Python: Simple dataflow annotations

None of these required any changes to the dataflow libraries, so it
seemed easiest to put them in their own commit.

python/ql/lib/semmle/python/ApiGraphs.qll

@@ -451,6 +451,7 @@ module API {
    * allowing this predicate to be used in a negative
    * context when constructing new nodes.
    */
+  overlay[local]
   predicate moduleImportExists(string m) {
     Impl::isImported(m) and
     // restrict `moduleImport` so it will never give results for a dotted name. Note
@@ -695,6 +696,7 @@ module API {
      *
      * This is determined syntactically.
      */
+    overlay[local]
     cached
     predicate isImported(string name) {
       // Ignore the following module name for Python 2, as we alias `__builtin__` to `builtins` elsewhere

python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll

@@ -25,6 +25,7 @@ deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack;
 class Provenance = Impl::Public::Provenance;
 
 /** Provides the `Range` class used to define the extent of `SummarizedCallable`. */
+overlay[local]
 module SummarizedCallable {
   /** A callable with a flow summary, identified by a unique string. */
   abstract class Range extends LibraryCallable, Impl::Public::SummarizedCallable {

python/ql/lib/semmle/python/dataflow/new/internal/Attributes.qll

@@ -1,4 +1,6 @@
 /** This module provides an API for attribute reads and writes. */
+overlay[local]
+module;
 
 private import python
 import DataFlowUtil

python/ql/lib/semmle/python/dataflow/new/internal/Builtins.qll

@@ -1,4 +1,6 @@
 /** Provides predicates for reasoning about built-ins in Python. */
+overlay[local]
+module;
 
 private import python
 private import semmle.python.dataflow.new.DataFlow

python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll

@@ -1,6 +1,8 @@
 /**
  * Provides classes and predicates for defining flow summaries.
  */
+overlay[local]
+module;
 
 private import python
 private import codeql.dataflow.internal.FlowSummaryImpl
@@ -99,6 +101,7 @@ module Input implements InputSig<Location, DataFlowImplSpecific::PythonDataFlow>
 private import Make<Location, DataFlowImplSpecific::PythonDataFlow, Input> as Impl
 
 private module StepsInput implements Impl::Private::StepsInputSig {
+  overlay[global]
   DataFlowCall getACall(Public::SummarizedCallable sc) {
     result =
       TPotentialLibraryCall([

python/ql/lib/semmle/python/dataflow/new/internal/ImportStar.qll

@@ -1,4 +1,6 @@
 /** Provides predicates for reasoning about uses of `import *` in Python. */
+overlay[local]
+module;
 
 private import python
 private import semmle.python.dataflow.new.internal.Builtins
@@ -11,6 +13,7 @@ module ImportStar {
    * Holds if `n` is an access of a variable called `name` (which is _not_ the name of a
    * built-in, and which is _not_ a global defined in the enclosing module) inside the scope `s`.
    */
+  overlay[local]
   cached
   predicate namePossiblyDefinedInImportStar(NameNode n, string name, Scope s) {
     n.isLoad() and
@@ -61,6 +64,7 @@ module ImportStar {
    * Holds if `n` may refer to a global variable of the same name in the module `m`, accessible
    *  from the scope of `n` by a chain of `import *` imports.
    */
+  overlay[global]
   cached
   predicate importStarResolvesTo(NameNode n, Module m) {
     m = getStarImported+(n.getEnclosingModule()) and
@@ -71,6 +75,7 @@ module ImportStar {
   /**
    * Gets a module that is imported from `m` via `import *`.
    */
+  overlay[global]
   cached
   Module getStarImported(Module m) {
     exists(ImportStar i, DataFlow::CfgNode imported_module |
@@ -92,6 +97,7 @@ module ImportStar {
    *
    * this would return the data-flow nodes corresponding to `foo.bar` and `quux`.
    */
+  overlay[local]
   cached
   ControlFlowNode potentialImportStarBase(Scope s) {
     result = any(ImportStarNode n | n.getScope() = s).getModule()

python/ql/lib/semmle/python/dataflow/new/internal/IterableUnpacking.qll

@@ -166,6 +166,8 @@
  *
  *  `c`: [ListElementContent]
  */
+overlay[local]
+module;
 
 private import python
 private import DataFlowPublic

python/ql/lib/semmle/python/dataflow/new/internal/MatchUnpacking.qll

@@ -50,6 +50,8 @@
  * keyword arguments using the `__match_args__` attribute on the class. We do not
  * currently model this.
  */
+overlay[local]
+module;
 
 private import python
 private import DataFlowPublic

python/ql/lib/semmle/python/dataflow/new/internal/VariableCapture.qll

@@ -1,4 +1,6 @@
 /** Provides logic related to captured variables. */
+overlay[local]
+module;
 
 private import python
 private import DataFlowPublic

python/ql/lib/semmle/python/frameworks/Flask.qll

@@ -2,6 +2,8 @@
  * Provides classes modeling security-relevant aspects of the `flask` PyPI package.
  * See https://flask.palletsprojects.com/en/1.1.x/.
  */
+overlay[local?]
+module;
 
 private import python
 private import semmle.python.dataflow.new.DataFlow

python/ql/lib/semmle/python/frameworks/Stdlib.qll

@@ -2,6 +2,8 @@
  * Provides classes modeling security-relevant aspects of the standard libraries.
  * Note: some modeling is done internally in the dataflow/taint tracking implementation.
  */
+overlay[local?]
+module;
 
 private import python
 private import semmle.python.dataflow.new.DataFlow

python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll

@@ -8,6 +8,8 @@
  * The package name refers to the top-level module the import comes from, and not a PyPI package.
  * So for `from foo.bar import baz`, the package will be `foo`.
  */
+overlay[local?]
+module;
 
 private import python
 private import internal.ApiGraphModels as Shared

python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsSpecific.qll

@@ -30,6 +30,7 @@ import semmle.python.dataflow.new.DataFlow::DataFlow as DataFlow
  * Holds if models describing `type` may be relevant for the analysis of this database.
  */
 bindingset[type]
+overlay[local]
 predicate isTypeUsed(string type) {
   // If `type` is a path, then it is the first component that should be imported.
   API::moduleImportExists(type.splitAt(".", 0))
@@ -39,6 +40,7 @@ predicate isTypeUsed(string type) {
  * Holds if `type` can be obtained from an instance of `otherType` due to
  * language semantics modeled by `getExtraNodeFromType`.
  */
+overlay[local]
 predicate hasImplicitTypeModel(string type, string otherType) { none() }
 
 /** Gets a Python-specific interpretation of the `(type, path)` tuple after resolving the first `n` access path tokens. */

python/ql/lib/semmle/python/internal/Awaited.qll

@@ -3,6 +3,8 @@
  *
  * Provides helper class for defining additional API graph edges.
  */
+overlay[local]
+module;
 
 private import python
 private import semmle.python.dataflow.new.DataFlow

python/ql/lib/semmle/python/internal/CachedStages.qll

@@ -177,6 +177,7 @@ module Stages {
      * Always holds.
      * Ensures that a predicate is evaluated as part of the DataFlow stage.
      */
+    overlay[local]
     cached
     predicate ref() { 1 = 1 }
 

python/ql/test/library-tests/dataflow/summaries/TestSummaries.qll

@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 private import python
 private import semmle.python.dataflow.new.FlowSummary
 private import semmle.python.ApiGraphs

python/ql/test/library-tests/dataflow/typetracking-summaries/TestSummaries.qll

@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 private import python
 private import semmle.python.dataflow.new.FlowSummary
 private import semmle.python.ApiGraphs