From 69d50e103f61ee87f6cbb015db9ed2a00cf30ba9 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 23 Jul 2025 08:41:24 +0000 Subject: [PATCH 1/5] Initial plan From 0245cd872c225061f1556f69dd97a5d9db305de7 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 23 Jul 2025 08:49:24 +0000 Subject: [PATCH 2/5] Remove deprecated Rust dataflow predicates and associated classes Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com> --- .../rust/dataflow/internal/ModelsAsData.qll | 123 +----------------- .../rust/dataflow/internal/empty.model.yml | 12 -- 2 files changed, 3 insertions(+), 132 deletions(-) diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll index 112fe6de5dcd..5f701c2aa598 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll @@ -49,22 +49,7 @@ private import codeql.rust.dataflow.FlowSource private import codeql.rust.dataflow.FlowSink private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl -/** - * DEPRECATED: Do not use. - * - * Holds if in a call to the function with canonical path `path`, defined in the - * crate `crate`, the value referred to by `output` is a flow source of the given - * `kind`. - * - * `output = "ReturnValue"` simply means the result of the call itself. - * - * For more information on the `kind` parameter, see - * https://github.com/github/codeql/blob/main/docs/codeql/reusables/threat-model-description.rst. - */ -extensible predicate sourceModelDeprecated( - string crate, string path, string output, string kind, string provenance, - QlBuiltins::ExtensionId madId -); + /** * Holds if in a call to the function with canonical path `path`, the value referred @@ -79,23 +64,7 @@ extensible predicate sourceModel( string path, string output, string kind, string provenance, QlBuiltins::ExtensionId madId ); -/** - * DEPRECATED: Do not use. - * - * Holds if in a call to the function with canonical path `path`, defined in the - * crate `crate`, the value referred to by `input` is a flow sink of the given - * `kind`. - * - * For example, `input = Argument[0]` means the first argument of the call. - * - * The following kinds are supported: - * - * - `sql-injection`: a flow sink for SQL injection. - */ -extensible predicate sinkModelDeprecated( - string crate, string path, string input, string kind, string provenance, - QlBuiltins::ExtensionId madId -); + /** * Holds if in a call to the function with canonical path `path`, the value referred @@ -111,20 +80,7 @@ extensible predicate sinkModel( string path, string input, string kind, string provenance, QlBuiltins::ExtensionId madId ); -/** - * DEPRECATED: Do not use. - * - * Holds if in a call to the function with canonical path `path`, defined in the - * crate `crate`, the value referred to by `input` can flow to the value referred - * to by `output`. - * - * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving - * steps, respectively. - */ -extensible predicate summaryModelDeprecated( - string crate, string path, string input, string output, string kind, string provenance, - QlBuiltins::ExtensionId madId -); + /** * Holds if in a call to the function with canonical path `path`, the value referred @@ -144,66 +100,23 @@ extensible predicate summaryModel( * This predicate should only be used in tests. */ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) { - exists(string crate, string path, string output, string kind | - sourceModelDeprecated(crate, path, output, kind, _, madId) and - model = "Source: " + crate + "; " + path + "; " + output + "; " + kind - ) - or exists(string path, string output, string kind | sourceModel(path, output, kind, _, madId) and model = "Source: " + path + "; " + output + "; " + kind ) or - exists(string crate, string path, string input, string kind | - sinkModelDeprecated(crate, path, input, kind, _, madId) and - model = "Sink: " + crate + "; " + path + "; " + input + "; " + kind - ) - or exists(string path, string input, string kind | sinkModel(path, input, kind, _, madId) and model = "Sink: " + path + "; " + input + "; " + kind ) or - exists(string type, string path, string input, string output, string kind | - summaryModelDeprecated(type, path, input, output, kind, _, madId) and - model = "Summary: " + type + "; " + path + "; " + input + "; " + output + "; " + kind - ) - or exists(string path, string input, string output, string kind | summaryModel(path, input, output, kind, _, madId) and model = "Summary: " + path + "; " + input + "; " + output + "; " + kind ) } -private class SummarizedCallableFromModelDeprecated extends SummarizedCallable::Range { - private string crate; - private string path; - - SummarizedCallableFromModelDeprecated() { - summaryModelDeprecated(crate, path, _, _, _, _, _) and - exists(CallExprBase call, Resolvable r | - call.getStaticTarget() = this and - r = CallExprBaseImpl::getCallResolvable(call) and - r.getResolvedPath() = path and - r.getResolvedCrateOrigin() = crate - ) - } - override predicate propagatesFlow( - string input, string output, boolean preservesValue, string model - ) { - exists(string kind, QlBuiltins::ExtensionId madId | - summaryModelDeprecated(crate, path, input, output, kind, _, madId) and - model = "MaD:" + madId.toString() - | - kind = "value" and - preservesValue = true - or - kind = "taint" and - preservesValue = false - ) - } -} private class SummarizedCallableFromModel extends SummarizedCallable::Range { private string path; @@ -233,22 +146,7 @@ private class SummarizedCallableFromModel extends SummarizedCallable::Range { } } -private class FlowSourceFromModelDeprecated extends FlowSource::Range { - private string crate; - private string path; - - FlowSourceFromModelDeprecated() { - sourceModelDeprecated(crate, path, _, _, _, _) and - this.callResolvesTo(crate, path) - } - override predicate isSource(string output, string kind, Provenance provenance, string model) { - exists(QlBuiltins::ExtensionId madId | - sourceModelDeprecated(crate, path, output, kind, provenance, madId) and - model = "MaD:" + madId.toString() - ) - } -} private class FlowSourceFromModel extends FlowSource::Range { private string path; @@ -266,22 +164,7 @@ private class FlowSourceFromModel extends FlowSource::Range { } } -private class FlowSinkFromModelDeprecated extends FlowSink::Range { - private string crate; - private string path; - - FlowSinkFromModelDeprecated() { - sinkModelDeprecated(crate, path, _, _, _, _) and - this.callResolvesTo(crate, path) - } - override predicate isSink(string input, string kind, Provenance provenance, string model) { - exists(QlBuiltins::ExtensionId madId | - sinkModelDeprecated(crate, path, input, kind, provenance, madId) and - model = "MaD:" + madId.toString() - ) - } -} private class FlowSinkFromModel extends FlowSink::Range { private string path; diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/empty.model.yml b/rust/ql/lib/codeql/rust/dataflow/internal/empty.model.yml index 1200720a0cee..1a33951dfc38 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/empty.model.yml +++ b/rust/ql/lib/codeql/rust/dataflow/internal/empty.model.yml @@ -1,28 +1,16 @@ extensions: # Make sure that the extensible model predicates have at least one definition # to avoid errors about undefined extensionals. - - addsTo: - pack: codeql/rust-all - extensible: sourceModelDeprecated - data: [] - addsTo: pack: codeql/rust-all extensible: sourceModel data: [] - - addsTo: - pack: codeql/rust-all - extensible: sinkModelDeprecated - data: [] - addsTo: pack: codeql/rust-all extensible: sinkModel data: [] - - addsTo: - pack: codeql/rust-all - extensible: summaryModelDeprecated - data: [] - addsTo: pack: codeql/rust-all extensible: summaryModel From 2cc732e23532e11ad4b8f7b20e0ac6d8b34b8d2f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 23 Jul 2025 09:38:10 +0000 Subject: [PATCH 3/5] Apply QL autoformatter to ModelsAsData.qll Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com> --- .../codeql/rust/dataflow/internal/ModelsAsData.qll | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll index 5f701c2aa598..be72255f7934 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll @@ -49,8 +49,6 @@ private import codeql.rust.dataflow.FlowSource private import codeql.rust.dataflow.FlowSink private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl - - /** * Holds if in a call to the function with canonical path `path`, the value referred * to by `output` is a flow source of the given `kind`. @@ -64,8 +62,6 @@ extensible predicate sourceModel( string path, string output, string kind, string provenance, QlBuiltins::ExtensionId madId ); - - /** * Holds if in a call to the function with canonical path `path`, the value referred * to by `input` is a flow sink of the given `kind`. @@ -80,8 +76,6 @@ extensible predicate sinkModel( string path, string input, string kind, string provenance, QlBuiltins::ExtensionId madId ); - - /** * Holds if in a call to the function with canonical path `path`, the value referred * to by `input` can flow to the value referred to by `output`. @@ -116,8 +110,6 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) { ) } - - private class SummarizedCallableFromModel extends SummarizedCallable::Range { private string path; @@ -146,8 +138,6 @@ private class SummarizedCallableFromModel extends SummarizedCallable::Range { } } - - private class FlowSourceFromModel extends FlowSource::Range { private string path; @@ -164,8 +154,6 @@ private class FlowSourceFromModel extends FlowSource::Range { } } - - private class FlowSinkFromModel extends FlowSink::Range { private string path; From f1df63657b09a664015a6ac10059c0a488f1d210 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 23 Jul 2025 10:08:51 +0000 Subject: [PATCH 4/5] Add CodeQL autoformatter instructions to copilot-instructions.md Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com> --- .github/copilot-instructions.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index 6621d59b7c23..3ec6170ab36c 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -2,3 +2,10 @@ When reviewing code: * do not review changes in files with `.expected` extension (they are automatically ensured to be correct). * in `.ql` and `.qll` files, do not try to review the code itself as you don't understand the programming language well enough to make comments in these languages. You can still check for typos or comment improvements. + +When editing `.ql` and `.qll` files: +* All edited `.ql` and `.qll` files should be autoformatted afterwards using the CodeQL CLI. +* To install and use the CodeQL CLI autoformatter: + 1. Download and extract CodeQL CLI: `cd /tmp && curl -L -o codeql-linux64.zip https://github.com/github/codeql-cli-binaries/releases/latest/download/codeql-linux64.zip && unzip -q codeql-linux64.zip` + 2. Add to PATH: `export PATH="/tmp/codeql:$PATH"` + 3. Run autoformatter: `codeql query format [file] --in-place` From defd4a1d082d179672072c0b37ea956b0fd0b17f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 23 Jul 2025 10:41:31 +0000 Subject: [PATCH 5/5] Add change note for removal of deprecated dataflow predicates Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com> --- .../2025-07-23-remove-deprecated-dataflow-predicates.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 rust/ql/lib/change-notes/2025-07-23-remove-deprecated-dataflow-predicates.md diff --git a/rust/ql/lib/change-notes/2025-07-23-remove-deprecated-dataflow-predicates.md b/rust/ql/lib/change-notes/2025-07-23-remove-deprecated-dataflow-predicates.md new file mode 100644 index 000000000000..97a222a65dbe --- /dev/null +++ b/rust/ql/lib/change-notes/2025-07-23-remove-deprecated-dataflow-predicates.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Removed deprecated dataflow extensible predicates `sourceModelDeprecated`, `sinkModelDeprecated`, and `summaryModelDeprecated`, along with their associated classes. \ No newline at end of file pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy