diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll index cf211b4397d..08e4a073ddb 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll @@ -213,6 +213,8 @@ private module MadInput implements SharedMaD::InputSig { provenance = "manual" and model = "" } + + string namespaceSegmentSeparator() { result = "::" } } private module MaD = SharedMaD::ModelsAsData; @@ -247,62 +249,6 @@ predicate summaryModel( ) } -private predicate relevantNamespace(string namespace) { - sourceModel(namespace, _, _, _, _, _, _, _, _, _) or - sinkModel(namespace, _, _, _, _, _, _, _, _, _) or - summaryModel(namespace, _, _, _, _, _, _, _, _, _, _) -} - -private predicate namespaceLink(string shortns, string longns) { - relevantNamespace(shortns) and - relevantNamespace(longns) and - longns.prefix(longns.indexOf("::")) = shortns -} - -private predicate canonicalNamespace(string namespace) { - relevantNamespace(namespace) and not namespaceLink(_, namespace) -} - -private predicate canonicalNamespaceLink(string namespace, string subns) { - canonicalNamespace(namespace) and - (subns = namespace or namespaceLink(namespace, subns)) -} - -/** - * Holds if MaD framework coverage of `namespace` is `n` api endpoints of the - * kind `(kind, part)`, and `namespaces` is the number of subnamespaces of - * `namespace` which have MaD framework coverage (including `namespace` - * itself). - */ -predicate modelCoverage(string namespace, int namespaces, string kind, string part, int n) { - namespaces = strictcount(string subns | canonicalNamespaceLink(namespace, subns)) and - ( - part = "source" and - n = - strictcount(string subns, string type, boolean subtypes, string name, string signature, - string ext, string output, string provenance, string model | - canonicalNamespaceLink(namespace, subns) and - sourceModel(subns, type, subtypes, name, signature, ext, output, kind, provenance, model) - ) - or - part = "sink" and - n = - strictcount(string subns, string type, boolean subtypes, string name, string signature, - string ext, string input, string provenance, string model | - canonicalNamespaceLink(namespace, subns) and - sinkModel(subns, type, subtypes, name, signature, ext, input, kind, provenance, model) - ) - or - part = "summary" and - n = - strictcount(string subns, string type, boolean subtypes, string name, string signature, - string ext, string input, string output, string provenance | - canonicalNamespaceLink(namespace, subns) and - summaryModel(subns, type, subtypes, name, signature, ext, input, output, kind, provenance, _) - ) - ) -} - /** Provides a query predicate to check the CSV data for validation errors. */ module CsvValidation { private string getInvalidModelInput() { diff --git a/shared/mad/codeql/mad/static/MaD.qll b/shared/mad/codeql/mad/static/MaD.qll index c466bd5487d..76d4fa484a6 100644 --- a/shared/mad/codeql/mad/static/MaD.qll +++ b/shared/mad/codeql/mad/static/MaD.qll @@ -81,6 +81,9 @@ signature module InputSig { ) { none() } + + /** Get the separator used between namespace segments. */ + default string namespaceSegmentSeparator() { result = "." } } module ModelsAsData { @@ -214,7 +217,7 @@ module ModelsAsData { private predicate namespaceLink(string shortns, string longns) { relevantNamespace(shortns) and relevantNamespace(longns) and - longns.prefix(longns.indexOf(".")) = shortns + longns.prefix(longns.indexOf(Input::namespaceSegmentSeparator())) = shortns } private predicate canonicalNamespace(string namespace) {