Shared: Put the content of CaptureSummaryFlowQuery into the shared library code.

2025-12-17 01:03:14 +01:00 · 2024-09-24 15:46:44 +02:00
parent fd45d2dcbb
commit e6085759ae
11 changed files with 28 additions and 189 deletions
--- a/java/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
+++ b/java/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
@@ -7,7 +7,6 @@
 */

 import internal.CaptureModels
-import internal.CaptureSummaryFlowQuery

 from DataFlowSummaryTargetApi api, string noflow
 where noflow = captureNoFlow(api)
--- a/java/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
+++ b/java/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
@@ -7,7 +7,6 @@
 */

 import internal.CaptureModels
-import internal.CaptureSummaryFlowQuery

 from DataFlowSummaryTargetApi api, string flow
 where flow = captureFlow(api)
--- a/java/ql/src/utils/modelgenerator/internal/CaptureSummaryFlowQuery.qll
+++ b/java/ql/src/utils/modelgenerator/internal/CaptureSummaryFlowQuery.qll
@@ -1,84 +0,0 @@
-private import CaptureModels
-
-/**
- * Capture fluent APIs that return `this`.
- * Example of a fluent API:
- * ```java
- * public class Foo {
- *   public Foo someAPI() {
- *    // some side-effect
- *    return this;
- *  }
- * }
- * ```
- *
- * Capture APIs that transfer taint from an input parameter to an output return
- * value or parameter.
- * Allows a sequence of read steps followed by a sequence of store steps.
- *
- * Examples:
- *
- * ```java
- * public class Foo {
- *   private String tainted;
- *
- *   public String returnsTainted() {
- *     return tainted;
- *   }
- *
- *   public void putsTaintIntoParameter(List<String> foo) {
- *     foo.add(tainted);
- *   }
- * }
- * ```
- * Captured Models:
- * ```
- * p;Foo;true;returnsTainted;;Argument[this];ReturnValue;taint;df-generated
- * p;Foo;true;putsTaintIntoParameter;(List);Argument[this];Argument[0];taint;df-generated
- * ```
- *
- * ```java
- * public class Foo {
- *  private String tainted;
- *  public void doSomething(String input) {
- *    tainted = input;
- *  }
- * ```
- * Captured Model:
- * ```p;Foo;true;doSomething;(String);Argument[0];Argument[this];taint;df-generated```
- *
- * ```java
- * public class Foo {
- *   public String returnData(String tainted) {
- *     return tainted.substring(0,10)
- *   }
- * }
- * ```
- * Captured Model:
- * ```p;Foo;true;returnData;;Argument[0];ReturnValue;taint;df-generated```
- *
- * ```java
- * public class Foo {
- *   public void addToList(String tainted, List<String> foo) {
- *     foo.add(tainted);
- *   }
- * }
- * ```
- * Captured Model:
- * ```p;Foo;true;addToList;;Argument[0];Argument[1];taint;df-generated```
- */
-string captureFlow(DataFlowSummaryTargetApi api) {
-  result = captureQualifierFlow(api) or
-  result = captureThroughFlow(api)
-}
-
-/**
- * Gets the neutral summary model for `api`, if any.
- * A neutral summary model is generated, if we are not generating
- * a summary model that applies to `api`.
- */
-string captureNoFlow(DataFlowSummaryTargetApi api) {
-  not exists(DataFlowSummaryTargetApi api0 | exists(captureFlow(api0)) and api0.lift() = api.lift()) and
-  api.isRelevant() and
-  result = ModelPrinting::asNeutralSummaryModel(api)
-}
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql
@@ -1,5 +1,5 @@
 import java
-import utils.modelgenerator.internal.CaptureSummaryFlowQuery
+import utils.modelgenerator.internal.CaptureModels
 import TestUtilities.InlineMadTest

 module InlineMadTestConfig implements InlineMadTestConfigSig {
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql
@@ -1,5 +1,5 @@
 import java
-import utils.modelgenerator.internal.CaptureSummaryFlowQuery
+import utils.modelgenerator.internal.CaptureModels
 import TestUtilities.InlineMadTest

 module InlineMadTestConfig implements InlineMadTestConfigSig {