diff --git a/cpp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql b/cpp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql deleted file mode 100644 index d03fa1b6030d..000000000000 --- a/cpp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql +++ /dev/null @@ -1,13 +0,0 @@ -/** - * @name Capture mixed neutral models. - * @description Finds neutral models to be used by other queries. - * @kind diagnostic - * @id cpp/utils/modelgenerator/mixed-neutral-models - * @tags modelgenerator - */ - -import internal.CaptureModels - -from DataFlowSummaryTargetApi api, string noflow -where noflow = captureMixedNeutral(api) -select noflow order by noflow diff --git a/cpp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql b/cpp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql deleted file mode 100644 index dc289a07ab12..000000000000 --- a/cpp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql +++ /dev/null @@ -1,13 +0,0 @@ -/** - * @name Capture mixed summary models. - * @description Finds applicable summary models to be used by other queries. - * @kind diagnostic - * @id cpp/utils/modelgenerator/mixed-summary-models - * @tags modelgenerator - */ - -import internal.CaptureModels - -from DataFlowSummaryTargetApi api, string flow -where flow = captureMixedFlow(api, _) -select flow order by flow diff --git a/cpp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql b/cpp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql index 8a244cabe869..e9a5ea24deca 100644 --- a/cpp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql +++ b/cpp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSummaryTargetApi api, string noflow -where noflow = captureNoFlow(api) +where noflow = captureNeutral(api) select noflow order by noflow diff --git a/cpp/ql/src/utils/modelgenerator/CaptureSinkModels.ql b/cpp/ql/src/utils/modelgenerator/CaptureSinkModels.ql index 8cbcac192a27..5485a2645bcb 100644 --- a/cpp/ql/src/utils/modelgenerator/CaptureSinkModels.ql +++ b/cpp/ql/src/utils/modelgenerator/CaptureSinkModels.ql @@ -7,6 +7,7 @@ */ import internal.CaptureModels +import Heuristic from DataFlowSinkTargetApi api, string sink where sink = captureSink(api) diff --git a/cpp/ql/src/utils/modelgenerator/CaptureSourceModels.ql b/cpp/ql/src/utils/modelgenerator/CaptureSourceModels.ql index b4614634ce6a..c2240c646886 100644 --- a/cpp/ql/src/utils/modelgenerator/CaptureSourceModels.ql +++ b/cpp/ql/src/utils/modelgenerator/CaptureSourceModels.ql @@ -7,6 +7,7 @@ */ import internal.CaptureModels +import Heuristic from DataFlowSourceTargetApi api, string source where source = captureSource(api) diff --git a/cpp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql b/cpp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql index ba6921351725..60341abc0b59 100644 --- a/cpp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql +++ b/cpp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSummaryTargetApi api, string flow -where flow = captureFlow(api) +where flow = captureFlow(api, _) select flow order by flow diff --git a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureSummaryModels.expected b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.expected similarity index 100% rename from cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureSummaryModels.expected rename to cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.expected diff --git a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureSummaryModels.ext.yml b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ext.yml similarity index 100% rename from cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureSummaryModels.ext.yml rename to cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ext.yml diff --git a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureSummaryModels.ql b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql similarity index 59% rename from cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureSummaryModels.ql rename to cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql index 65ec6060e87b..3ab1dc6c4710 100644 --- a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureSummaryModels.ql +++ b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql @@ -3,9 +3,9 @@ import utils.modelgenerator.internal.CaptureModels import InlineModelsAsDataTest module InlineMadTestConfig implements InlineMadTestConfigSig { - string getCapturedModel(MadRelevantFunction c) { result = captureFlow(c) } + string getCapturedModel(MadRelevantFunction c) { result = Heuristic::captureFlow(c) } - string getKind() { result = "summary" } + string getKind() { result = "heuristic-summary" } } import InlineMadTest diff --git a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp index 8b6da3e8ac57..d7dc9f70e13e 100644 --- a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp +++ b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp @@ -10,32 +10,32 @@ namespace Models { //No model as destructors are excluded from model generation. ~BasicFlow() = default; - //summary=Models;BasicFlow;true;returnThis;(int *);;Argument[-1];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnThis;(int *);;Argument[-1];ReturnValue[*];taint;df-generated //contentbased-summary=Models;BasicFlow;true;returnThis;(int *);;Argument[-1];ReturnValue[*];value;dfc-generated BasicFlow* returnThis(int* input) { return this; } - //summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[0];ReturnValue;taint;df-generated - //summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[*0];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[0];ReturnValue;taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[*0];ReturnValue[*];taint;df-generated //contentbased-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[0];ReturnValue;value;dfc-generated //contentbased-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[*0];ReturnValue[*];value;dfc-generated int* returnParam0(int* input0, int* input1) { return input0; } - //summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[1];ReturnValue;taint;df-generated - //summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[*1];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[1];ReturnValue;taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[*1];ReturnValue[*];taint;df-generated //contentbased-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[1];ReturnValue;value;dfc-generated //contentbased-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[*1];ReturnValue[*];value;dfc-generated int* returnParam1(int* input0, int* input1) { return input1; } - //summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[1];ReturnValue;taint;df-generated - //summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*1];ReturnValue[*];taint;df-generated - //summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[2];ReturnValue;taint;df-generated - //summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*2];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[1];ReturnValue;taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*1];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[2];ReturnValue;taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*2];ReturnValue[*];taint;df-generated //contentbased-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[1];ReturnValue;value;dfc-generated //contentbased-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*1];ReturnValue[*];value;dfc-generated //contentbased-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[2];ReturnValue;value;dfc-generated @@ -44,11 +44,11 @@ namespace Models { return b ? input0 : input1; } - //summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];Argument[*1];taint;df-generated - //summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];ReturnValue[*];taint;df-generated - //summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];ReturnValue[*];taint;df-generated - //summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[1];ReturnValue;taint;df-generated - //summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];Argument[*1];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];Argument[*1];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[1];ReturnValue;taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];Argument[*1];taint;df-generated //contentbased-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];Argument[*1];taint;dfc-generated //contentbased-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];ReturnValue[*];taint;dfc-generated //contentbased-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];ReturnValue[*];value;dfc-generated @@ -58,16 +58,16 @@ namespace Models { return strcpy(dest, source + 1); } - //summary=Models;BasicFlow;true;setField;(int *);;Argument[0];Argument[-1];taint;df-generated - //summary=Models;BasicFlow;true;setField;(int *);;Argument[*0];Argument[-1];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;setField;(int *);;Argument[0];Argument[-1];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;setField;(int *);;Argument[*0];Argument[-1];taint;df-generated //contentbased-summary=Models;BasicFlow;true;setField;(int *);;Argument[0];Argument[-1].Field[*tainted];value;dfc-generated //contentbased-summary=Models;BasicFlow;true;setField;(int *);;Argument[*0];Argument[-1].Field[**tainted];value;dfc-generated void setField(int* s) { tainted = s; } - //summary=Models;BasicFlow;true;returnField;();;Argument[-1];ReturnValue;taint;df-generated - //summary=Models;BasicFlow;true;returnField;();;Argument[-1];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnField;();;Argument[-1];ReturnValue;taint;df-generated + //heuristic-summary=Models;BasicFlow;true;returnField;();;Argument[-1];ReturnValue[*];taint;df-generated //contentbased-summary=Models;BasicFlow;true;returnField;();;Argument[-1].Field[*tainted];ReturnValue;value;dfc-generated //contentbased-summary=Models;BasicFlow;true;returnField;();;Argument[-1].Field[**tainted];ReturnValue[*];value;dfc-generated int* returnField() { @@ -79,34 +79,34 @@ namespace Models { struct TemplatedFlow { T tainted; - //summary=Models;TemplatedFlow;true;template_returnThis;(T);;Argument[-1];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;TemplatedFlow;true;template_returnThis;(T);;Argument[-1];ReturnValue[*];taint;df-generated //contentbased-summary=Models;TemplatedFlow;true;template_returnThis;(T);;Argument[-1];ReturnValue[*];value;dfc-generated TemplatedFlow* template_returnThis(T input) { return this; } - //summary=Models;TemplatedFlow;true;template_returnParam0;(T *,T *);;Argument[0];ReturnValue;taint;df-generated - //summary=Models;TemplatedFlow;true;template_returnParam0;(T *,T *);;Argument[*0];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;TemplatedFlow;true;template_returnParam0;(T *,T *);;Argument[0];ReturnValue;taint;df-generated + //heuristic-summary=Models;TemplatedFlow;true;template_returnParam0;(T *,T *);;Argument[*0];ReturnValue[*];taint;df-generated //contentbased-summary=Models;TemplatedFlow;true;template_returnParam0;(T *,T *);;Argument[0];ReturnValue;value;dfc-generated //contentbased-summary=Models;TemplatedFlow;true;template_returnParam0;(T *,T *);;Argument[*0];ReturnValue[*];value;dfc-generated T* template_returnParam0(T* input0, T* input1) { return input0; } - //summary=Models;TemplatedFlow;true;template_setField;(T);;Argument[0];Argument[-1];taint;df-generated + //heuristic-summary=Models;TemplatedFlow;true;template_setField;(T);;Argument[0];Argument[-1];taint;df-generated //contentbased-summary=Models;TemplatedFlow;true;template_setField;(T);;Argument[0];Argument[-1].Field[*tainted];value;dfc-generated void template_setField(T s) { tainted = s; } - //summary=Models;TemplatedFlow;true;template_returnField;();;Argument[-1];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;TemplatedFlow;true;template_returnField;();;Argument[-1];ReturnValue[*];taint;df-generated //contentbased-summary=Models;TemplatedFlow;true;template_returnField;();;Argument[-1].Field[*tainted];ReturnValue[*];value;dfc-generated T& template_returnField() { return tainted; } - //summary=Models;TemplatedFlow;true;templated_function;(U *,T *);;Argument[0];ReturnValue;taint;df-generated - //summary=Models;TemplatedFlow;true;templated_function;(U *,T *);;Argument[*0];ReturnValue[*];taint;df-generated + //heuristic-summary=Models;TemplatedFlow;true;templated_function;(U *,T *);;Argument[0];ReturnValue;taint;df-generated + //heuristic-summary=Models;TemplatedFlow;true;templated_function;(U *,T *);;Argument[*0];ReturnValue[*];taint;df-generated //contentbased-summary=Models;TemplatedFlow;true;templated_function;(U *,T *);;Argument[0];ReturnValue;value;dfc-generated //contentbased-summary=Models;TemplatedFlow;true;templated_function;(U *,T *);;Argument[*0];ReturnValue[*];value;dfc-generated template @@ -129,8 +129,8 @@ namespace Models { } } -//summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;df-generated -//summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;taint;df-generated +//heuristic-summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;df-generated +//heuristic-summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;taint;df-generated //contentbased-summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;dfc-generated //contentbased-summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;value;dfc-generated int toplevel_function(int* p) { @@ -143,13 +143,13 @@ static int static_toplevel_function(int* p) { } struct NonFinalStruct { - //summary=;NonFinalStruct;true;public_not_final_member_function;(int);;Argument[0];ReturnValue;taint;df-generated + //heuristic-summary=;NonFinalStruct;true;public_not_final_member_function;(int);;Argument[0];ReturnValue;taint;df-generated //contentbased-summary=;NonFinalStruct;true;public_not_final_member_function;(int);;Argument[0];ReturnValue;value;dfc-generated virtual int public_not_final_member_function(int x) { return x; } - //summary=;NonFinalStruct;false;public_final_member_function;(int);;Argument[0];ReturnValue;taint;df-generated + //heuristic-summary=;NonFinalStruct;false;public_final_member_function;(int);;Argument[0];ReturnValue;taint;df-generated //contentbased-summary=;NonFinalStruct;false;public_final_member_function;(int);;Argument[0];ReturnValue;value;dfc-generated virtual int public_final_member_function(int x) final { return x; @@ -169,13 +169,13 @@ struct NonFinalStruct { }; struct FinalStruct final { - //summary=;FinalStruct;false;public_not_final_member_function_2;(int);;Argument[0];ReturnValue;taint;df-generated + //heuristic-summary=;FinalStruct;false;public_not_final_member_function_2;(int);;Argument[0];ReturnValue;taint;df-generated //contentbased-summary=;FinalStruct;false;public_not_final_member_function_2;(int);;Argument[0];ReturnValue;value;dfc-generated virtual int public_not_final_member_function_2(int x) { return x; } - //summary=;FinalStruct;false;public_final_member_function_2;(int);;Argument[0];ReturnValue;taint;df-generated + //heuristic-summary=;FinalStruct;false;public_final_member_function_2;(int);;Argument[0];ReturnValue;taint;df-generated //contentbased-summary=;FinalStruct;false;public_final_member_function_2;(int);;Argument[0];ReturnValue;value;dfc-generated virtual int public_final_member_function_2(int x) final { return x; @@ -186,16 +186,16 @@ union U { int x, y; }; -//summary=;;true;get_x_from_union;(U *);;Argument[0];ReturnValue;taint;df-generated -//summary=;;true;get_x_from_union;(U *);;Argument[*0];ReturnValue;taint;df-generated +//heuristic-summary=;;true;get_x_from_union;(U *);;Argument[0];ReturnValue;taint;df-generated +//heuristic-summary=;;true;get_x_from_union;(U *);;Argument[*0];ReturnValue;taint;df-generated //contentbased-summary=;;true;get_x_from_union;(U *);;Argument[0];ReturnValue;taint;dfc-generated //contentbased-summary=;;true;get_x_from_union;(U *);;Argument[*0].Union[*U];ReturnValue;value;dfc-generated int get_x_from_union(U* u) { return u->x; } -//summary=;;true;set_x_in_union;(U *,int);;Argument[1];Argument[*0];taint;df-generated +//heuristic-summary=;;true;set_x_in_union;(U *,int);;Argument[1];Argument[*0];taint;df-generated //contentbased-summary=;;true;set_x_in_union;(U *,int);;Argument[1];Argument[*0].Union[*U];value;dfc-generated void set_x_in_union(U* u, int x) { u->x = x; -} \ No newline at end of file +} diff --git a/csharp/ql/integration-tests/posix/query-suite/not_included_in_qls.expected b/csharp/ql/integration-tests/posix/query-suite/not_included_in_qls.expected index 23bdca4394bf..9604a4aed64e 100644 --- a/csharp/ql/integration-tests/posix/query-suite/not_included_in_qls.expected +++ b/csharp/ql/integration-tests/posix/query-suite/not_included_in_qls.expected @@ -117,8 +117,6 @@ ql/csharp/ql/src/utils/modelconverter/ExtractSummaries.ql ql/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql ql/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql ql/csharp/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql -ql/csharp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql -ql/csharp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql ql/csharp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql ql/csharp/ql/src/utils/modelgenerator/CaptureSinkModels.ql ql/csharp/ql/src/utils/modelgenerator/CaptureSourceModels.ql diff --git a/csharp/ql/src/change-notes/2025-04-16-model-generation.md b/csharp/ql/src/change-notes/2025-04-16-model-generation.md new file mode 100644 index 000000000000..4c8c89c88455 --- /dev/null +++ b/csharp/ql/src/change-notes/2025-04-16-model-generation.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Changes to the MaD model generation infrastructure: Changed the query `cs/utils/modelgenerator/summary-models` to use the implementation from `cs/utils/modelgenerator/mixed-summary-models`. Removed the now-redundant `cs/utils/modelgenerator/mixed-summary-models` query. Similar replacement was made for `cs/utils/modelgenerator/neutral-models`. That is, if `GenerateFlowModel.py` is provided with `--with-summaries` combined/mixed models are now generated instead of heuristic models (and similar for `--with-neutrals`). diff --git a/csharp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql b/csharp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql deleted file mode 100644 index 6d7004fcc090..000000000000 --- a/csharp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql +++ /dev/null @@ -1,13 +0,0 @@ -/** - * @name Capture mixed neutral models. - * @description Finds neutral models to be used by other queries. - * @kind diagnostic - * @id cs/utils/modelgenerator/mixed-neutral-models - * @tags modelgenerator - */ - -import internal.CaptureModels - -from DataFlowSummaryTargetApi api, string noflow -where noflow = captureMixedNeutral(api) -select noflow order by noflow diff --git a/csharp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql b/csharp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql deleted file mode 100644 index 4a0bf7c9e227..000000000000 --- a/csharp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql +++ /dev/null @@ -1,13 +0,0 @@ -/** - * @name Capture mixed summary models. - * @description Finds applicable summary models to be used by other queries. - * @kind diagnostic - * @id cs/utils/modelgenerator/mixed-summary-models - * @tags modelgenerator - */ - -import internal.CaptureModels - -from DataFlowSummaryTargetApi api, string flow -where flow = captureMixedFlow(api, _) -select flow order by flow diff --git a/csharp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql b/csharp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql index 7a53125e21c1..2afb0ea02845 100644 --- a/csharp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql +++ b/csharp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSummaryTargetApi api, string noflow -where noflow = captureNoFlow(api) +where noflow = captureNeutral(api) select noflow order by noflow diff --git a/csharp/ql/src/utils/modelgenerator/CaptureSinkModels.ql b/csharp/ql/src/utils/modelgenerator/CaptureSinkModels.ql index 69701cd93720..f4c9405c96a7 100644 --- a/csharp/ql/src/utils/modelgenerator/CaptureSinkModels.ql +++ b/csharp/ql/src/utils/modelgenerator/CaptureSinkModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSinkTargetApi api, string sink -where sink = captureSink(api) +where sink = Heuristic::captureSink(api) select sink order by sink diff --git a/csharp/ql/src/utils/modelgenerator/CaptureSourceModels.ql b/csharp/ql/src/utils/modelgenerator/CaptureSourceModels.ql index 246551ce1457..70f853b35a95 100644 --- a/csharp/ql/src/utils/modelgenerator/CaptureSourceModels.ql +++ b/csharp/ql/src/utils/modelgenerator/CaptureSourceModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSourceTargetApi api, string source -where source = captureSource(api) +where source = Heuristic::captureSource(api) select source order by source diff --git a/csharp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql b/csharp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql index 991e593474e2..a0193397eb2e 100644 --- a/csharp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql +++ b/csharp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSummaryTargetApi api, string flow -where flow = captureFlow(api) +where flow = captureFlow(api, _) select flow order by flow diff --git a/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql b/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql index 62d3ad7f9f48..2aa2eafe69e1 100644 --- a/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql +++ b/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql @@ -14,7 +14,7 @@ import PartialFlow::PartialPathGraph int explorationLimit() { result = 3 } -module PartialFlow = PropagateFlow::FlowExplorationFwd; +module PartialFlow = Heuristic::PropagateFlow::FlowExplorationFwd; from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink, diff --git a/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql b/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql index 7be5a1fc00ec..d2df7382a514 100644 --- a/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql +++ b/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql @@ -10,6 +10,7 @@ import csharp import utils.modelgenerator.internal.CaptureModels +import Heuristic import PropagateFlow::PathGraph from diff --git a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.expected b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.expected similarity index 100% rename from csharp/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.expected rename to csharp/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.expected diff --git a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ext.yml b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ext.yml similarity index 100% rename from csharp/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ext.yml rename to csharp/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ext.yml diff --git a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql similarity index 61% rename from csharp/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql rename to csharp/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql index 93c8520caa1b..24cb66e427e7 100644 --- a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql +++ b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql @@ -3,9 +3,9 @@ import utils.modelgenerator.internal.CaptureModels import utils.test.InlineMadTest module InlineMadTestConfig implements InlineMadTestConfigSig { - string getCapturedModel(Callable c) { result = captureFlow(c) } + string getCapturedModel(Callable c) { result = Heuristic::captureFlow(c) } - string getKind() { result = "summary" } + string getKind() { result = "heuristic-summary" } } import InlineMadTest diff --git a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql index 719eca840f46..d5aa685bfe31 100644 --- a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql +++ b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql @@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels import utils.test.InlineMadTest module InlineMadTestConfig implements InlineMadTestConfigSig { - string getCapturedModel(Callable c) { result = captureNoFlow(c) } + string getCapturedModel(Callable c) { result = captureNeutral(c) } string getKind() { result = "neutral" } } diff --git a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql index ecd5a8e9e323..cc84ede4235e 100644 --- a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql +++ b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql @@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels import utils.test.InlineMadTest module InlineMadTestConfig implements InlineMadTestConfigSig { - string getCapturedModel(Callable c) { result = captureSink(c) } + string getCapturedModel(Callable c) { result = Heuristic::captureSink(c) } string getKind() { result = "sink" } } diff --git a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql index f5f09b153f82..4c10362960a2 100644 --- a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql +++ b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql @@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels import utils.test.InlineMadTest module InlineMadTestConfig implements InlineMadTestConfigSig { - string getCapturedModel(Callable c) { result = captureSource(c) } + string getCapturedModel(Callable c) { result = Heuristic::captureSource(c) } string getKind() { result = "source" } } diff --git a/csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs b/csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs index 7a6f16f383e5..f1dbc02512ab 100644 --- a/csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs +++ b/csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs @@ -12,29 +12,29 @@ public class BasicFlow private string tainted; - // summary=Models;BasicFlow;false;ReturnThis;(System.Object);;Argument[this];ReturnValue;value;df-generated + // heuristic-summary=Models;BasicFlow;false;ReturnThis;(System.Object);;Argument[this];ReturnValue;value;df-generated // contentbased-summary=Models;BasicFlow;false;ReturnThis;(System.Object);;Argument[this];ReturnValue;value;dfc-generated public BasicFlow ReturnThis(object input) { return this; } - // summary=Models;BasicFlow;false;ReturnParam0;(System.String,System.Object);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;BasicFlow;false;ReturnParam0;(System.String,System.Object);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;BasicFlow;false;ReturnParam0;(System.String,System.Object);;Argument[0];ReturnValue;value;dfc-generated public string ReturnParam0(string input0, object input1) { return input0; } - // summary=Models;BasicFlow;false;ReturnParam1;(System.String,System.Object);;Argument[1];ReturnValue;taint;df-generated + // heuristic-summary=Models;BasicFlow;false;ReturnParam1;(System.String,System.Object);;Argument[1];ReturnValue;taint;df-generated // contentbased-summary=Models;BasicFlow;false;ReturnParam1;(System.String,System.Object);;Argument[1];ReturnValue;value;dfc-generated public object ReturnParam1(string input0, object input1) { return input1; } - // summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[0];ReturnValue;taint;df-generated - // summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[1];ReturnValue;taint;df-generated + // heuristic-summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[1];ReturnValue;taint;df-generated // contentbased-summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[0];ReturnValue;value;dfc-generated // contentbased-summary=Models;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[1];ReturnValue;value;dfc-generated public object ReturnParamMultiple(object input0, object input1) @@ -42,21 +42,21 @@ public object ReturnParamMultiple(object input0, object input1) return (System.DateTime.Now.DayOfWeek == System.DayOfWeek.Monday) ? input0 : input1; } - // summary=Models;BasicFlow;false;ReturnSubstring;(System.String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;BasicFlow;false;ReturnSubstring;(System.String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;BasicFlow;false;ReturnSubstring;(System.String);;Argument[0];ReturnValue;taint;dfc-generated public string ReturnSubstring(string s) { return s.Substring(0, 1); } - // summary=Models;BasicFlow;false;SetField;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;BasicFlow;false;SetField;(System.String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;BasicFlow;false;SetField;(System.String);;Argument[0];Argument[this].SyntheticField[Models.BasicFlow.tainted];value;dfc-generated public void SetField(string s) { tainted = s; } - // summary=Models;BasicFlow;false;ReturnField;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;BasicFlow;false;ReturnField;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;BasicFlow;false;ReturnField;();;Argument[this].SyntheticField[Models.BasicFlow.tainted];ReturnValue;value;dfc-generated public string ReturnField() { @@ -64,8 +64,8 @@ public string ReturnField() } public Func MyFunction; - // summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[0];Argument[this];taint;df-generated - // summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[this];ReturnValue;taint;df-generated // No content based flow as MaD doesn't support callback logic in fields and properties. public object ApplyMyFunction(object o) { @@ -77,91 +77,91 @@ public class CollectionFlow { private readonly string tainted; - // summary=Models;CollectionFlow;false;CollectionFlow;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;CollectionFlow;false;CollectionFlow;(System.String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;CollectionFlow;false;CollectionFlow;(System.String);;Argument[0];Argument[this].SyntheticField[Models.CollectionFlow.tainted];value;dfc-generated public CollectionFlow(string s) { tainted = s; } - // summary=Models;CollectionFlow;false;ReturnArrayElement;(System.Object[]);;Argument[0].Element;ReturnValue;taint;df-generated + // heuristic-summary=Models;CollectionFlow;false;ReturnArrayElement;(System.Object[]);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;ReturnArrayElement;(System.Object[]);;Argument[0].Element;ReturnValue;value;dfc-generated public object ReturnArrayElement(object[] input) { return input[0]; } - // summary=Models;CollectionFlow;false;AssignToArray;(System.Object,System.Object[]);;Argument[0];Argument[1].Element;taint;df-generated + // heuristic-summary=Models;CollectionFlow;false;AssignToArray;(System.Object,System.Object[]);;Argument[0];Argument[1].Element;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;AssignToArray;(System.Object,System.Object[]);;Argument[0];Argument[1].Element;value;dfc-generated public void AssignToArray(object data, object[] target) { target[0] = data; } - // summary=Models;CollectionFlow;false;AssignFieldToArray;(System.Object[]);;Argument[this];Argument[0].Element;taint;df-generated + // heuristic-summary=Models;CollectionFlow;false;AssignFieldToArray;(System.Object[]);;Argument[this];Argument[0].Element;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;AssignFieldToArray;(System.Object[]);;Argument[this].SyntheticField[Models.CollectionFlow.tainted];Argument[0].Element;value;dfc-generated public void AssignFieldToArray(object[] target) { target[0] = tainted; } - // summary=Models;CollectionFlow;false;ReturnListElement;(System.Collections.Generic.List);;Argument[0].Element;ReturnValue;taint;df-generated + // heuristic-summary=Models;CollectionFlow;false;ReturnListElement;(System.Collections.Generic.List);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;ReturnListElement;(System.Collections.Generic.List);;Argument[0].Element;ReturnValue;value;dfc-generated public object ReturnListElement(List input) { return input[0]; } - // summary=Models;CollectionFlow;false;AddToList;(System.Collections.Generic.List,System.Object);;Argument[1];Argument[0].Element;taint;df-generated + // heuristic-summary=Models;CollectionFlow;false;AddToList;(System.Collections.Generic.List,System.Object);;Argument[1];Argument[0].Element;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;AddToList;(System.Collections.Generic.List,System.Object);;Argument[1];Argument[0].Element;value;dfc-generated public void AddToList(List input, object data) { input.Add(data); } - // summary=Models;CollectionFlow;false;AddFieldToList;(System.Collections.Generic.List);;Argument[this];Argument[0].Element;taint;df-generated + // heuristic-summary=Models;CollectionFlow;false;AddFieldToList;(System.Collections.Generic.List);;Argument[this];Argument[0].Element;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;AddFieldToList;(System.Collections.Generic.List);;Argument[this].SyntheticField[Models.CollectionFlow.tainted];Argument[0].Element;value;dfc-generated public void AddFieldToList(List input) { input.Add(tainted); } - // summary=Models;CollectionFlow;false;ReturnFieldInAList;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;CollectionFlow;false;ReturnFieldInAList;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;ReturnFieldInAList;();;Argument[this].SyntheticField[Models.CollectionFlow.tainted];ReturnValue.Element;value;dfc-generated public List ReturnFieldInAList() { return new List { tainted }; } - // SPURIOUS-summary=Models;CollectionFlow;false;ReturnComplexTypeArray;(System.String[]);;Argument[0].Element;ReturnValue;taint;df-generated + // SPURIOUS-heuristic-summary=Models;CollectionFlow;false;ReturnComplexTypeArray;(System.String[]);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;ReturnComplexTypeArray;(System.String[]);;Argument[0];ReturnValue;value;dfc-generated public string[] ReturnComplexTypeArray(string[] a) { return a; } - // SPURIOUS-summary=Models;CollectionFlow;false;ReturnBulkTypeList;(System.Collections.Generic.List);;Argument[0].Element;ReturnValue;taint;df-generated + // SPURIOUS-heuristic-summary=Models;CollectionFlow;false;ReturnBulkTypeList;(System.Collections.Generic.List);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;ReturnBulkTypeList;(System.Collections.Generic.List);;Argument[0];ReturnValue;value;dfc-generated public List ReturnBulkTypeList(List a) { return a; } - // SPURIOUS-summary=Models;CollectionFlow;false;ReturnComplexTypeDictionary;(System.Collections.Generic.Dictionary);;Argument[0].Element;ReturnValue;taint;df-generated + // SPURIOUS-heuristic-summary=Models;CollectionFlow;false;ReturnComplexTypeDictionary;(System.Collections.Generic.Dictionary);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;ReturnComplexTypeDictionary;(System.Collections.Generic.Dictionary);;Argument[0];ReturnValue;value;dfc-generated public Dictionary ReturnComplexTypeDictionary(Dictionary a) { return a; } - // SPURIOUS-summary=Models;CollectionFlow;false;ReturnUntypedArray;(System.Array);;Argument[0].Element;ReturnValue;taint;df-generated + // SPURIOUS-heuristic-summary=Models;CollectionFlow;false;ReturnUntypedArray;(System.Array);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;ReturnUntypedArray;(System.Array);;Argument[0];ReturnValue;value;dfc-generated public Array ReturnUntypedArray(Array a) { return a; } - // SPURIOUS-summary=Models;CollectionFlow;false;ReturnUntypedList;(System.Collections.IList);;Argument[0].Element;ReturnValue;taint;df-generated + // SPURIOUS-heuristic-summary=Models;CollectionFlow;false;ReturnUntypedList;(System.Collections.IList);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=Models;CollectionFlow;false;ReturnUntypedList;(System.Collections.IList);;Argument[0];ReturnValue;value;dfc-generated public IList ReturnUntypedList(IList a) { @@ -195,28 +195,28 @@ public class IEnumerableFlow { private readonly string tainted; - // summary=Models;IEnumerableFlow;false;IEnumerableFlow;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;IEnumerableFlow;false;IEnumerableFlow;(System.String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;IEnumerableFlow;false;IEnumerableFlow;(System.String);;Argument[0];Argument[this].SyntheticField[Models.IEnumerableFlow.tainted];value;dfc-generated public IEnumerableFlow(string s) { tainted = s; } - // SPURIOUS-summary=Models;IEnumerableFlow;false;ReturnIEnumerable;(System.Collections.Generic.IEnumerable);;Argument[0].Element;ReturnValue;taint;df-generated + // SPURIOUS-heuristic-summary=Models;IEnumerableFlow;false;ReturnIEnumerable;(System.Collections.Generic.IEnumerable);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=Models;IEnumerableFlow;false;ReturnIEnumerable;(System.Collections.Generic.IEnumerable);;Argument[0];ReturnValue;value;dfc-generated public IEnumerable ReturnIEnumerable(IEnumerable input) { return input; } - // summary=Models;IEnumerableFlow;false;ReturnIEnumerableElement;(System.Collections.Generic.IEnumerable);;Argument[0].Element;ReturnValue;taint;df-generated + // heuristic-summary=Models;IEnumerableFlow;false;ReturnIEnumerableElement;(System.Collections.Generic.IEnumerable);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=Models;IEnumerableFlow;false;ReturnIEnumerableElement;(System.Collections.Generic.IEnumerable);;Argument[0].Element;ReturnValue;value;dfc-generated public object ReturnIEnumerableElement(IEnumerable input) { return input.First(); } - // summary=Models;IEnumerableFlow;false;ReturnFieldInIEnumerable;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;IEnumerableFlow;false;ReturnFieldInIEnumerable;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;IEnumerableFlow;false;ReturnFieldInIEnumerable;();;Argument[this].SyntheticField[Models.IEnumerableFlow.tainted];ReturnValue.Element;value;dfc-generated public IEnumerable ReturnFieldInIEnumerable() { @@ -228,49 +228,49 @@ public class GenericFlow { private T tainted; - // summary=Models;GenericFlow;false;SetGenericField;(T);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;GenericFlow;false;SetGenericField;(T);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;GenericFlow;false;SetGenericField;(T);;Argument[0];Argument[this].SyntheticField[Models.GenericFlow`1.tainted];value;dfc-generated public void SetGenericField(T t) { tainted = t; } - // summary=Models;GenericFlow;false;ReturnGenericField;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;GenericFlow;false;ReturnGenericField;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;GenericFlow;false;ReturnGenericField;();;Argument[this].SyntheticField[Models.GenericFlow`1.tainted];ReturnValue;value;dfc-generated public T ReturnGenericField() { return tainted; } - // summary=Models;GenericFlow;false;AddFieldToGenericList;(System.Collections.Generic.List);;Argument[this];Argument[0].Element;taint;df-generated + // heuristic-summary=Models;GenericFlow;false;AddFieldToGenericList;(System.Collections.Generic.List);;Argument[this];Argument[0].Element;taint;df-generated // contentbased-summary=Models;GenericFlow;false;AddFieldToGenericList;(System.Collections.Generic.List);;Argument[this].SyntheticField[Models.GenericFlow`1.tainted];Argument[0].Element;value;dfc-generated public void AddFieldToGenericList(List input) { input.Add(tainted); } - // summary=Models;GenericFlow;false;ReturnFieldInGenericList;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;GenericFlow;false;ReturnFieldInGenericList;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;GenericFlow;false;ReturnFieldInGenericList;();;Argument[this].SyntheticField[Models.GenericFlow`1.tainted];ReturnValue.Element;value;dfc-generated public List ReturnFieldInGenericList() { return new List { tainted }; } - // summary=Models;GenericFlow;false;ReturnGenericParam;(S);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;GenericFlow;false;ReturnGenericParam;(S);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;GenericFlow;false;ReturnGenericParam;(S);;Argument[0];ReturnValue;value;dfc-generated public S ReturnGenericParam(S input) { return input; } - // summary=Models;GenericFlow;false;ReturnGenericElement;(System.Collections.Generic.List);;Argument[0].Element;ReturnValue;taint;df-generated + // heuristic-summary=Models;GenericFlow;false;ReturnGenericElement;(System.Collections.Generic.List);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=Models;GenericFlow;false;ReturnGenericElement;(System.Collections.Generic.List);;Argument[0].Element;ReturnValue;value;dfc-generated public S ReturnGenericElement(List input) { return input[0]; } - // summary=Models;GenericFlow;false;AddToGenericList;(System.Collections.Generic.List,S);;Argument[1];Argument[0].Element;taint;df-generated + // heuristic-summary=Models;GenericFlow;false;AddToGenericList;(System.Collections.Generic.List,S);;Argument[1];Argument[0].Element;taint;df-generated // contentbased-summary=Models;GenericFlow;false;AddToGenericList;(System.Collections.Generic.List,S);;Argument[1];Argument[0].Element;value;dfc-generated public void AddToGenericList(List input, S data) { @@ -280,7 +280,7 @@ public void AddToGenericList(List input, S data) public abstract class BaseClassFlow { - // summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;value;dfc-generated public virtual object ReturnParam(object input) { @@ -290,7 +290,7 @@ public virtual object ReturnParam(object input) public class DerivedClass1Flow : BaseClassFlow { - // summary=Models;DerivedClass1Flow;false;ReturnParam1;(System.String,System.String);;Argument[1];ReturnValue;taint;df-generated + // heuristic-summary=Models;DerivedClass1Flow;false;ReturnParam1;(System.String,System.String);;Argument[1];ReturnValue;taint;df-generated // contentbased-summary=Models;DerivedClass1Flow;false;ReturnParam1;(System.String,System.String);;Argument[1];ReturnValue;value;dfc-generated public string ReturnParam1(string input0, string input1) { @@ -300,14 +300,14 @@ public string ReturnParam1(string input0, string input1) public class DerivedClass2Flow : BaseClassFlow { - // summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;BaseClassFlow;true;ReturnParam;(System.Object);;Argument[0];ReturnValue;value;dfc-generated public override object ReturnParam(object input) { return input; } - // summary=Models;DerivedClass2Flow;false;ReturnParam0;(System.String,System.Int32);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;DerivedClass2Flow;false;ReturnParam0;(System.String,System.Int32);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;DerivedClass2Flow;false;ReturnParam0;(System.String,System.Int32);;Argument[0];ReturnValue;value;dfc-generated public string ReturnParam0(string input0, int input1) { @@ -319,7 +319,7 @@ public class OperatorFlow { public readonly object Field; - // summary=Models;OperatorFlow;false;OperatorFlow;(System.Object);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;OperatorFlow;false;OperatorFlow;(System.Object);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;OperatorFlow;false;OperatorFlow;(System.Object);;Argument[0];Argument[this].Field[Models.OperatorFlow.Field];value;dfc-generated public OperatorFlow(object o) { @@ -327,7 +327,7 @@ public OperatorFlow(object o) } // Flow Summary. - // summary=Models;OperatorFlow;false;op_Addition;(Models.OperatorFlow,Models.OperatorFlow);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;OperatorFlow;false;op_Addition;(Models.OperatorFlow,Models.OperatorFlow);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;OperatorFlow;false;op_Addition;(Models.OperatorFlow,Models.OperatorFlow);;Argument[0];ReturnValue;value;dfc-generated public static OperatorFlow operator +(OperatorFlow a, OperatorFlow b) { @@ -368,7 +368,7 @@ public override bool Equals(object obj) return boolTainted; } - // summary=Models;EqualsGetHashCodeNoFlow;false;Equals;(System.String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;EqualsGetHashCodeNoFlow;false;Equals;(System.String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;EqualsGetHashCodeNoFlow;false;Equals;(System.String);;Argument[0];ReturnValue;value;dfc-generated public string Equals(string s) { @@ -386,14 +386,14 @@ public class Properties { private string tainted; - // summary=Models;Properties;false;get_Prop1;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;Properties;false;get_Prop1;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;Properties;false;get_Prop1;();;Argument[this].SyntheticField[Models.Properties.tainted];ReturnValue;value;dfc-generated public string Prop1 { get { return tainted; } } - // summary=Models;Properties;false;set_Prop2;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;Properties;false;set_Prop2;(System.String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;Properties;false;set_Prop2;(System.String);;Argument[0];Argument[this].SyntheticField[Models.Properties.tainted];value;dfc-generated public string Prop2 { @@ -510,14 +510,12 @@ public Type M6(Type t) // the content based model generation is able to produce flow summaries for them. public class HigherOrderParameters { - // neutral=Models;HigherOrderParameters;M1;(System.String,System.Func);summary;df-generated // contentbased-summary=Models;HigherOrderParameters;false;M1;(System.String,System.Func);;Argument[0];ReturnValue;value;dfc-generated public string M1(string s, Func map) { return s; } - // neutral=Models;HigherOrderParameters;Apply;(System.Func,System.Object);summary;df-generated // contentbased-summary=Models;HigherOrderParameters;false;Apply;(System.Func,System.Object);;Argument[1];Argument[0].Parameter[0];value;dfc-generated // contentbased-summary=Models;HigherOrderParameters;false;Apply;(System.Func,System.Object);;Argument[0].ReturnValue;ReturnValue;value;dfc-generated public object Apply(Func f, object o) @@ -525,7 +523,6 @@ public object Apply(Func f, object o) return f(o); } - // neutral=Models;HigherOrderParameters;Apply2;(System.Object,System.Func);summary;df-generated // contentbased-summary=Models;HigherOrderParameters;false;Apply2;(System.Object,System.Func);;Argument[0];Argument[1].Parameter[1];value;dfc-generated // contentbased-summary=Models;HigherOrderParameters;false;Apply2;(System.Object,System.Func);;Argument[1].ReturnValue;ReturnValue;value;dfc-generated public object Apply2(object o, Func f) @@ -534,7 +531,6 @@ public object Apply2(object o, Func f) return x; } - // neutral=Models;HigherOrderParameters;Apply;(System.Action,System.Object);summary;df-generated // contentbased-summary=Models;HigherOrderParameters;false;Apply;(System.Action,System.Object);;Argument[1];Argument[0].Parameter[0];value;dfc-generated public void Apply(Action a, object o) { @@ -544,7 +540,6 @@ public void Apply(Action a, object o) public static class HigherOrderExtensionMethods { - // neutral=Models;HigherOrderExtensionMethods;Select;(System.Collections.Generic.IEnumerable,System.Func);summary;df-generated // contentbased-summary=Models;HigherOrderExtensionMethods;false;Select;(System.Collections.Generic.IEnumerable,System.Func);;Argument[0].Element;Argument[1].Parameter[0];value;dfc-generated // contentbased-summary=Models;HigherOrderExtensionMethods;false;Select;(System.Collections.Generic.IEnumerable,System.Func);;Argument[1].ReturnValue;ReturnValue.Element;value;dfc-generated public static IEnumerable Select( @@ -611,7 +606,7 @@ public abstract class BasePublic public class AImplBasePublic : BasePublic { - // summary=Models;Inheritance+BasePublic;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;Inheritance+BasePublic;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;Inheritance+BasePublic;true;Id;(System.String);;Argument[0];ReturnValue;value;dfc-generated public override string Id(string x) { @@ -641,7 +636,7 @@ private abstract class C : IPublic2 public class BImpl : B { - // summary=Models;Inheritance+IPublic1;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;Inheritance+IPublic1;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;Inheritance+IPublic1;true;Id;(System.String);;Argument[0];ReturnValue;value;dfc-generated public override string Id(string x) { @@ -651,7 +646,7 @@ public override string Id(string x) private class CImpl : C { - // summary=Models;Inheritance+IPublic2;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;Inheritance+IPublic2;true;Id;(System.String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;Inheritance+IPublic2;true;Id;(System.String);;Argument[0];ReturnValue;value;dfc-generated public override string Id(string x) { @@ -661,11 +656,13 @@ public override string Id(string x) public interface IPublic3 { + // neutral=Models;Inheritance+IPublic3;get_Prop;();summary;df-generated string Prop { get; } } public abstract class D : IPublic3 { + // neutral=Models;Inheritance+D;get_Prop;();summary;df-generated public abstract string Prop { get; } } @@ -673,14 +670,14 @@ public class DImpl : D { private readonly string tainted; - // summary=Models;Inheritance+DImpl;false;DImpl;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;Inheritance+DImpl;false;DImpl;(System.String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;Inheritance+DImpl;false;DImpl;(System.String);;Argument[0];Argument[this].SyntheticField[Models.Inheritance+DImpl.tainted];value;dfc-generated public DImpl(string s) { tainted = s; } - // summary=Models;Inheritance+IPublic3;true;get_Prop;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;Inheritance+IPublic3;true;get_Prop;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;Inheritance+DImpl;true;get_Prop;();;Argument[this].SyntheticField[Models.Inheritance+DImpl.tainted];ReturnValue;value;dfc-generated public override string Prop { get { return tainted; } } } @@ -696,13 +693,13 @@ private class Content1 : BaseContent { private object field; - // summary=Models;Inheritance+BaseContent;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;Inheritance+BaseContent;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated public override object GetValue() { return field; } - // summary=Models;Inheritance+BaseContent;true;SetValue;(System.Object);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;Inheritance+BaseContent;true;SetValue;(System.Object);;Argument[0];Argument[this];taint;df-generated public override void SetValue(object o) { field = o; @@ -719,14 +716,14 @@ public class C public string Field; } - // summary=Models;MemberFlow;false;M1;(Models.MemberFlow+C);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;MemberFlow;false;M1;(Models.MemberFlow+C);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;MemberFlow;false;M1;(Models.MemberFlow+C);;Argument[0].Property[Models.MemberFlow+C.Prop];ReturnValue;value;dfc-generated public string M1(C c) { return c.Prop; } - // summary=Models;MemberFlow;false;M2;(Models.MemberFlow+C);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;MemberFlow;false;M2;(Models.MemberFlow+C);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;MemberFlow;false;M2;(Models.MemberFlow+C);;Argument[0].Field[Models.MemberFlow+C.Field];ReturnValue;value;dfc-generated public string M2(C c) { @@ -736,7 +733,7 @@ public string M2(C c) public class IDictionaryFlow { - // summary=Models;IDictionaryFlow;false;ReturnIDictionaryValue;(System.Collections.Generic.IDictionary,System.Object);;Argument[0].Element;ReturnValue;taint;df-generated + // heuristic-summary=Models;IDictionaryFlow;false;ReturnIDictionaryValue;(System.Collections.Generic.IDictionary,System.Object);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=Models;IDictionaryFlow;false;ReturnIDictionaryValue;(System.Collections.Generic.IDictionary,System.Object);;Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;dfc-generated public object ReturnIDictionaryValue(IDictionary input, object key) { @@ -749,21 +746,21 @@ public class NestedFieldFlow public NestedFieldFlow FieldA; public NestedFieldFlow FieldB; - // summary=Models;NestedFieldFlow;false;Move;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;NestedFieldFlow;false;Move;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;NestedFieldFlow;false;Move;();;Argument[this].Field[Models.NestedFieldFlow.FieldA];ReturnValue.Field[Models.NestedFieldFlow.FieldB];value;dfc-generated public NestedFieldFlow Move() { return new NestedFieldFlow() { FieldB = this.FieldA }; } - // summary=Models;NestedFieldFlow;false;MoveNested;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;NestedFieldFlow;false;MoveNested;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;NestedFieldFlow;false;MoveNested;();;Argument[this].Field[Models.NestedFieldFlow.FieldB].Field[Models.NestedFieldFlow.FieldA];ReturnValue.Field[Models.NestedFieldFlow.FieldA].Field[Models.NestedFieldFlow.FieldB];value;dfc-generated public NestedFieldFlow MoveNested() { return new NestedFieldFlow() { FieldA = FieldB.Move() }; } - // summary=Models;NestedFieldFlow;false;ReverseFields;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;NestedFieldFlow;false;ReverseFields;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;NestedFieldFlow;false;ReverseFields;();;Argument[this].Field[Models.NestedFieldFlow.FieldA].Field[Models.NestedFieldFlow.FieldB];ReturnValue.Field[Models.NestedFieldFlow.FieldA].Field[Models.NestedFieldFlow.FieldB];value;dfc-generated public NestedFieldFlow ReverseFields() { @@ -784,70 +781,69 @@ public class SyntheticFields private string brokenChainBegin; private string brokenChainEnd; - // summary=Models;SyntheticFields;false;SyntheticFields;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;SyntheticFields;false;SyntheticFields;(System.String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;SyntheticFields;false;SyntheticFields;(System.String);;Argument[0];Argument[this].SyntheticField[Models.SyntheticFields.value1];value;dfc-generated public SyntheticFields(string v1) { value1 = v1; } - // summary=Models;SyntheticFields;false;GetValue1;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;SyntheticFields;false;GetValue1;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;SyntheticFields;false;GetValue1;();;Argument[this].SyntheticField[Models.SyntheticFields.value1];ReturnValue;value;dfc-generated public string GetValue1() { return value1; } - // summary=Models;SyntheticFields;false;GetValue2;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;SyntheticFields;false;GetValue2;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;SyntheticFields;false;GetValue2;();;Argument[this].SyntheticField[Models.SyntheticFields.value2];ReturnValue;value;dfc-generated public string GetValue2() { return value2; } - // summary=Models;SyntheticFields;false;SetValue2;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;SyntheticFields;false;SetValue2;(System.String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;SyntheticFields;false;SetValue2;(System.String);;Argument[0];Argument[this].SyntheticField[Models.SyntheticFields.value2];value;dfc-generated public void SetValue2(string v2) { value2 = v2; } - // summary=Models;SyntheticFields;false;SetValue3;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;SyntheticFields;false;SetValue3;(System.String);;Argument[0];Argument[this];taint;df-generated // No content based summary as value3 is a dead synthetic field. public void SetValue3(string v3) { value3 = v3; } - // summary=Models;SyntheticFields;false;SetChainBegin;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;SyntheticFields;false;SetChainBegin;(System.String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;SyntheticFields;false;SetChainBegin;(System.String);;Argument[0];Argument[this].SyntheticField[Models.SyntheticFields.chainBegin];value;dfc-generated public void SetChainBegin(string v) { chainBegin = v; } - // neutral=Models;SyntheticFields;CopyChainValue;();summary;df-generated // contentbased-summary=Models;SyntheticFields;false;CopyChainValue;();;Argument[this].SyntheticField[Models.SyntheticFields.chainBegin];Argument[this].SyntheticField[Models.SyntheticFields.chainEnd];value;dfc-generated public void CopyChainValue() { chainEnd = chainBegin; } - // summary=Models;SyntheticFields;false;GetChainEnd;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;SyntheticFields;false;GetChainEnd;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;SyntheticFields;false;GetChainEnd;();;Argument[this].SyntheticField[Models.SyntheticFields.chainEnd];ReturnValue;value;dfc-generated public string GetChainEnd() { return chainEnd; } - // summary=Models;SyntheticFields;false;SetBrokenChainBegin;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;SyntheticFields;false;SetBrokenChainBegin;(System.String);;Argument[0];Argument[this];taint;df-generated // No content based summary as brokenChainBegin is a dead synthetic field. public void SetBrokenChainBegin(string v) { brokenChainBegin = v; } - // summary=Models;SyntheticFields;false;GetBrokenChainEnd;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;SyntheticFields;false;GetBrokenChainEnd;();;Argument[this];ReturnValue;taint;df-generated // No content based summary as brokenChainEnd is a dead synthetic field. public string GetBrokenChainEnd() { @@ -858,14 +854,14 @@ public class InnerSyntheticFields { private readonly string value; - // summary=Models;SyntheticFields+InnerSyntheticFields;false;InnerSyntheticFields;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;SyntheticFields+InnerSyntheticFields;false;InnerSyntheticFields;(System.String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;SyntheticFields+InnerSyntheticFields;false;InnerSyntheticFields;(System.String);;Argument[0];Argument[this].SyntheticField[Models.SyntheticFields+InnerSyntheticFields.value];value;dfc-generated public InnerSyntheticFields(string v) { value = v; } - // summary=Models;SyntheticFields+InnerSyntheticFields;false;GetValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;SyntheticFields+InnerSyntheticFields;false;GetValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;SyntheticFields+InnerSyntheticFields;false;GetValue;();;Argument[this].SyntheticField[Models.SyntheticFields+InnerSyntheticFields.value];ReturnValue;value;dfc-generated