hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove CSV model infrastructure from ExternalFlow.qll

Browse Source 
Remove SourceModelCsv, SinkModelCsv, SummaryModelCsv classes,
single-argument CSV predicates, CSV parsing in MadInput, and
CSV-specific validation checks. Simplify MadInput to only contain
the namespace separator. Convert test models to .ext.yml format.

Agent-Logs-Url: https://github.com/github/codeql/sessions/89ff81fe-5585-446d-99e2-6fe6966495c5

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-03-26 15:07:39 +00:00
committed by GitHub
parent 64a52ba07f
commit d69bcca687
4 changed files with 94 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
cpp/ql/test/library-tests/dataflow/models-as-data/testModels.ext.yml Normal file
View File

@@ -0,0 +1,84 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: sourceModel
data: # namespace, type, subtypes, name, signature, ext, output, kind, provenance
- ["", "", False, "localMadSource", "", "", "ReturnValue", "local", "manual"]
- ["", "", False, "remoteMadSource", "", "", "ReturnValue", "remote", "manual"]
- ["", "", False, "localMadSourceVoid", "", "", "ReturnValue", "local", "manual"]
- ["", "", False, "localMadSourceHasBody", "", "", "ReturnValue", "local", "manual"]
- ["", "", False, "remoteMadSourceIndirect", "", "", "ReturnValue[*]", "remote", "manual"]
- ["", "", False, "remoteMadSourceDoubleIndirect", "", "", "ReturnValue[**]", "remote", "manual"]
- ["", "", False, "remoteMadSourceIndirectArg0", "", "", "Argument[*0]", "remote", "manual"]
- ["", "", False, "remoteMadSourceIndirectArg1", "", "", "Argument[*1]", "remote", "manual"]
- ["", "", False, "remoteMadSourceVar", "", "", "", "remote", "manual"]
- ["", "", False, "remoteMadSourceVarIndirect", "", "", "*", "remote", "manual"]
- ["", "", False, "remoteMadSourceParam0", "", "", "Parameter[0]", "remote", "manual"]
- ["MyNamespace", "", False, "namespaceLocalMadSource", "", "", "ReturnValue", "local", "manual"]
- ["MyNamespace", "", False, "namespaceLocalMadSourceVar", "", "", "", "local", "manual"]
- ["MyNamespace::MyNamespace2", "", False, "namespace2LocalMadSource", "", "", "ReturnValue", "local", "manual"]
- ["", "MyClass", True, "memberRemoteMadSource", "", "", "ReturnValue", "remote", "manual"]
- ["", "MyClass", True, "memberRemoteMadSourceIndirectArg0", "", "", "Argument[*0]", "remote", "manual"]
- ["", "MyClass", True, "memberRemoteMadSourceVar", "", "", "", "remote", "manual"]
- ["", "MyClass", True, "subtypeRemoteMadSource1", "", "", "ReturnValue", "remote", "manual"]
- ["", "MyClass", False, "subtypeNonSource", "", "", "ReturnValue", "remote", "manual"]
- ["", "MyClass", True, "qualifierSource", "", "", "Argument[-1]", "remote", "manual"]
- ["", "MyClass", True, "qualifierFieldSource", "", "", "Argument[-1].val", "remote", "manual"]
- ["", "MyDerivedClass", False, "subtypeRemoteMadSource2", "", "", "ReturnValue", "remote", "manual"]
- addsTo:
pack: codeql/cpp-all
extensible: sinkModel
data: # namespace, type, subtypes, name, signature, ext, input, kind, provenance
- ["", "", False, "madSinkArg0", "", "", "Argument[0]", "test-sink", "manual"]
- ["", "", False, "madSinkArg1", "", "", "Argument[1]", "test-sink", "manual"]
- ["", "", False, "madSinkArg01", "", "", "Argument[0..1]", "test-sink", "manual"]
- ["", "", False, "madSinkArg02", "", "", "Argument[0,2]", "test-sink", "manual"]
- ["", "", False, "madSinkIndirectArg0", "", "", "Argument[*0]", "test-sink", "manual"]
- ["", "", False, "madSinkDoubleIndirectArg0", "", "", "Argument[**0]", "test-sink", "manual"]
- ["", "", False, "madSinkVar", "", "", "", "test-sink", "manual"]
- ["", "", False, "madSinkVarIndirect", "", "", "*", "test-sink", "manual"]
- ["", "", False, "madSinkParam0", "", "", "Parameter[0]", "test-sink", "manual"]
- ["", "MyClass", True, "memberMadSinkArg0", "", "", "Argument[0]", "test-sink", "manual"]
- ["", "MyClass", True, "memberMadSinkVar", "", "", "", "test-sink", "manual"]
- ["", "MyClass", True, "qualifierSink", "", "", "Argument[-1]", "test-sink", "manual"]
- ["", "MyClass", True, "qualifierArg0Sink", "", "", "Argument[-1..0]", "test-sink", "manual"]
