Shared: Sprinkle some predicate defaults and clean up.

2025-12-17 01:03:14 +01:00 · 2025-04-25 14:06:04 +02:00
parent a6b5645b13
commit c9d01bc607
5 changed files with 24 additions and 81 deletions
--- a/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -360,12 +360,6 @@ private module SummaryModelGeneratorInput implements SummaryModelGeneratorInputS
      result = "Element[" + ec.getIndirectionIndex() + "]"
    )
  }
  predicate isUninterestingForDataFlowModels(Callable api) { none() }
  predicate isUninterestingForHeuristicDataFlowModels(Callable api) {
    isUninterestingForDataFlowModels(api)
  }
 }
 private module SourceModelGeneratorInput implements SourceModelGeneratorInputSig {
@@ -377,11 +371,6 @@ private module SourceModelGeneratorInput implements SourceModelGeneratorInputSig
    SourceTargetApi() { relevant(this) and not hasManualSourceModel(this) }
  }
  predicate irrelevantSourceSinkApi(Callable source, SourceTargetApi api) { none() }
  bindingset[kind]
  predicate isRelevantSourceKind(string kind) { any() }
  predicate sourceNode = ExternalFlow::sourceNode/2;
 }
@@ -396,8 +385,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig {
    SinkTargetApi() { relevant(this) and not hasManualSinkModel(this) }
  }
  predicate sinkModelSanitizer(DataFlow::Node node) { none() }
  predicate apiSource(DataFlow::Node source) {
    DataFlowPrivate::nodeHasOperand(source, any(DataFlow::FieldAddress fa), 1)
    or
@@ -416,9 +403,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig {
    result = qualifierString()
  }
  bindingset[kind]
  predicate isRelevantSinkKind(string kind) { any() }
  predicate sinkNode = ExternalFlow::sinkNode/2;
 }
--- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -234,8 +234,6 @@ module SummaryModelGeneratorInput implements SummaryModelGeneratorInputSig {
    api = any(FlowSummaryImpl::Public::NeutralSummaryCallable sc | sc.hasManualModel())
  }
  predicate isUninterestingForDataFlowModels(Callable api) { none() }
  predicate isUninterestingForHeuristicDataFlowModels(Callable api) { isHigherOrder(api) }
  class SummaryTargetApi extends Callable {
@@ -356,9 +354,6 @@ private module SourceModelGeneratorInput implements SourceModelGeneratorInputSig
    )
  }
  bindingset[kind]
  predicate isRelevantSourceKind(string kind) { any() }
  predicate sourceNode = ExternalFlow::sourceNode/2;
 }
@@ -372,8 +367,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig {
    SinkTargetApi() { relevant(this) and not hasManualSinkModel(this) }
  }
  predicate sinkModelSanitizer(DataFlow::Node node) { none() }
  private predicate isRelevantMemberAccess(DataFlow::Node node) {
    exists(CS::MemberAccess access | access = node.asExpr() |
      access.hasThisQualifier() and
@@ -400,9 +393,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig {
    result = qualifierString()
  }
  bindingset[kind]
  predicate isRelevantSinkKind(string kind) { any() }
  predicate sinkNode = ExternalFlow::sinkNode/2;
 }
--- a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -211,8 +211,6 @@ module SummaryModelGeneratorInput implements SummaryModelGeneratorInputSig {
    api.getDeclaringType() instanceof J::Interface and not exists(api.getBody())
  }
  predicate isUninterestingForHeuristicDataFlowModels(Callable api) { none() }
  predicate isAdditionalContentFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    TaintTracking::defaultAdditionalTaintStep(node1, node2, _) and
    not exists(DataFlow::Content f |
@@ -264,11 +262,6 @@ private module SourceModelGeneratorInput implements SourceModelGeneratorInputSig
    SourceTargetApi() { relevant(this) and not hasManualSourceModel(this) }
  }
  predicate irrelevantSourceSinkApi(Callable source, SourceTargetApi api) { none() }
  bindingset[kind]
  predicate isRelevantSourceKind(string kind) { any() }
  predicate sourceNode = ExternalFlow::sourceNode/2;
 }
--- a/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -123,10 +123,6 @@ private module SummaryModelGeneratorInput implements SummaryModelGeneratorInputS
  Parameter asParameter(NodeExtended node) { result = node.asParameter() }
  predicate isUninterestingForDataFlowModels(Callable api) { none() }
  predicate isUninterestingForHeuristicDataFlowModels(Callable api) { none() }
  predicate isAdditionalContentFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { none() }
  predicate isField(DataFlow::ContentSet c) {
@@ -169,12 +165,6 @@ private module SourceModelGeneratorInput implements SourceModelGeneratorInputSig
    SourceTargetApi() { relevant(this) }
  }
  bindingset[sourceEnclosing, api]
  predicate irrelevantSourceSinkApi(Callable sourceEnclosing, SourceTargetApi api) { none() }
  bindingset[kind]
  predicate isRelevantSourceKind(string kind) { any() }
  predicate sourceNode(DataFlow::Node node, string kind) { FlowSource::sourceNode(node, kind) }
 }
@@ -183,8 +173,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig {
    SinkTargetApi() { relevant(this) }
  }
  predicate sinkModelSanitizer(DataFlow::Node node) { none() }
  /**
   * Holds if `source` is an API entrypoint, i.e., a source of input where data
   * can flow in to a library. This is used for creating sink models, as we
@@ -197,9 +185,6 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig {
    result = "Argument[" + source.(Node::SourceParameterNode).getPosition().toString() + "]"
  }
  bindingset[kind]
  predicate isRelevantSinkKind(string kind) { any() }
  predicate sinkNode(DataFlow::Node node, string kind) { FlowSink::sinkNode(node, kind) }
 }
--- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll
+++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll
@@ -295,7 +295,7 @@ module MakeModelGeneratorFactory<
     *
     * This serves as an extra filter for the `relevant` predicate.