public string GetValue() { @@ -873,7 +869,7 @@ public string GetValue() } } - // summary=Models;SyntheticFields;false;MakeInner;(System.String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;SyntheticFields;false;MakeInner;(System.String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=Models;SyntheticFields;false;MakeInner;(System.String);;Argument[0];ReturnValue.SyntheticField[Models.SyntheticFields+InnerSyntheticFields.value];value;dfc-generated public InnerSyntheticFields MakeInner(string v) { @@ -887,21 +883,21 @@ public class SyntheticProperties private string Prop2 { get; set; } - // summary=Models;SyntheticProperties;false;SyntheticProperties;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;SyntheticProperties;false;SyntheticProperties;(System.String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=Models;SyntheticProperties;false;SyntheticProperties;(System.String);;Argument[0];Argument[this].SyntheticField[Models.SyntheticProperties.Prop1];value;dfc-generated public SyntheticProperties(string v1) { Prop1 = v1; } - // summary=Models;SyntheticProperties;false;GetProp1;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;SyntheticProperties;false;GetProp1;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;SyntheticProperties;false;GetProp1;();;Argument[this].SyntheticField[Models.SyntheticProperties.Prop1];ReturnValue;value;dfc-generated public string GetProp1() { return Prop1; } - // summary=Models;SyntheticProperties;false;SetProp2;(System.String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=Models;SyntheticProperties;false;SetProp2;(System.String);;Argument[0];Argument[this];taint;df-generated // No content based summary as Prop2 is a dead synthetic field. public void SetProp2(string v) { @@ -913,14 +909,14 @@ public class SyntheticCollections { private object[] array; - // summary=Models;SyntheticCollections;false;SyntheticCollections;(System.Object[]);;Argument[0].Element;Argument[this];taint;df-generated + // heuristic-summary=Models;SyntheticCollections;false;SyntheticCollections;(System.Object[]);;Argument[0].Element;Argument[this];taint;df-generated // contentbased-summary=Models;SyntheticCollections;false;SyntheticCollections;(System.Object[]);;Argument[0];Argument[this].SyntheticField[Models.SyntheticCollections.array];value;dfc-generated public SyntheticCollections(object[] array) { this.array = array; } - // summary=Models;SyntheticCollections;false;GetElement;(System.Int32);;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;SyntheticCollections;false;GetElement;(System.Int32);;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;SyntheticCollections;false;GetElement;(System.Int32);;Argument[this].SyntheticField[Models.SyntheticCollections.array].Element;ReturnValue;value;dfc-generated public object GetElement(int index) { @@ -933,6 +929,7 @@ public class Fanout public abstract class Base1 { + // neutral=Models;Fanout+Base1;GetValue;();summary;df-generated public abstract string GetValue(); } @@ -942,7 +939,7 @@ public class Impl1 : Base1 { public string Prop { get; set; } - // summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;Fanout+Impl1;true;GetValue;();;Argument[this].Property[Models.Fanout+Impl1.Prop];ReturnValue;value;dfc-generated public override string GetValue() { @@ -954,7 +951,7 @@ public class Impl2 : Base2 { public string Prop { get; set; } - // summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;Fanout+Impl2;true;GetValue;();;Argument[this].Property[Models.Fanout+Impl2.Prop];ReturnValue;value;dfc-generated public override string GetValue() { @@ -966,7 +963,7 @@ public class Impl3 : Base2 { public string Prop { get; set; } - // summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;Fanout+Impl3;true;GetValue;();;Argument[this].Property[Models.Fanout+Impl3.Prop];ReturnValue;value;dfc-generated public override string GetValue() { @@ -978,7 +975,7 @@ public class Impl4 : Base2 { public string Prop { get; set; } - // summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;Fanout+Base1;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=Models;Fanout+Impl4;true;GetValue;();;Argument[this].Property[Models.Fanout+Impl4.Prop];ReturnValue;value;dfc-generated public override string GetValue() { @@ -986,8 +983,8 @@ public override string GetValue() } } - // summary=Models;Fanout;false;ConcatValueOnBase1;(System.String,Models.Fanout+Base1);;Argument[0];ReturnValue;taint;df-generated - // summary=Models;Fanout;false;ConcatValueOnBase1;(System.String,Models.Fanout+Base1);;Argument[1];ReturnValue;taint;df-generated + // heuristic-summary=Models;Fanout;false;ConcatValueOnBase1;(System.String,Models.Fanout+Base1);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;Fanout;false;ConcatValueOnBase1;(System.String,Models.Fanout+Base1);;Argument[1];ReturnValue;taint;df-generated // No content based summaries are expected for this method on parameter `b1` // as the fanout (number of content flows) exceeds the limit of 3. // contentbased-summary=Models;Fanout;false;ConcatValueOnBase1;(System.String,Models.Fanout+Base1);;Argument[0];ReturnValue;taint;dfc-generated @@ -996,8 +993,8 @@ public string ConcatValueOnBase1(string other, Base1 b1) return other + b1.GetValue(); } - // summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[0];ReturnValue;taint;df-generated - // summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[1];ReturnValue;taint;df-generated + // heuristic-summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[1];ReturnValue;taint;df-generated // contentbased-summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[0];ReturnValue;taint;dfc-generated // contentbased-summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[1].Property[Models.Fanout+Impl2.Prop];ReturnValue;taint;dfc-generated // contentbased-summary=Models;Fanout;false;ConcatValueOnBase2;(System.String,Models.Fanout+Base2);;Argument[1].Property[Models.Fanout+Impl3.Prop];ReturnValue;taint;dfc-generated @@ -1015,7 +1012,7 @@ public class A public object Prop { get; set; } // contentbased-summary=Models;AvoidDuplicateLifted+A;true;GetValue;();;Argument[this].Property[Models.AvoidDuplicateLifted+A.Prop];ReturnValue;value;dfc-generated - // summary=Models;AvoidDuplicateLifted+A;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;AvoidDuplicateLifted+A;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated public virtual object GetValue() { return Prop; @@ -1027,7 +1024,7 @@ public class B : A private object field; // No content based summary as field is a dead synthetic field. - // summary=Models;AvoidDuplicateLifted+A;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=Models;AvoidDuplicateLifted+A;true;GetValue;();;Argument[this];ReturnValue;taint;df-generated public override object GetValue() { return field; @@ -1038,14 +1035,14 @@ public override object GetValue() public class ParameterModifiers { // contentbased-summary=Models;ParameterModifiers;false;Copy;(System.Object,System.Object);;Argument[0];Argument[1];value;dfc-generated - // summary=Models;ParameterModifiers;false;Copy;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated + // heuristic-summary=Models;ParameterModifiers;false;Copy;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated public void Copy(object key, out object value) { value = key; } // contentbased-summary=Models;ParameterModifiers;false;CopyToRef;(System.Object,System.Object);;Argument[0];Argument[1];value;dfc-generated - // summary=Models;ParameterModifiers;false;CopyToRef;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated + // heuristic-summary=Models;ParameterModifiers;false;CopyToRef;(System.Object,System.Object);;Argument[0];Argument[1];taint;df-generated public void CopyToRef(object key, ref object value) { value = key; @@ -1065,7 +1062,7 @@ public void RefParamUse(ref object value) } // contentbased-summary=Models;ParameterModifiers;false;InReturn;(System.Object);;Argument[0];ReturnValue;value;dfc-generated - // summary=Models;ParameterModifiers;false;InReturn;(System.Object);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=Models;ParameterModifiers;false;InReturn;(System.Object);;Argument[0];ReturnValue;taint;df-generated public object InReturn(in object v) { return v; diff --git a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected index 38c0db1c66d0..f6e89eede03b 100644 --- a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected +++ b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected @@ -273,8 +273,6 @@ ql/java/ql/src/utils/modelconverter/ExtractSummaries.ql ql/java/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql ql/java/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql ql/java/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql -ql/java/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql -ql/java/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql ql/java/ql/src/utils/modelgenerator/CaptureNeutralModels.ql ql/java/ql/src/utils/modelgenerator/CaptureSinkModels.ql ql/java/ql/src/utils/modelgenerator/CaptureSourceModels.ql diff --git a/java/ql/src/change-notes/2025-04-16-model-generation.md b/java/ql/src/change-notes/2025-04-16-model-generation.md new file mode 100644 index 000000000000..980b2292ed6a --- /dev/null +++ b/java/ql/src/change-notes/2025-04-16-model-generation.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Changes to the MaD model generation infrastructure: Changed the query `java/utils/modelgenerator/summary-models` to use the implementation from `java/utils/modelgenerator/mixed-summary-models`. Removed the now-redundant `java/utils/modelgenerator/mixed-summary-models` query. Similar replacement was made for `java/utils/modelgenerator/neutral-models`. That is, if `GenerateFlowModel.py` is provided with `--with-summaries` combined/mixed models are now generated instead of heuristic models (and similar for `--with-neutrals`). \ No newline at end of file diff --git a/java/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql b/java/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql deleted file mode 100644 index 6ad943137697..000000000000 --- a/java/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql +++ /dev/null @@ -1,13 +0,0 @@ -/** - * @name Capture mixed neutral models. - * @description Finds neutral models to be used by other queries. - * @kind diagnostic - * @id java/utils/modelgenerator/mixed-neutral-models - * @tags modelgenerator - */ - -import internal.CaptureModels - -from DataFlowSummaryTargetApi api, string noflow -where noflow = captureMixedNeutral(api) -select noflow order by noflow diff --git a/java/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql b/java/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql deleted file mode 100644 index b6f6fc9ff3aa..000000000000 --- a/java/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql +++ /dev/null @@ -1,13 +0,0 @@ -/** - * @name Capture mixed summary models. - * @description Finds applicable summary models to be used by other queries. - * @kind diagnostic - * @id java/utils/modelgenerator/mixed-summary-models - * @tags modelgenerator - */ - -import internal.CaptureModels - -from DataFlowSummaryTargetApi api, string flow -where flow = captureMixedFlow(api, _) -select flow order by flow diff --git a/java/ql/src/utils/modelgenerator/CaptureNeutralModels.ql b/java/ql/src/utils/modelgenerator/CaptureNeutralModels.ql index c91f182f6038..d17c11d4a7b0 100644 --- a/java/ql/src/utils/modelgenerator/CaptureNeutralModels.ql +++ b/java/ql/src/utils/modelgenerator/CaptureNeutralModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSummaryTargetApi api, string noflow -where noflow = captureNoFlow(api) +where noflow = captureNeutral(api) select noflow order by noflow diff --git a/java/ql/src/utils/modelgenerator/CaptureSinkModels.ql b/java/ql/src/utils/modelgenerator/CaptureSinkModels.ql index d7b3713c5b74..7c316a02b090 100644 --- a/java/ql/src/utils/modelgenerator/CaptureSinkModels.ql +++ b/java/ql/src/utils/modelgenerator/CaptureSinkModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSinkTargetApi api, string sink -where sink = captureSink(api) +where sink = Heuristic::captureSink(api) select sink order by sink diff --git a/java/ql/src/utils/modelgenerator/CaptureSourceModels.ql b/java/ql/src/utils/modelgenerator/CaptureSourceModels.ql index 960ed0b19ecd..4a955d4614b7 100644 --- a/java/ql/src/utils/modelgenerator/CaptureSourceModels.ql +++ b/java/ql/src/utils/modelgenerator/CaptureSourceModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSourceTargetApi api, string source -where source = captureSource(api) +where source = Heuristic::captureSource(api) select source order by source diff --git a/java/ql/src/utils/modelgenerator/CaptureSummaryModels.ql b/java/ql/src/utils/modelgenerator/CaptureSummaryModels.ql index 7fc7c0f7a571..34b6521e7b22 100644 --- a/java/ql/src/utils/modelgenerator/CaptureSummaryModels.ql +++ b/java/ql/src/utils/modelgenerator/CaptureSummaryModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSummaryTargetApi api, string flow -where flow = captureFlow(api) +where flow = captureFlow(api, _) select flow order by flow diff --git a/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql b/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql index 1d9724abef87..a9dd1d2384ea 100644 --- a/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql +++ b/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql @@ -15,7 +15,7 @@ import PartialFlow::PartialPathGraph int explorationLimit() { result = 3 } -module PartialFlow = PropagateFlow::FlowExplorationFwd; +module PartialFlow = Heuristic::PropagateFlow::FlowExplorationFwd; from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink, diff --git a/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql b/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql index 88d45dc1f5b0..36de195573ba 100644 --- a/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql +++ b/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql @@ -11,6 +11,7 @@ import java import semmle.code.java.dataflow.DataFlow import utils.modelgenerator.internal.CaptureModels +import Heuristic import PropagateFlow::PathGraph from diff --git a/java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.expected b/java/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.expected