 +234,6 @@ module SummaryModelGeneratorInput implements SummaryModelGeneratorInputSig { api = any(FlowSummaryImpl::Public::NeutralSummaryCallable sc | sc.hasManualModel()) } - predicate isUninterestingForDataFlowModels(Callable api) { none() } - predicate isUninterestingForHeuristicDataFlowModels(Callable api) { isHigherOrder(api) } class SummaryTargetApi extends Callable { @@ -356,9 +354,6 @@ private module SourceModelGeneratorInput implements SourceModelGeneratorInputSig ) } - bindingset[kind] - predicate isRelevantSourceKind(string kind) { any() } - predicate sourceNode = ExternalFlow::sourceNode/2; } @@ -372,8 +367,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig { SinkTargetApi() { relevant(this) and not hasManualSinkModel(this) } } - predicate sinkModelSanitizer(DataFlow::Node node) { none() } - private predicate isRelevantMemberAccess(DataFlow::Node node) { exists(CS::MemberAccess access | access = node.asExpr() | access.hasThisQualifier() and @@ -400,9 +393,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig { result = qualifierString() } - bindingset[kind] - predicate isRelevantSinkKind(string kind) { any() } - predicate sinkNode = ExternalFlow::sinkNode/2; } diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll index cff4e97d8d3..09223d23b1c 100644 --- a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -211,8 +211,6 @@ module SummaryModelGeneratorInput implements SummaryModelGeneratorInputSig { api.getDeclaringType() instanceof J::Interface and not exists(api.getBody()) } - predicate isUninterestingForHeuristicDataFlowModels(Callable api) { none() } - predicate isAdditionalContentFlowStep(DataFlow::Node node1, DataFlow::Node node2) { TaintTracking::defaultAdditionalTaintStep(node1, node2, _) and not exists(DataFlow::Content f | @@ -264,11 +262,6 @@ private module SourceModelGeneratorInput implements SourceModelGeneratorInputSig SourceTargetApi() { relevant(this) and not hasManualSourceModel(this) } } - predicate irrelevantSourceSinkApi(Callable source, SourceTargetApi api) { none() } - - bindingset[kind] - predicate isRelevantSourceKind(string kind) { any() } - predicate sourceNode = ExternalFlow::sourceNode/2; } diff --git a/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 6aeae06bbdb..99e1c527b54 100644 --- a/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -123,10 +123,6 @@ private module SummaryModelGeneratorInput implements SummaryModelGeneratorInputS Parameter asParameter(NodeExtended node) { result = node.asParameter() } - predicate isUninterestingForDataFlowModels(Callable api) { none() } - - predicate isUninterestingForHeuristicDataFlowModels(Callable api) { none() } - predicate isAdditionalContentFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { none() } predicate isField(DataFlow::ContentSet c) { @@ -169,12 +165,6 @@ private module SourceModelGeneratorInput implements SourceModelGeneratorInputSig SourceTargetApi() { relevant(this) } } - bindingset[sourceEnclosing, api] - predicate irrelevantSourceSinkApi(Callable sourceEnclosing, SourceTargetApi api) { none() } - - bindingset[kind] - predicate isRelevantSourceKind(string kind) { any() } - predicate sourceNode(DataFlow::Node node, string kind) { FlowSource::sourceNode(node, kind) } } @@ -183,8 +173,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig { SinkTargetApi() { relevant(this) } } - predicate sinkModelSanitizer(DataFlow::Node node) { none() } - /** * Holds if `source` is an API entrypoint, i.e., a source of input where data * can flow in to a library. This is used for creating sink models, as we @@ -197,9 +185,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig { result = "Argument[" + source.(Node::SourceParameterNode).getPosition().toString() + "]" } - bindingset[kind] - predicate isRelevantSinkKind(string kind) { any() } - predicate sinkNode(DataFlow::Node node, string kind) { FlowSink::sinkNode(node, kind) } } diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll index d981ef151fd..dabd687b52b 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll @@ -295,7 +295,7 @@ module MakeModelGeneratorFactory< * * This serves as an extra filter for the `relevant` predicate. */ - predicate isUninterestingForDataFlowModels(Callable api); + default predicate isUninterestingForDataFlowModels(Callable api) { none() } /** * Holds if it is irrelevant to generate models for `api` based on the heuristic @@ -304,7 +304,7 @@ module MakeModelGeneratorFactory< * This serves as an extra filter for the `relevant` * and `isUninterestingForDataFlowModels` predicates. */ - predicate isUninterestingForHeuristicDataFlowModels(Callable api); + default predicate isUninterestingForHeuristicDataFlowModels(Callable api) { none() } } /** @@ -940,24 +940,20 @@ module MakeModelGeneratorFactory< */ class SourceTargetApi extends Callable; - /** - * Holds if it is not relevant to generate a source model for `api`, even - * if flow is detected from a node within `source` to a sink within `api`. - */ - bindingset[sourceEnclosing, api] - predicate irrelevantSourceSinkApi(Callable sourceEnclosing, SourceTargetApi api); - - /** - * Holds if `kind` is a relevant source kind for creating source models. - */ - bindingset[kind] - predicate isRelevantSourceKind(string kind); - /** * Holds if `node` is specified as a source with the given kind in a MaD flow * model. */ predicate sourceNode(Lang::Node node, string kind); + + /** + * Holds if it is not relevant to generate a source model for `api`, even + * if flow is detected from a node within `source` to a sink within `api`. + */ + bindingset[sourceEnclosing, api] + default predicate irrelevantSourceSinkApi(Callable sourceEnclosing, SourceTargetApi api) { + none() + } } /** @@ -969,32 +965,32 @@ module MakeModelGeneratorFactory< */ class SinkTargetApi extends Callable; + /** + * Holds if `node` is specified as a sink with the given kind in a MaD flow + * model. + */ + predicate sinkNode(Lang::Node node, string kind); + /** * Gets the MaD input string representation of `source`. */ string getInputArgument(Lang::Node source); - /** - * Holds if `node` is a sanitizer for sink model construction. - */ - predicate sinkModelSanitizer(Lang::Node node); - /** * Holds if `source` is an api entrypoint relevant for creating sink models. */ predicate apiSource(Lang::Node source); + /** + * Holds if `node` is a sanitizer for sink model construction. + */ + default predicate sinkModelSanitizer(Lang::Node node) { none() } + /** * Holds if `kind` is a relevant sink kind for creating sink models. */ bindingset[kind] - predicate isRelevantSinkKind(string kind); - - /** - * Holds if `node` is specified as a sink with the given kind in a MaD flow - * model. - */ - predicate sinkNode(Lang::Node node, string kind); + default predicate isRelevantSinkKind(string kind) { any() } } /** @@ -1029,12 +1025,7 @@ module MakeModelGeneratorFactory< * via its return (then the API itself becomes a source). */ module PropagateFromSourceConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { - exists(string kind | - isRelevantSourceKind(kind) and - sourceNode(source, kind) - ) - } + predicate isSource(DataFlow::Node source) { sourceNode(source, _) } predicate isSink(DataFlow::Node sink) { sink instanceof ReturnNodeExt and