- ["", "MyClass", True, "qualifierFieldSink", "", "", "Argument[-1].val", "test-sink", "manual"]
- ["MyNamespace", "MyClass", True, "namespaceMemberMadSinkArg0", "", "", "Argument[0]", "test-sink", "manual"]
- ["MyNamespace", "MyClass", True, "namespaceStaticMemberMadSinkArg0", "", "", "Argument[0]", "test-sink", "manual"]
- ["MyNamespace", "MyClass", True, "namespaceMemberMadSinkVar", "", "", "", "test-sink", "manual"]
- ["MyNamespace", "MyClass", True, "namespaceStaticMemberMadSinkVar", "", "", "", "test-sink", "manual"]
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "", False, "madArg0ToReturn", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["", "", False, "madArg0ToReturnIndirect", "", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
- ["", "", False, "madArg0ToReturnValueFlow", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
- ["", "", False, "madArg0IndirectToReturn", "", "", "Argument[*0]", "ReturnValue", "taint", "manual"]
- ["", "", False, "madArg0DoubleIndirectToReturn", "", "", "Argument[**0]", "ReturnValue", "taint", "manual"]
- ["", "", False, "madArg0NotIndirectToReturn", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["", "", False, "madArg0ToArg1Indirect", "", "", "Argument[0]", "Argument[*1]", "taint", "manual"]
- ["", "", False, "madArg0IndirectToArg1Indirect", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "", False, "madArgsComplex", "", "", "Argument[*0..1,2]", "ReturnValue", "taint", "manual"]
- ["", "", False, "madAndImplementedComplex", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
- ["", "", False, "madArgsAny", "", "", "Argument", "ReturnValue", "taint", "manual"]
- ["", "", False, "madArg0FieldToReturn", "", "", "Argument[0].Field[value]", "ReturnValue", "taint", "manual"]
- ["", "", False, "madArg0IndirectFieldToReturn", "", "", "Argument[*0].Field[value]", "ReturnValue", "taint", "manual"]
- ["", "", False, "madArg0FieldIndirectToReturn", "", "", "Argument[0].Field[*ptr]", "ReturnValue", "taint", "manual"]
- ["", "", False, "madArg0ToReturnField", "", "", "Argument[0]", "ReturnValue.Field[value]", "taint", "manual"]
- ["", "", False, "madArg0ToReturnIndirectField", "", "", "Argument[0]", "ReturnValue[*].Field[value]", "taint", "manual"]
- ["", "", False, "madArg0ToReturnFieldIndirect", "", "", "Argument[0]", "ReturnValue.Field[*ptr]", "taint", "manual"]
- ["", "", False, "madFieldToFieldVar", "", "", "Field[value]", "Field[value2]", "taint", "manual"]
- ["", "", False, "madFieldToIndirectFieldVar", "", "", "Field[value]", "Field[*ptr]", "taint", "manual"]
- ["", "", False, "madIndirectFieldToFieldVar", "", "", "", "Field[value]", "Field[value2]", "manual"]
- ["", "MyClass", True, "madArg0ToSelf", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "MyClass", True, "madSelfToReturn", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "MyClass", True, "madArg0ToField", "", "", "Argument[0]", "Argument[-1].Field[val]", "taint", "manual"]
- ["", "MyClass", True, "madFieldToReturn", "", "", "Argument[-1].Field[val]", "ReturnValue", "taint", "manual"]
- ["MyNamespace", "MyClass", True, "namespaceMadSelfToReturn", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "", False, "madCallArg0ReturnToReturn", "", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
- ["", "", False, "madCallArg0ReturnToReturnFirst", "", "", "Argument[0].ReturnValue", "ReturnValue.Field[first]", "value", "manual"]
- ["", "", False, "madCallArg0WithValue", "", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "manual"]
- ["", "", False, "madCallReturnValueIgnoreFunction", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
- ["", "StructWithTypedefInParameter<T>", True, "parameter_ref_to_return_ref", "(const T &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "", False, "receive_array", "(int[20])", "", "Argument[*0]", "ReturnValue", "taint", "manual"]

104
cpp/ql/test/library-tests/dataflow/models-as-data/testModels.qll
View File

@@ -1,105 +1 @@
import semmle.code.cpp.security.FlowSources
/**
* Models-as-data source models for this test.