similarity index 100% rename from java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.expected rename to java/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.expected diff --git a/java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql b/java/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql similarity index 61% rename from java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql rename to java/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql index 482dce0ab28e..45485a8009a5 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql +++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql @@ -3,9 +3,9 @@ import utils.modelgenerator.internal.CaptureModels import utils.test.InlineMadTest module InlineMadTestConfig implements InlineMadTestConfigSig { - string getCapturedModel(Callable c) { result = captureFlow(c) } + string getCapturedModel(Callable c) { result = Heuristic::captureFlow(c) } - string getKind() { result = "summary" } + string getKind() { result = "heuristic-summary" } } import InlineMadTest diff --git a/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql b/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql index f9ac9d8da366..3578153ddb82 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql +++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql @@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels import utils.test.InlineMadTest module InlineMadTestConfig implements InlineMadTestConfigSig { - string getCapturedModel(Callable c) { result = captureNoFlow(c) } + string getCapturedModel(Callable c) { result = captureNeutral(c) } string getKind() { result = "neutral" } } diff --git a/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql b/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql index a7d3126df570..027670316c33 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql +++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql @@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels import utils.test.InlineMadTest module InlineMadTestConfig implements InlineMadTestConfigSig { - string getCapturedModel(Callable c) { result = captureSink(c) } + string getCapturedModel(Callable c) { result = Heuristic::captureSink(c) } string getKind() { result = "sink" } } diff --git a/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql b/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql index d8ac4d9d6034..d8346f0e3dca 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql +++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql @@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels import utils.test.InlineMadTest module InlineMadTestConfig implements InlineMadTestConfigSig { - string getCapturedModel(Callable c) { result = captureSource(c) } + string getCapturedModel(Callable c) { result = Heuristic::captureSource(c) } string getKind() { result = "source" } } diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/Factory.java b/java/ql/test/utils/modelgenerator/dataflow/p/Factory.java index d168bff3675a..58beff302b99 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/Factory.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/Factory.java @@ -6,13 +6,13 @@ public final class Factory { private int intValue; - // summary=p;Factory;false;create;(String,int);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;Factory;false;create;(String,int);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;Factory;false;create;(String,int);;Argument[0];ReturnValue.Field[p.Factory.value];value;dfc-generated public static Factory create(String value, int foo) { return new Factory(value, foo); } - // summary=p;Factory;false;create;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;Factory;false;create;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;Factory;false;create;(String);;Argument[0];ReturnValue.Field[p.Factory.value];value;dfc-generated public static Factory create(String value) { return new Factory(value, 0); @@ -23,7 +23,7 @@ private Factory(String value, int intValue) { this.intValue = intValue; } - // summary=p;Factory;false;getValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Factory;false;getValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Factory;false;getValue;();;Argument[this].Field[p.Factory.value];ReturnValue;value;dfc-generated public String getValue() { return value; diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/Fanout.java b/java/ql/test/utils/modelgenerator/dataflow/p/Fanout.java index 65dd715cc528..270ffb50f66e 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/Fanout.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/Fanout.java @@ -10,7 +10,7 @@ public interface I2 extends I1 {} public class Impl1 implements I1 { public String v; - // summary=p;Fanout$I1;true;getValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Fanout$I1;true;getValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Fanout$Impl1;true;getValue;();;Argument[this].Field[p.Fanout$Impl1.v];ReturnValue;value;dfc-generated public String getValue() { return v; @@ -20,7 +20,7 @@ public String getValue() { public class Impl2 implements I2 { public String v; - // summary=p;Fanout$I1;true;getValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Fanout$I1;true;getValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Fanout$Impl2;true;getValue;();;Argument[this].Field[p.Fanout$Impl2.v];ReturnValue;value;dfc-generated public String getValue() { return v; @@ -30,7 +30,7 @@ public String getValue() { public class Impl3 implements I2 { public String v; - // summary=p;Fanout$I1;true;getValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Fanout$I1;true;getValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Fanout$Impl3;true;getValue;();;Argument[this].Field[p.Fanout$Impl3.v];ReturnValue;value;dfc-generated public String getValue() { return v; @@ -40,15 +40,15 @@ public String getValue() { public class Impl4 implements I2 { public String v; - // summary=p;Fanout$I1;true;getValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Fanout$I1;true;getValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Fanout$Impl4;true;getValue;();;Argument[this].Field[p.Fanout$Impl4.v];ReturnValue;value;dfc-generated public String getValue() { return v; } } - // summary=p;Fanout;true;concatGetValueOnI1;(String,Fanout$I1);;Argument[0];ReturnValue;taint;df-generated - // summary=p;Fanout;true;concatGetValueOnI1;(String,Fanout$I1);;Argument[1];ReturnValue;taint;df-generated + // heuristic-summary=p;Fanout;true;concatGetValueOnI1;(String,Fanout$I1);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;Fanout;true;concatGetValueOnI1;(String,Fanout$I1);;Argument[1];ReturnValue;taint;df-generated // No content based summaries are expected for this method on parameter `i` // as the fanout (number of content flows) exceeds the limit of 3. // contentbased-summary=p;Fanout;true;concatGetValueOnI1;(String,Fanout$I1);;Argument[0];ReturnValue;taint;dfc-generated @@ -56,8 +56,8 @@ public String concatGetValueOnI1(String other, I1 i) { return other + i.getValue(); } - // summary=p;Fanout;true;concatGetValueOnI2;(String,Fanout$I2);;Argument[0];ReturnValue;taint;df-generated - // summary=p;Fanout;true;concatGetValueOnI2;(String,Fanout$I2);;Argument[1];ReturnValue;taint;df-generated + // heuristic-summary=p;Fanout;true;concatGetValueOnI2;(String,Fanout$I2);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;Fanout;true;concatGetValueOnI2;(String,Fanout$I2);;Argument[1];ReturnValue;taint;df-generated // contentbased-summary=p;Fanout;true;concatGetValueOnI2;(String,Fanout$I2);;Argument[0];ReturnValue;taint;dfc-generated // contentbased-summary=p;Fanout;true;concatGetValueOnI2;(String,Fanout$I2);;Argument[1].Field[p.Fanout$Impl2.v];ReturnValue;taint;dfc-generated // contentbased-summary=p;Fanout;true;concatGetValueOnI2;(String,Fanout$I2);;Argument[1].Field[p.Fanout$Impl3.v];ReturnValue;taint;dfc-generated diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/FinalClass.java b/java/ql/test/utils/modelgenerator/dataflow/p/FinalClass.java index f34f5c9c0ba0..993248f9bf80 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/FinalClass.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/FinalClass.java @@ -4,7 +4,7 @@ public final class FinalClass { private static final String C = "constant"; - // summary=p;FinalClass;false;returnsInput;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;FinalClass;false;returnsInput;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;FinalClass;false;returnsInput;(String);;Argument[0];ReturnValue;value;dfc-generated public String returnsInput(String input) { return input; diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/FluentAPI.java b/java/ql/test/utils/modelgenerator/dataflow/p/FluentAPI.java index 39d0590aa3c1..d886c64bcf10 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/FluentAPI.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/FluentAPI.java @@ -2,7 +2,7 @@ public final class FluentAPI { - // summary=p;FluentAPI;false;returnsThis;(String);;Argument[this];ReturnValue;value;df-generated + // heuristic-summary=p;FluentAPI;false;returnsThis;(String);;Argument[this];ReturnValue;value;df-generated // contentbased-summary=p;FluentAPI;false;returnsThis;(String);;Argument[this];ReturnValue;value;dfc-generated public FluentAPI returnsThis(String input) { return this; diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/ImmutablePojo.java b/java/ql/test/utils/modelgenerator/dataflow/p/ImmutablePojo.java index 0b2da302d7a1..711d49cc1fc3 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/ImmutablePojo.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/ImmutablePojo.java @@ -6,14 +6,14 @@ public final class ImmutablePojo { private final long x; - // summary=p;ImmutablePojo;false;ImmutablePojo;(String,int);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;ImmutablePojo;false;ImmutablePojo;(String,int);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=p;ImmutablePojo;false;ImmutablePojo;(String,int);;Argument[0];Argument[this].SyntheticField[p.ImmutablePojo.value];value;dfc-generated public ImmutablePojo(String value, int x) { this.value = value; this.x = x; } - // summary=p;ImmutablePojo;false;getValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;ImmutablePojo;false;getValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;ImmutablePojo;false;getValue;();;Argument[this].SyntheticField[p.ImmutablePojo.value];ReturnValue;value;dfc-generated public String getValue() { return value; @@ -24,8 +24,8 @@ public long getX() { return x; } - // summary=p;ImmutablePojo;false;or;(String);;Argument[0];ReturnValue;taint;df-generated - // summary=p;ImmutablePojo;false;or;(String);;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;ImmutablePojo;false;or;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;ImmutablePojo;false;or;(String);;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;ImmutablePojo;false;or;(String);;Argument[0];ReturnValue;value;dfc-generated // contentbased-summary=p;ImmutablePojo;false;or;(String);;Argument[this].SyntheticField[p.ImmutablePojo.value];ReturnValue;value;dfc-generated public String or(String defaultValue) { diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java b/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java index b5d03fdc8a1d..4253ee0d6ead 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/Inheritance.java @@ -10,7 +10,7 @@ public abstract class BasePublic { } public class AImplBasePrivateImpl extends BasePrivate { - // summary=p;Inheritance$AImplBasePrivateImpl;true;id;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;Inheritance$AImplBasePrivateImpl;true;id;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;Inheritance$AImplBasePrivateImpl;true;id;(String);;Argument[0];ReturnValue;value;dfc-generated @Override public String id(String s) { @@ -19,7 +19,7 @@ public String id(String s) { } public class AImplBasePublic extends BasePublic { - // summary=p;Inheritance$BasePublic;true;id;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;Inheritance$BasePublic;true;id;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;Inheritance$BasePublic;true;id;(String);;Argument[0];ReturnValue;value;dfc-generated @Override public String id(String s) { @@ -60,7 +60,7 @@ private abstract class E implements IPrivate2 { } public class BImpl extends B { - // summary=p;Inheritance$IPublic1;true;id;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;Inheritance$IPublic1;true;id;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;Inheritance$IPublic1;true;id;(String);;Argument[0];ReturnValue;value;dfc-generated @Override public String id(String s) { @@ -69,7 +69,7 @@ public String id(String s) { } public class CImpl extends C { - // summary=p;Inheritance$C;true;id;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;Inheritance$C;true;id;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;Inheritance$C;true;id;(String);;Argument[0];ReturnValue;value;dfc-generated @Override public String id(String s) { @@ -78,7 +78,7 @@ public String id(String s) { } public class DImpl extends D { - // summary=p;Inheritance$IPublic2;true;id;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;Inheritance$IPublic2;true;id;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;Inheritance$IPublic2;true;id;(String);;Argument[0];ReturnValue;value;dfc-generated @Override public String id(String s) { @@ -87,7 +87,7 @@ public String id(String s) { } public class EImpl extends E { - // summary=p;Inheritance$EImpl;true;id;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;Inheritance$EImpl;true;id;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;Inheritance$EImpl;true;id;(String);;Argument[0];ReturnValue;value;dfc-generated @Override public String id(String s) { diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/InnerClasses.java b/java/ql/test/utils/modelgenerator/dataflow/p/InnerClasses.java index b9aaeb638930..283bcfd5c6e2 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/InnerClasses.