     */
-    predicate isUninterestingForDataFlowModels(Callable api);
+    default predicate isUninterestingForDataFlowModels(Callable api) { none() }
    /**
     * Holds if it is irrelevant to generate models for `api` based on the heuristic
@@ -304,7 +304,7 @@ module MakeModelGeneratorFactory<
     * This serves as an extra filter for the `relevant`
     * and `isUninterestingForDataFlowModels` predicates.
     */
-    predicate isUninterestingForHeuristicDataFlowModels(Callable api);
+    default predicate isUninterestingForHeuristicDataFlowModels(Callable api) { none() }
  }
  /**
@@ -940,24 +940,20 @@ module MakeModelGeneratorFactory<
     */
    class SourceTargetApi extends Callable;
    /**
     * Holds if it is not relevant to generate a source model for `api`, even
     * if flow is detected from a node within `source` to a sink within `api`.
     */
    bindingset[sourceEnclosing, api]
    predicate irrelevantSourceSinkApi(Callable sourceEnclosing, SourceTargetApi api);
    /**
     * Holds if `kind` is a relevant source kind for creating source models.
     */
    bindingset[kind]
    predicate isRelevantSourceKind(string kind);
    /**
     * Holds if `node` is specified as a source with the given kind in a MaD flow
     * model.
     */
    predicate sourceNode(Lang::Node node, string kind);
    /**
     * Holds if it is not relevant to generate a source model for `api`, even
     * if flow is detected from a node within `source` to a sink within `api`.
     */
    bindingset[sourceEnclosing, api]
    default predicate irrelevantSourceSinkApi(Callable sourceEnclosing, SourceTargetApi api) {
      none()
    }
  }
  /**
@@ -969,32 +965,32 @@ module MakeModelGeneratorFactory<
     */
    class SinkTargetApi extends Callable;
    /**
     * Holds if `node` is specified as a sink with the given kind in a MaD flow
     * model.
     */
    predicate sinkNode(Lang::Node node, string kind);
    /**
     * Gets the MaD input string representation of `source`.
     */
    string getInputArgument(Lang::Node source);
    /**
     * Holds if `node` is a sanitizer for sink model construction.
     */
    predicate sinkModelSanitizer(Lang::Node node);
    /**
     * Holds if `source` is an api entrypoint relevant for creating sink models.
     */
    predicate apiSource(Lang::Node source);
    /**
     * Holds if `node` is a sanitizer for sink model construction.
     */
    default predicate sinkModelSanitizer(Lang::Node node) { none() }
    /**
     * Holds if `kind` is a relevant sink kind for creating sink models.
     */
    bindingset[kind]
-    predicate isRelevantSinkKind(string kind);
+    default predicate isRelevantSinkKind(string kind) { any() }
    /**
     * Holds if `node` is specified as a sink with the given kind in a MaD flow
     * model.
     */
    predicate sinkNode(Lang::Node node, string kind);
  }
  /**
@@ -1029,12 +1025,7 @@ module MakeModelGeneratorFactory<
       * via its return (then the API itself becomes a source).
       */
      module PropagateFromSourceConfig implements DataFlow::ConfigSig {
-        predicate isSource(DataFlow::Node source) {
+        predicate isSource(DataFlow::Node source) { sourceNode(source, _) }
          exists(string kind |
            isRelevantSourceKind(kind) and
            sourceNode(source, kind)
          )
        }
        predicate isSink(DataFlow::Node sink) {
          sink instanceof ReturnNodeExt and