*/
private class TestSources extends SourceModelCsv {
override predicate row(string row) {
row =
[
";;false;localMadSource;;;ReturnValue;local",
";;false;remoteMadSource;;;ReturnValue;remote",
";;false;localMadSourceVoid;;;ReturnValue;local",
";;false;localMadSourceHasBody;;;ReturnValue;local",
";;false;remoteMadSourceIndirect;;;ReturnValue[*];remote",
";;false;remoteMadSourceDoubleIndirect;;;ReturnValue[**];remote",
";;false;remoteMadSourceIndirectArg0;;;Argument[*0];remote",
";;false;remoteMadSourceIndirectArg1;;;Argument[*1];remote",
";;false;remoteMadSourceVar;;;;remote",
";;false;remoteMadSourceVarIndirect;;;*;remote", // not correctly expressed
";;false;remoteMadSourceParam0;;;Parameter[0];remote",
"MyNamespace;;false;namespaceLocalMadSource;;;ReturnValue;local",
"MyNamespace;;false;namespaceLocalMadSourceVar;;;;local",
"MyNamespace::MyNamespace2;;false;namespace2LocalMadSource;;;ReturnValue;local",
";MyClass;true;memberRemoteMadSource;;;ReturnValue;remote",
";MyClass;true;memberRemoteMadSourceIndirectArg0;;;Argument[*0];remote",
";MyClass;true;memberRemoteMadSourceVar;;;;remote",
";MyClass;true;subtypeRemoteMadSource1;;;ReturnValue;remote",
";MyClass;false;subtypeNonSource;;;ReturnValue;remote", // the tests define this in MyDerivedClass, so it should *not* be recongized as a source
";MyClass;true;qualifierSource;;;Argument[-1];remote",
";MyClass;true;qualifierFieldSource;;;Argument[-1].val;remote",
";MyDerivedClass;false;subtypeRemoteMadSource2;;;ReturnValue;remote",
]
}
}
/**
* Models-as-data sink models for this test.
*/
private class TestSinks extends SinkModelCsv {
override predicate row(string row) {
row =
[
";;false;madSinkArg0;;;Argument[0];test-sink",
";;false;madSinkArg1;;;Argument[1];test-sink",
";;false;madSinkArg01;;;Argument[0..1];test-sink",
";;false;madSinkArg02;;;Argument[0,2];test-sink",
";;false;madSinkIndirectArg0;;;Argument[*0];test-sink",
";;false;madSinkDoubleIndirectArg0;;;Argument[**0];test-sink",
";;false;madSinkVar;;;;test-sink",
";;false;madSinkVarIndirect;;;*;test-sink", // not correctly expressed
";;false;madSinkParam0;;;Parameter[0];test-sink",
";MyClass;true;memberMadSinkArg0;;;Argument[0];test-sink",
";MyClass;true;memberMadSinkVar;;;;test-sink",
";MyClass;true;qualifierSink;;;Argument[-1];test-sink",
";MyClass;true;qualifierArg0Sink;;;Argument[-1..0];test-sink",
";MyClass;true;qualifierFieldSink;;;Argument[-1].val;test-sink",
"MyNamespace;MyClass;true;namespaceMemberMadSinkArg0;;;Argument[0];test-sink",
"MyNamespace;MyClass;true;namespaceStaticMemberMadSinkArg0;;;Argument[0];test-sink",
"MyNamespace;MyClass;true;namespaceMemberMadSinkVar;;;;test-sink",
"MyNamespace;MyClass;true;namespaceStaticMemberMadSinkVar;;;;test-sink",
]
}
}
/**
* Models-as-data summary models for this test.