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/InnerClasses.java @@ -9,14 +9,14 @@ public String no(String input) { } public class CaptureMe { - // summary=p;InnerClasses$CaptureMe;true;yesCm;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;InnerClasses$CaptureMe;true;yesCm;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;InnerClasses$CaptureMe;true;yesCm;(String);;Argument[0];ReturnValue;value;dfc-generated public String yesCm(String input) { return input; } } - // summary=p;InnerClasses;true;yes;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;InnerClasses;true;yes;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;InnerClasses;true;yes;(String);;Argument[0];ReturnValue;value;dfc-generated public String yes(String input) { return input; diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/InnerHolder.java b/java/ql/test/utils/modelgenerator/dataflow/p/InnerHolder.java index 01655cb413f3..b4a1ca20aedb 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/InnerHolder.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/InnerHolder.java @@ -18,31 +18,31 @@ public String getValue() { private StringBuilder sb = new StringBuilder(); - // summary=p;InnerHolder;false;setContext;(String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;InnerHolder;false;setContext;(String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=p;InnerHolder;false;setContext;(String);;Argument[0];Argument[this].SyntheticField[p.InnerHolder.context].SyntheticField[p.InnerHolder$Context.value];value;dfc-generated public void setContext(String value) { context = new Context(value); } - // summary=p;InnerHolder;false;explicitSetContext;(String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;InnerHolder;false;explicitSetContext;(String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=p;InnerHolder;false;explicitSetContext;(String);;Argument[0];Argument[this].SyntheticField[p.InnerHolder.context].SyntheticField[p.InnerHolder$Context.value];value;dfc-generated public void explicitSetContext(String value) { this.context = new Context(value); } - // summary=p;InnerHolder;false;append;(String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;InnerHolder;false;append;(String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=p;InnerHolder;false;append;(String);;Argument[0];Argument[this].SyntheticField[p.InnerHolder.sb];taint;dfc-generated public void append(String value) { sb.append(value); } - // summary=p;InnerHolder;false;getValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;InnerHolder;false;getValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;InnerHolder;false;getValue;();;Argument[this].SyntheticField[p.InnerHolder.sb];ReturnValue;taint;dfc-generated public String getValue() { return sb.toString(); } - // summary=p;InnerHolder;false;getContextValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;InnerHolder;false;getContextValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;InnerHolder;false;getContextValue;();;Argument[this].SyntheticField[p.InnerHolder.context].SyntheticField[p.InnerHolder$Context.value];ReturnValue;value;dfc-generated public String getContextValue() { return context.getValue(); diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/Joiner.java b/java/ql/test/utils/modelgenerator/dataflow/p/Joiner.java index da1e7214a011..ffe68e6722db 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/Joiner.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/Joiner.java @@ -12,15 +12,15 @@ public final class Joiner { private int len; private String emptyValue; - // summary=p;Joiner;false;Joiner;(CharSequence);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;Joiner;false;Joiner;(CharSequence);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=p;Joiner;false;Joiner;(CharSequence);;Argument[0];Argument[this].SyntheticField[p.Joiner.delimiter];taint;dfc-generated public Joiner(CharSequence delimiter) { this(delimiter, "", ""); } - // summary=p;Joiner;false;Joiner;(CharSequence,CharSequence,CharSequence);;Argument[0];Argument[this];taint;df-generated - // summary=p;Joiner;false;Joiner;(CharSequence,CharSequence,CharSequence);;Argument[1];Argument[this];taint;df-generated - // summary=p;Joiner;false;Joiner;(CharSequence,CharSequence,CharSequence);;Argument[2];Argument[this];taint;df-generated + // heuristic-summary=p;Joiner;false;Joiner;(CharSequence,CharSequence,CharSequence);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;Joiner;false;Joiner;(CharSequence,CharSequence,CharSequence);;Argument[1];Argument[this];taint;df-generated + // heuristic-summary=p;Joiner;false;Joiner;(CharSequence,CharSequence,CharSequence);;Argument[2];Argument[this];taint;df-generated // contentbased-summary=p;Joiner;false;Joiner;(CharSequence,CharSequence,CharSequence);;Argument[0];Argument[this].SyntheticField[p.Joiner.delimiter];taint;dfc-generated // No content based summaries for prefix and suffix as they are "dead" synthetic fields. public Joiner(CharSequence delimiter, CharSequence prefix, CharSequence suffix) { @@ -33,8 +33,8 @@ public Joiner(CharSequence delimiter, CharSequence prefix, CharSequence suffix) checkAddLength(0, 0); } - // summary=p;Joiner;false;setEmptyValue;(CharSequence);;Argument[0];Argument[this];taint;df-generated - // summary=p;Joiner;false;setEmptyValue;(CharSequence);;Argument[this];ReturnValue;value;df-generated + // heuristic-summary=p;Joiner;false;setEmptyValue;(CharSequence);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;Joiner;false;setEmptyValue;(CharSequence);;Argument[this];ReturnValue;value;df-generated // No content based summary as emptyValue is "dead" (synthetic)field. // contentbased-summary=p;Joiner;false;setEmptyValue;(CharSequence);;Argument[this];ReturnValue;value;dfc-generated public Joiner setEmptyValue(CharSequence emptyValue) { @@ -43,7 +43,7 @@ public Joiner setEmptyValue(CharSequence emptyValue) { return this; } - // summary=p;Joiner;false;getDelimiter;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Joiner;false;getDelimiter;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Joiner;false;getDelimiter;();;Argument[this].SyntheticField[p.Joiner.delimiter];ReturnValue;value;dfc-generated public String getDelimiter() { return delimiter; @@ -81,7 +81,7 @@ public String toString() { return new String(chars); } - // summary=p;Joiner;false;add;(CharSequence);;Argument[this];ReturnValue;value;df-generated + // heuristic-summary=p;Joiner;false;add;(CharSequence);;Argument[this];ReturnValue;value;df-generated // contentbased-summary=p;Joiner;false;add;(CharSequence);;Argument[this];ReturnValue;value;dfc-generated // MISSING content based summaries for "elts". This could be a synthetic field. public Joiner add(CharSequence newElement) { @@ -106,7 +106,7 @@ private int checkAddLength(int oldLen, int inc) { return (int) newLen; } - // summary=p;Joiner;false;merge;(Joiner);;Argument[this];ReturnValue;value;df-generated + // heuristic-summary=p;Joiner;false;merge;(Joiner);;Argument[this];ReturnValue;value;df-generated // contentbased-summary=p;Joiner;false;merge;(Joiner);;Argument[this];ReturnValue;value;dfc-generated // MISSING content based summaries for "elts". This could be a synthetic field. public Joiner merge(Joiner other) { diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/MultiPaths.java b/java/ql/test/utils/modelgenerator/dataflow/p/MultiPaths.java index 827346604dfe..11d2f8f76f83 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/MultiPaths.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/MultiPaths.java @@ -2,7 +2,7 @@ public class MultiPaths { - // summary=p;MultiPaths;true;cond;(String,String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;MultiPaths;true;cond;(String,String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;MultiPaths;true;cond;(String,String);;Argument[0];ReturnValue;value;dfc-generated public String cond(String x, String other) { if (x == other) { diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpl2.java b/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpl2.java index 32c846cb1da5..d0fd31613d65 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpl2.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpl2.java @@ -16,7 +16,7 @@ public Object m(Object value) { } public class Impl2 implements IInterface { - // summary=p;MultipleImpl2$IInterface;true;m;(Object);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;MultipleImpl2$IInterface;true;m;(Object);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;MultipleImpl2$IInterface;true;m;(Object);;Argument[0];ReturnValue;value;dfc-generated public Object m(Object value) { return value; diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpls.java b/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpls.java index c44c3268918e..5bdbb47fa483 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpls.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpls.java @@ -9,7 +9,7 @@ public static interface Strategy { } public static class Strat1 implements Strategy { - // summary=p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];ReturnValue;value;dfc-generated public String doSomething(String value) { return value; @@ -29,7 +29,7 @@ public String call() throws Exception { public static class Strat2 implements Strategy { private String foo; - // summary=p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];Argument[this];taint;df-generated // The content based summary is not lifted as it pertains to a (synthetic)field. // contentbased-summary=p;MultipleImpls$Strat2;true;doSomething;(String);;Argument[0];Argument[this].SyntheticField[p.MultipleImpls$Strat2.foo];value;dfc-generated public String doSomething(String value) { @@ -37,7 +37,7 @@ public String doSomething(String value) { return "none"; } - // summary=p;MultipleImpls$Strat2;true;getValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;MultipleImpls$Strat2;true;getValue;();;Argument[this];ReturnValue;taint;df-generated // The content based summary is not lifted as it pertains to a (synthetic)field. // contentbased-summary=p;MultipleImpls$Strat2;true;getValue;();;Argument[this].SyntheticField[p.MultipleImpls$Strat2.foo];ReturnValue;value;dfc-generated public String getValue() { diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/ParamFlow.java b/java/ql/test/utils/modelgenerator/dataflow/p/ParamFlow.java index 41268ff11561..81b9602e5577 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/ParamFlow.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/ParamFlow.java @@ -7,7 +7,7 @@ public class ParamFlow { - // summary=p;ParamFlow;true;returnsInput;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;ParamFlow;true;returnsInput;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;ParamFlow;true;returnsInput;(String);;Argument[0];ReturnValue;value;dfc-generated public String returnsInput(String input) { return input; @@ -18,8 +18,8 @@ public int ignorePrimitiveReturnValue(String input) { return input.length(); } - // summary=p;ParamFlow;true;returnMultipleParameters;(String,String);;Argument[0];ReturnValue;taint;df-generated - // summary=p;ParamFlow;true;returnMultipleParameters;(String,String);;Argument[1];ReturnValue;taint;df-generated + // heuristic-summary=p;ParamFlow;true;returnMultipleParameters;(String,String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;ParamFlow;true;returnMultipleParameters;(String,String);;Argument[1];ReturnValue;taint;df-generated // contentbased-summary=p;ParamFlow;true;returnMultipleParameters;(String,String);;Argument[0];ReturnValue;value;dfc-generated // contentbased-summary=p;ParamFlow;true;returnMultipleParameters;(String,String);;Argument[1];ReturnValue;value;dfc-generated public String returnMultipleParameters(String one, String two) { @@ -29,31 +29,31 @@ public String returnMultipleParameters(String one, String two) { return one; } - // summary=p;ParamFlow;true;returnArrayElement;(String[]);;Argument[0].ArrayElement;ReturnValue;taint;df-generated + // heuristic-summary=p;ParamFlow;true;returnArrayElement;(String[]);;Argument[0].ArrayElement;ReturnValue;taint;df-generated // contentbased-summary=p;ParamFlow;true;returnArrayElement;(String[]);;Argument[0].ArrayElement;ReturnValue;value;dfc-generated public String returnArrayElement(String[] input) { return input[0]; } - // summary=p;ParamFlow;true;returnVarArgElement;(String[]);;Argument[0].ArrayElement;ReturnValue;taint;df-generated + // heuristic-summary=p;ParamFlow;true;returnVarArgElement;(String[]);;Argument[0].ArrayElement;ReturnValue;taint;df-generated // contentbased-summary=p;ParamFlow;true;returnVarArgElement;(String[]);;Argument[0].ArrayElement;ReturnValue;value;dfc-generated public String returnVarArgElement(String... input) { return input[0]; } - // summary=p;ParamFlow;true;returnCollectionElement;(List);;Argument[0].Element;ReturnValue;taint;df-generated + // heuristic-summary=p;ParamFlow;true;returnCollectionElement;(List);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=p;ParamFlow;true;returnCollectionElement;(List);;Argument[0].Element;ReturnValue;value;dfc-generated public String returnCollectionElement(List input) { return input.get(0); } - // summary=p;ParamFlow;true;returnIteratorElement;(Iterator);;Argument[0].Element;ReturnValue;taint;df-generated + // heuristic-summary=p;ParamFlow;true;returnIteratorElement;(Iterator);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=p;ParamFlow;true;returnIteratorElement;(Iterator);;Argument[0].Element;ReturnValue;value;dfc-generated public String returnIteratorElement(Iterator input) { return input.next(); } - // summary=p;ParamFlow;true;returnIterableElement;(Iterable);;Argument[0].Element;ReturnValue;taint;df-generated + // heuristic-summary=p;ParamFlow;true;returnIterableElement;(Iterable);;Argument[0].Element;ReturnValue;taint;df-generated // contentbased-summary=p;ParamFlow;true;returnIterableElement;(Iterable);;Argument[0].Element;ReturnValue;value;dfc-generated public String returnIterableElement(Iterable input) { return input.iterator().next(); @@ -64,19 +64,19 @@ public Class mapType(Class input) { return input; } - // summary=p;ParamFlow;true;writeChunked;(byte[],OutputStream);;Argument[0];Argument[1];taint;df-generated + // heuristic-summary=p;ParamFlow;true;writeChunked;(byte[],OutputStream);;Argument[0];Argument[1];taint;df-generated // contentbased-summary=p;ParamFlow;true;writeChunked;(byte[],OutputStream);;Argument[0];Argument[1];taint;dfc-generated public void writeChunked(byte[] data, OutputStream output) throws IOException { output.write(data, 0, data.length); } - // summary=p;ParamFlow;true;writeChunked;(char[],OutputStream);;Argument[0];Argument[1];taint;df-generated + // heuristic-summary=p;ParamFlow;true;writeChunked;(char[],OutputStream);;Argument[0];Argument[1];taint;df-generated // contentbased-summary=p;ParamFlow;true;writeChunked;(char[],OutputStream);;Argument[0];Argument[1];taint;dfc-generated public void writeChunked(char[] data, OutputStream output) throws IOException { output.write(String.valueOf(data).getBytes(), 0, data.length); } - // summary=p;ParamFlow;true;addTo;(String,List);;Argument[0];Argument[1].Element;taint;df-generated + // heuristic-summary=p;ParamFlow;true;addTo;(String,List);;Argument[0];Argument[1].Element;taint;df-generated // contentbased-summary=p;ParamFlow;true;addTo;(String,List);;Argument[0];Argument[1].Element;value;dfc-generated public void addTo(String data, List target) { target.add(data); diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/Pojo.java b/java/ql/test/utils/modelgenerator/dataflow/p/Pojo.java index 1c30f83bccfa..204af0efc345 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/Pojo.