From cb578e32ab1851ff40b495108c681a226a2f27de Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 10 Dec 2025 16:59:47 +0100 Subject: [PATCH] Java: Move interpretModelForTest into shared code. --- .../code/java/dataflow/ExternalFlow.qll | 14 +- .../internal/ExternalFlowExtensions.qll | 6 + shared/mad/codeql/mad/static/MaD.qll | 124 ++++++++++++++++++ 3 files changed, 138 insertions(+), 6 deletions(-) create mode 100644 shared/mad/codeql/mad/static/MaD.qll diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index e612239a76e..372b3a22d10 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -98,8 +98,13 @@ private import internal.FlowSummaryImpl private import internal.FlowSummaryImpl::Public private import internal.FlowSummaryImpl::Private private import internal.FlowSummaryImpl::Private::External -private import internal.ExternalFlowExtensions as Extensions +private import internal.ExternalFlowExtensions private import codeql.mad.ModelValidation as SharedModelVal +private import codeql.mad.static.MaD as SharedMaD + +private module MaD = SharedMaD::ModelsAsData; + +import MaD /** * A class for activating additional model rows. @@ -214,11 +219,12 @@ predicate summaryModel( * This predicate should only be used in tests. */ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) { + MaD::interpretModelForTest(madId, model) + or exists( string package, string type, boolean subtypes, string name, string signature, string ext, string output, string kind, string provenance | - sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance, madId) or Extensions::experimentalSourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance, _, madId) | @@ -231,7 +237,6 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) { string package, string type, boolean subtypes, string name, string signature, string ext, string input, string kind, string provenance | - sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance, madId) or Extensions::experimentalSinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance, _, madId) | @@ -244,8 +249,6 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) { string package, string type, boolean subtypes, string name, string signature, string ext, string input, string output, string kind, string provenance | - summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance, - madId) or Extensions::experimentalSummaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance, _, madId) | @@ -253,7 +256,6 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) { "Summary: " + package + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " + ext + "; " + input + "; " + output + "; " + kind + "; " + provenance ) - //TODO: possibly barrier models? } /** Holds if a neutral model exists for the given parameters. */ diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll b/java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll index 5386d916e24..c01766c317a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll @@ -4,6 +4,8 @@ overlay[local?] module; +private import codeql.mad.static.MaD as SharedMaD + /** * Holds if a source model exists for the given parameters. */ @@ -93,3 +95,7 @@ extensible predicate experimentalSummaryModel( string input, string output, string kind, string provenance, string filter, QlBuiltins::ExtensionId madId ); + +module Extensions implements SharedMaD::ExtensionsSig { + import ExternalFlowExtensions +} diff --git a/shared/mad/codeql/mad/static/MaD.qll b/shared/mad/codeql/mad/static/MaD.qll new file mode 100644 index 00000000000..5d58b74fe4e --- /dev/null +++ b/shared/mad/codeql/mad/static/MaD.qll @@ -0,0 +1,124 @@ +overlay[local?] +module; + +signature module ExtensionsSig { + /** + * Holds if a source model exists for the given parameters. + */ + predicate sourceModel( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string output, string kind, string provenance, QlBuiltins::ExtensionId madId + ); + + /** + * Holds if a sink model exists for the given parameters. + */ + predicate sinkModel( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string input, string kind, string provenance, QlBuiltins::ExtensionId madId + ); + + /** + * Holds if a barrier model exists for the given parameters. + */ + predicate barrierModel( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string output, string kind, string provenance, QlBuiltins::ExtensionId madId + ); + + /** + * Holds if a barrier guard model exists for the given parameters. + */ + predicate barrierGuardModel( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string input, string acceptingvalue, string kind, string provenance, + QlBuiltins::ExtensionId madId + ); + + /** + * Holds if a summary model exists for the given parameters. + */ + predicate summaryModel( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId + ); + + /** + * Holds if a neutral model exists for the given parameters. + */ + predicate neutralModel( + string namespace, string type, string name, string signature, string kind, string provenance + ); +} + +module ModelsAsData { + /** + * Holds if the given extension tuple `madId` should pretty-print as `model`. + * + * Barrier models are included for completeness even though they will not show up in a path. + * + * This predicate should only be used in tests. + */ + predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) { + exists( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string output, string kind, string provenance + | + Extensions::sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, + provenance, madId) + | + model = + "Source: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + + "; " + ext + "; " + output + "; " + kind + "; " + provenance + ) + or + exists( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string input, string kind, string provenance + | + Extensions::sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, + provenance, madId) + | + model = + "Sink: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " + + ext + "; " + input + "; " + kind + "; " + provenance + ) + or + exists( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string output, string kind, string provenance + | + Extensions::barrierModel(namespace, type, subtypes, name, signature, ext, output, kind, + provenance, madId) + | + model = + "Barrier: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + + "; " + ext + "; " + output + "; " + kind + "; " + provenance + ) + or + exists( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string input, string acceptingvalue, string kind, string provenance + | + Extensions::barrierGuardModel(namespace, type, subtypes, name, signature, ext, input, + acceptingvalue, kind, provenance, madId) + | + model = + "Barrier Guard: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + + signature + "; " + ext + "; " + input + "; " + acceptingvalue + "; " + kind + "; " + + provenance + ) + or + exists( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string input, string output, string kind, string provenance + | + Extensions::summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, + provenance, madId) + | + model = + "Summary: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + + "; " + ext + "; " + input + "; " + output + "; " + kind + "; " + provenance + ) + } +}