*/
private class TestSummaries extends SummaryModelCsv {
override predicate row(string row) {
row =
[
";;false;madArg0ToReturn;;;Argument[0];ReturnValue;taint",
";;false;madArg0ToReturnIndirect;;;Argument[0];ReturnValue[*];taint",
";;false;madArg0ToReturnValueFlow;;;Argument[0];ReturnValue;value",
";;false;madArg0IndirectToReturn;;;Argument[*0];ReturnValue;taint",
";;false;madArg0DoubleIndirectToReturn;;;Argument[**0];ReturnValue;taint",
";;false;madArg0NotIndirectToReturn;;;Argument[0];ReturnValue;taint",
";;false;madArg0ToArg1Indirect;;;Argument[0];Argument[*1];taint",
";;false;madArg0IndirectToArg1Indirect;;;Argument[*0];Argument[*1];taint",
";;false;madArgsComplex;;;Argument[*0..1,2];ReturnValue;taint",
";;false;madAndImplementedComplex;;;Argument[2];ReturnValue;taint",
";;false;madArgsAny;;;Argument;ReturnValue;taint", // (syntax not supported)
";;false;madArg0FieldToReturn;;;Argument[0].Field[value];ReturnValue;taint",
";;false;madArg0IndirectFieldToReturn;;;Argument[*0].Field[value];ReturnValue;taint",
";;false;madArg0FieldIndirectToReturn;;;Argument[0].Field[*ptr];ReturnValue;taint",
";;false;madArg0ToReturnField;;;Argument[0];ReturnValue.Field[value];taint",
";;false;madArg0ToReturnIndirectField;;;Argument[0];ReturnValue[*].Field[value];taint",
";;false;madArg0ToReturnFieldIndirect;;;Argument[0];ReturnValue.Field[*ptr];taint",
";;false;madFieldToFieldVar;;;Field[value];Field[value2];taint",
";;false;madFieldToIndirectFieldVar;;;Field[value];Field[*ptr];taint",
";;false;madIndirectFieldToFieldVar;;;;Field[value];Field[value2];taint", // not correctly expressed
";MyClass;true;madArg0ToSelf;;;Argument[0];Argument[-1];taint",
";MyClass;true;madSelfToReturn;;;Argument[-1];ReturnValue;taint",
";MyClass;true;madArg0ToField;;;Argument[0];Argument[-1].Field[val];taint",
";MyClass;true;madFieldToReturn;;;Argument[-1].Field[val];ReturnValue;taint",
"MyNamespace;MyClass;true;namespaceMadSelfToReturn;;;Argument[-1];ReturnValue;taint",
";;false;madCallArg0ReturnToReturn;;;Argument[0].ReturnValue;ReturnValue;value",
";;false;madCallArg0ReturnToReturnFirst;;;Argument[0].ReturnValue;ReturnValue.Field[first];value",
";;false;madCallArg0WithValue;;;Argument[1];Argument[0].Parameter[0];value",
";;false;madCallReturnValueIgnoreFunction;;;Argument[1];ReturnValue;value",
";StructWithTypedefInParameter<T>;true;parameter_ref_to_return_ref;(const T &);;Argument[*0];ReturnValue[*];value",
";;false;receive_array;(int[20]);;Argument[*0];ReturnValue;taint"
]
}
}