Merge pull request #11580 from michaelnebel/renamenegativemodels

C#/Java: Rename Negative Summary Model to Neutral Model

java/ql/lib/ext/dummy.model.yml

@@ -14,5 +14,5 @@ extensions:
     data: []
   - addsTo:
       pack: codeql/java-all
-      extensible: extNegativeSummaryModel
+      extensible: extNeutralModel
     data: []

java/ql/lib/ext/generated/kotlinstdlib.model.yml

@@ -1861,7 +1861,7 @@ extensions:
 
   - addsTo:
       pack: codeql/java-all
-      extensible: extNegativeSummaryModel
+      extensible: extNeutralModel
     data:
       - ["kotlin.annotation", "AnnotationRetention", "valueOf", "(String)", "generated"]
       - ["kotlin.annotation", "AnnotationRetention", "values", "()", "generated"]

java/ql/lib/ext/generated/org.apache.commons.io.model.yml

@@ -676,7 +676,7 @@ extensions:
 
   - addsTo:
       pack: codeql/java-all
-      extensible: extNegativeSummaryModel
+      extensible: extNeutralModel
     data:
       - ["org.apache.commons.io.charset", "CharsetDecoders", "CharsetDecoders", "()", "generated"]
       - ["org.apache.commons.io.charset", "CharsetEncoders", "CharsetEncoders", "()", "generated"]

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

@@ -11,9 +11,9 @@
  *   `package; type; subtypes; name; signature; ext; input; kind; provenance`
  * - Summaries:
  *   `package; type; subtypes; name; signature; ext; input; output; kind; provenance`
- * - Negative Summaries:
+ * - Neutrals:
  *   `package; type; name; signature; provenance`
- *   A negative summary is used to indicate that there is no flow via a callable.
+ *   A neutral is used to indicate that there is no flow via a callable.
  *
  * The interpretation of a row is similar to API-graphs with a left-to-right
  * reading.
@@ -122,30 +122,12 @@ private class SummaryModelCsvInternal extends Unit {
   abstract predicate row(string row);
 }
 
-/**
- * DEPRECATED: Define negative summary models as data extensions instead.
- *
- * A unit class for adding additional negative summary model rows.
- *
- * Extend this class to add additional negative summary definitions.
- */
-deprecated class NegativeSummaryModelCsv = NegativeSummaryModelCsvInternal;
-
-private class NegativeSummaryModelCsvInternal extends Unit {
-  /** Holds if `row` specifies a negative summary definition. */
-  abstract predicate row(string row);
-}
-
 private predicate sourceModelInternal(string row) { any(SourceModelCsvInternal s).row(row) }
 
 private predicate summaryModelInternal(string row) { any(SummaryModelCsvInternal s).row(row) }
 
 private predicate sinkModelInternal(string row) { any(SinkModelCsvInternal s).row(row) }
 
-private predicate negativeSummaryModelInternal(string row) {
-  any(NegativeSummaryModelCsvInternal s).row(row)
-}
-
 /**
  * Holds if an experimental source model exists for the given parameters.
  * This is only for experimental queries.
@@ -313,25 +295,14 @@ predicate summaryModel(
       .summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance)
 }
 
-/** Holds if a summary model exists indicating there is no flow for the given parameters. */
-extensible predicate extNegativeSummaryModel(
+/** Holds if a neutral model exists indicating there is no flow for the given parameters. */
+extensible predicate extNeutralModel(
   string package, string type, string name, string signature, string provenance
 );
 
-/** Holds if a summary model exists indicating there is no flow for the given parameters. */
-predicate negativeSummaryModel(
-  string package, string type, string name, string signature, string provenance
-) {
-  exists(string row |
-    negativeSummaryModelInternal(row) and
-    row.splitAt(";", 0) = package and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = name and
-    row.splitAt(";", 3) = signature and
-    row.splitAt(";", 4) = provenance
-  )
-  or
-  extNegativeSummaryModel(package, type, name, signature, provenance)
+/** Holds if a neutral model exists indicating there is no flow for the given parameters. */
+predicate neutralModel(string package, string type, string name, string signature, string provenance) {
+  extNeutralModel(package, type, name, signature, provenance)
 }
 
 private predicate relevantPackage(string package) {
@@ -472,8 +443,6 @@ module ModelValidation {
       sinkModelInternal(row) and expect = 9 and pred = "sink"
       or
       summaryModelInternal(row) and expect = 10 and pred = "summary"
-      or
-      negativeSummaryModelInternal(row) and expect = 5 and pred = "negative summary"
     |
       exists(int cols |
         cols = 1 + max(int n | exists(row.splitAt(";", n))) and
@@ -497,9 +466,9 @@ module ModelValidation {
       summaryModel(package, type, _, name, signature, ext, _, _, _, provenance) and
       pred = "summary"
       or
-      negativeSummaryModel(package, type, name, signature, provenance) and
+      neutralModel(package, type, name, signature, provenance) and
       ext = "" and
-      pred = "negative summary"
+      pred = "neutral"
     |
       not package.regexpMatch("[a-zA-Z0-9_\\.]*") and
       result = "Dubious package \"" + package + "\" in " + pred + " model."
@@ -541,7 +510,7 @@ private predicate elementSpec(
   or
   summaryModel(package, type, subtypes, name, signature, ext, _, _, _, _)
   or
-  negativeSummaryModel(package, type, name, signature, _) and ext = "" and subtypes = false
+  neutralModel(package, type, name, signature, _) and ext = "" and subtypes = false
 }
 
 private string paramsStringPart(Callable c, int i) {
@@ -590,7 +559,7 @@ private Element interpretElement0(
   )
 }
 
-/** Gets the source/sink/summary/negativesummary element corresponding to the supplied parameters. */
+/** Gets the source/sink/summary/neutral element corresponding to the supplied parameters. */
 Element interpretElement(
   string package, string type, boolean subtypes, string name, string signature, string ext
 ) {

java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll

@@ -246,14 +246,14 @@ module Public {
     predicate isAutoGenerated() { none() }
   }
 
-  /** A callable with a flow summary stating there is no flow via the callable. */
-  class NegativeSummarizedCallable extends SummarizedCallableBase {
-    NegativeSummarizedCallable() { negativeSummaryElement(this, _) }
+  /** A callable where there is no flow via the callable. */
+  class NeutralCallable extends SummarizedCallableBase {
+    NeutralCallable() { neutralElement(this, _) }
 
     /**
-     *  Holds if the negative summary is auto generated.
+     *  Holds if the neutral is auto generated.
      */
-    predicate isAutoGenerated() { negativeSummaryElement(this, true) }
+    predicate isAutoGenerated() { neutralElement(this, true) }
   }
 }
 
@@ -1161,9 +1161,9 @@ module Private {
       string toString() { result = super.toString() }
     }
 
-    /** A flow summary to include in the `negativeSummary/1` query predicate. */
-    abstract class RelevantNegativeSummarizedCallable instanceof NegativeSummarizedCallable {
-      /** Gets the string representation of this callable used by `summary/1`. */
+    /** A model to include in the `neutral/1` query predicate. */
+    abstract class RelevantNeutralCallable instanceof NeutralCallable {
+      /** Gets the string representation of this callable used by `neutral/1`. */
       abstract string getCallableCsv();
 
       string toString() { result = super.toString() }
@@ -1180,13 +1180,13 @@ module Private {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
-    private string renderProvenanceNegative(NegativeSummarizedCallable c) {
+    private string renderProvenanceNeutral(NeutralCallable c) {
       if c.isAutoGenerated() then result = "generated" else result = "manual"
     }
 
     /**
      * A query predicate for outputting flow summaries in semi-colon separated format in QL tests.
-     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance"",
+     * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance",
      * ext is hardcoded to empty.
      */
     query predicate summary(string csv) {
@@ -1205,14 +1205,14 @@ module Private {
     }
 
     /**
-     * Holds if a negative flow summary `csv` exists (semi-colon separated format). Used for testing purposes.
+     * Holds if a neutral model `csv` exists (semi-colon separated format). Used for testing purposes.
      * The syntax is: "namespace;type;name;signature;provenance"",
      */
-    query predicate negativeSummary(string csv) {
-      exists(RelevantNegativeSummarizedCallable c |
+    query predicate neutral(string csv) {
+      exists(RelevantNeutralCallable c |
         csv =
           c.getCallableCsv() // Callable information
-            + renderProvenanceNegative(c) // provenance
+            + renderProvenanceNeutral(c) // provenance
       )
     }
   }

java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll

@@ -163,12 +163,12 @@ predicate summaryElement(
 }
 
 /**
- * Holds if a negative flow summary exists for `c`, which means that there is no
- * flow through `c`. The flag `generated` states whether the summary is autogenerated.
+ * Holds if a neutral model exists for `c`, which means that there is no
+ * flow through `c`. The flag `generated` states whether the model is autogenerated.
  */
-predicate negativeSummaryElement(SummarizedCallableBase c, boolean generated) {
+predicate neutralElement(SummarizedCallableBase c, boolean generated) {
   exists(string namespace, string type, string name, string signature, string provenance |
-    negativeSummaryModel(namespace, type, name, signature, provenance) and
+    neutralModel(namespace, type, name, signature, provenance) and
     generated = isGenerated(provenance) and
     c.asCallable() = interpretElement(namespace, type, false, name, signature, "")
   )