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/Pojo.java @@ -32,8 +32,8 @@ int length() { private String stringValue1; private String stringValue2; - // summary=p;Pojo;false;Pojo;(Byte[],char[]);;Argument[0];Argument[this];taint;df-generated - // summary=p;Pojo;false;Pojo;(Byte[],char[]);;Argument[1];Argument[this];taint;df-generated + // heuristic-summary=p;Pojo;false;Pojo;(Byte[],char[]);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;Pojo;false;Pojo;(Byte[],char[]);;Argument[1];Argument[this];taint;df-generated // contentbased-summary=p;Pojo;false;Pojo;(Byte[],char[]);;Argument[0];Argument[this].SyntheticField[p.Pojo.byteObjectArray];value;dfc-generated // contentbased-summary=p;Pojo;false;Pojo;(Byte[],char[]);;Argument[1];Argument[this].SyntheticField[p.Pojo.charArray];value;dfc-generated public Pojo(Byte[] byteObjectArray, char[] charArray) { @@ -41,13 +41,13 @@ public Pojo(Byte[] byteObjectArray, char[] charArray) { this.charArray = charArray; } - // summary=p;Pojo;false;getValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Pojo;false;getValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Pojo;false;getValue;();;Argument[this].SyntheticField[p.Pojo.value];ReturnValue;value;dfc-generated public String getValue() { return value; } - // summary=p;Pojo;false;setValue;(String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;Pojo;false;setValue;(String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=p;Pojo;false;setValue;(String);;Argument[0];Argument[this].SyntheticField[p.Pojo.value];value;dfc-generated public void setValue(String value) { this.value = value; @@ -74,19 +74,19 @@ public int[] getPrimitiveArray() { return new int[] {intValue}; } - // summary=p;Pojo;false;getCharArray;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Pojo;false;getCharArray;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Pojo;false;getCharArray;();;Argument[this].SyntheticField[p.Pojo.charArray];ReturnValue;value;dfc-generated public char[] getCharArray() { return charArray; } - // summary=p;Pojo;false;getByteArray;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Pojo;false;getByteArray;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Pojo;false;getByteArray;();;Argument[this].Field[p.Pojo.byteArray];ReturnValue;value;dfc-generated public byte[] getByteArray() { return byteArray; } - // summary=p;Pojo;false;setByteArray;(byte[]);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;Pojo;false;setByteArray;(byte[]);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=p;Pojo;false;setByteArray;(byte[]);;Argument[0];Argument[this].Field[p.Pojo.byteArray];value;dfc-generated public void setByteArray(byte[] value) { byteArray = value; @@ -107,13 +107,13 @@ public Collection getBoxedCollection() { return List.of(Integer.valueOf(intValue)); } - // summary=p;Pojo;false;getBoxedChars;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Pojo;false;getBoxedChars;();;Argument[this];ReturnValue;taint;df-generated // No content based summary as charList is a "dead" (synthetic)field. public List getBoxedChars() { return charList; } - // summary=p;Pojo;false;getBoxedBytes;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Pojo;false;getBoxedBytes;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Pojo;false;getBoxedBytes;();;Argument[this].SyntheticField[p.Pojo.byteObjectArray];ReturnValue;value;dfc-generated public Byte[] getBoxedBytes() { return byteObjectArray; @@ -129,25 +129,24 @@ public BigDecimal getBigDecimal() { return new BigDecimal(value); } - // summary=p;Pojo;false;fillIn;(List);;Argument[this];Argument[0].Element;taint;df-generated + // heuristic-summary=p;Pojo;false;fillIn;(List);;Argument[this];Argument[0].Element;taint;df-generated // contentbased-summary=p;Pojo;false;fillIn;(List);;Argument[this].SyntheticField[p.Pojo.value];Argument[0].Element;value;dfc-generated public void fillIn(List target) { target.add(value); } - // summary=p;Pojo;false;setStringValue1;(String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;Pojo;false;setStringValue1;(String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=p;Pojo;false;setStringValue1;(String);;Argument[0];Argument[this].SyntheticField[p.Pojo.stringValue1];value;dfc-generated public void setStringValue1(String value) { this.stringValue1 = value; } - // neutral=p;Pojo;copyStringValue;();summary;df-generated // contentbased-summary=p;Pojo;false;copyStringValue;();;Argument[this].SyntheticField[p.Pojo.stringValue1];Argument[this].SyntheticField[p.Pojo.stringValue2];value;dfc-generated public void copyStringValue() { this.stringValue2 = this.stringValue1; } - // summary=p;Pojo;false;getStringValue2;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Pojo;false;getStringValue2;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Pojo;false;getStringValue2;();;Argument[this].SyntheticField[p.Pojo.stringValue2];ReturnValue;value;dfc-generated public String getStringValue2() { return this.stringValue2; @@ -156,20 +155,20 @@ public String getStringValue2() { public class InnerPojo { private String value; - // summary=p;Pojo$InnerPojo;true;InnerPojo;(String);;Argument[0];Argument[this];taint;df-generated + // heuristic-summary=p;Pojo$InnerPojo;true;InnerPojo;(String);;Argument[0];Argument[this];taint;df-generated // contentbased-summary=p;Pojo$InnerPojo;true;InnerPojo;(String);;Argument[0];Argument[this].SyntheticField[p.Pojo$InnerPojo.value];value;dfc-generated public InnerPojo(String value) { this.value = value; } - // summary=p;Pojo$InnerPojo;true;getValue;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;Pojo$InnerPojo;true;getValue;();;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;Pojo$InnerPojo;true;getValue;();;Argument[this].SyntheticField[p.Pojo$InnerPojo.value];ReturnValue;value;dfc-generated public String getValue() { return value; } } - // summary=p;Pojo;false;makeInnerPojo;(String);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;Pojo;false;makeInnerPojo;(String);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;Pojo;false;makeInnerPojo;(String);;Argument[0];ReturnValue.SyntheticField[p.Pojo$InnerPojo.value];value;dfc-generated public InnerPojo makeInnerPojo(String value) { return new InnerPojo(value); diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java b/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java index 282d0b077b7e..7eaf70c19ded 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java @@ -28,7 +28,7 @@ public PrivateImplWithSink(File file) { this.file = file; } - // summary=p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];ReturnValue;taint;df-generated @Override public OutputStream openStream() throws IOException { return new FileOutputStream(file); @@ -50,7 +50,7 @@ public OutputStream openStreamNone() throws IOException { } } - // summary=p;PrivateFlowViaPublicInterface;true;createAnSPI;(File);;Argument[0];ReturnValue;taint;df-generated + // heuristic-summary=p;PrivateFlowViaPublicInterface;true;createAnSPI;(File);;Argument[0];ReturnValue;taint;df-generated // contentbased-summary=p;PrivateFlowViaPublicInterface;true;createAnSPI;(File);;Argument[0];ReturnValue.SyntheticField[p.PrivateFlowViaPublicInterface$PrivateImplWithSink.file];value;dfc-generated public static SPI createAnSPI(File file) { return new PrivateImplWithSink(file); diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/SyntheticCollections.java b/java/ql/test/utils/modelgenerator/dataflow/p/SyntheticCollections.java index 6dd351e12bfd..93f04291f4dd 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/SyntheticCollections.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/SyntheticCollections.java @@ -3,13 +3,13 @@ public class SyntheticCollections { private String[] array; - // summary=p;SyntheticCollections;true;SyntheticCollections;(String[]);;Argument[0].ArrayElement;Argument[this];taint;df-generated + // heuristic-summary=p;SyntheticCollections;true;SyntheticCollections;(String[]);;Argument[0].ArrayElement;Argument[this];taint;df-generated // contentbased-summary=p;SyntheticCollections;true;SyntheticCollections;(String[]);;Argument[0];Argument[this].SyntheticField[p.SyntheticCollections.array];value;dfc-generated public SyntheticCollections(String[] array) { this.array = array; } - // summary=p;SyntheticCollections;true;getElement;(Integer);;Argument[this];ReturnValue;taint;df-generated + // heuristic-summary=p;SyntheticCollections;true;getElement;(Integer);;Argument[this];ReturnValue;taint;df-generated // contentbased-summary=p;SyntheticCollections;true;getElement;(Integer);;Argument[this].SyntheticField[p.SyntheticCollections.array].ArrayElement;ReturnValue;value;dfc-generated public String getElement(Integer index) { return array[index]; diff --git a/misc/scripts/models-as-data/generate_flow_model.py b/misc/scripts/models-as-data/generate_flow_model.py index 61712d96d264..1d108015fa0b 100755 --- a/misc/scripts/models-as-data/generate_flow_model.py +++ b/misc/scripts/models-as-data/generate_flow_model.py @@ -34,8 +34,6 @@ def __init__ (self, language): self.generateSources = False self.generateSummaries = False self.generateNeutrals = False - self.generateMixedSummaries = False - self.generateMixedNeutrals = False self.generateTypeBasedSummaries = False self.dryRun = False self.dirname = "modelgenerator" @@ -53,8 +51,6 @@ def printHelp(self): --with-sources --with-summaries --with-neutrals - --with-mixed-summaries. May not be used in conjunction with --with-summaries. - --with-mixed-neutrals. Should only be used in conjunction with --with-mixed-summaries. --with-typebased-summaries (Experimental) If none of these flags are specified, all models are generated except for the type based models. @@ -86,10 +82,6 @@ def make(language): generator.printHelp() sys.exit(0) - if "--with-summaries" in sys.argv and "--with-mixed-summaries" in sys.argv: - generator.printHelp() - sys.exit(0) - if "--with-sinks" in sys.argv: sys.argv.remove("--with-sinks") generator.generateSinks = True @@ -106,14 +98,6 @@ def make(language): sys.argv.remove("--with-neutrals") generator.generateNeutrals = True - if "--with-mixed-summaries" in sys.argv: - sys.argv.remove("--with-mixed-summaries") - generator.generateMixedSummaries = True - - if "--with-mixed-neutrals" in sys.argv: - sys.argv.remove("--with-mixed-neutrals") - generator.generateMixedNeutrals = True - if "--with-typebased-summaries" in sys.argv: sys.argv.remove("--with-typebased-summaries") generator.generateTypeBasedSummaries = True @@ -126,9 +110,7 @@ def make(language): not generator.generateSources and not generator.generateSummaries and not generator.generateNeutrals and - not generator.generateTypeBasedSummaries and - not generator.generateMixedSummaries and - not generator.generateMixedNeutrals): + not generator.generateTypeBasedSummaries): generator.generateSinks = generator.generateSources = generator.generateSummaries = generator.generateNeutrals = True n = len(sys.argv) @@ -166,37 +148,23 @@ def getAddsTo(self, query, predicate): return self.asAddsTo(rows, predicate) def makeContent(self): + summaryAddsTo = {} if self.generateSummaries: summaryAddsTo = self.getAddsTo("CaptureSummaryModels.ql", helpers.summaryModelPredicate) - else: - summaryAddsTo = { } + sinkAddsTo = {} if self.generateSinks: sinkAddsTo = self.getAddsTo("CaptureSinkModels.ql", helpers.sinkModelPredicate) - else: - sinkAddsTo = { } + sourceAddsTo = {} if self.generateSources: sourceAddsTo = self.getAddsTo("CaptureSourceModels.ql", helpers.sourceModelPredicate) - else: - sourceAddsTo = {} + neutralAddsTo = {} if self.generateNeutrals: neutralAddsTo = self.getAddsTo("CaptureNeutralModels.ql", helpers.neutralModelPredicate) - else: - neutralAddsTo = { } - - if self.generateMixedSummaries: - mixedSummaryAddsTo = self.getAddsTo("CaptureMixedSummaryModels.ql", helpers.summaryModelPredicate) - else: - mixedSummaryAddsTo = { } - - if self.generateMixedNeutrals: - mixedNeutralAddsTo = self.getAddsTo("CaptureMixedNeutralModels.ql", helpers.neutralModelPredicate) - else: - mixedNeutralAddsTo = { } - return helpers.merge(summaryAddsTo, mixedSummaryAddsTo, sinkAddsTo, sourceAddsTo, neutralAddsTo, mixedNeutralAddsTo) + return helpers.merge(summaryAddsTo, sinkAddsTo, sourceAddsTo, neutralAddsTo) def makeTypeBasedContent(self): if self.generateTypeBasedSummaries: @@ -231,9 +199,7 @@ def run(self): if (self.generateSinks or self.generateSources or self.generateSummaries or - self.generateNeutrals or - self.generateMixedSummaries or - self.generatedMixedNeutrals): + self.generateNeutrals): self.save(content, ".model.yml") if self.generateTypeBasedSummaries: diff --git a/rust/ql/integration-tests/query-suite/not_included_in_qls.expected b/rust/ql/integration-tests/query-suite/not_included_in_qls.expected index a2ce74fe4df8..a719b933bc07 100644 --- a/rust/ql/integration-tests/query-suite/not_included_in_qls.expected +++ b/rust/ql/integration-tests/query-suite/not_included_in_qls.expected @@ -6,8 +6,6 @@ ql/rust/ql/src/queries/summary/TaintSources.ql ql/rust/ql/src/queries/unusedentities/UnreachableCode.ql ql/rust/ql/src/queries/unusedentities/UnusedValue.ql ql/rust/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql -ql/rust/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql -ql/rust/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql ql/rust/ql/src/utils/modelgenerator/CaptureNeutralModels.ql ql/rust/ql/src/utils/modelgenerator/CaptureSinkModels.ql ql/rust/ql/src/utils/modelgenerator/CaptureSourceModels.ql diff --git a/rust/ql/src/change-notes/2025-04-16-model-generation.md b/rust/ql/src/change-notes/2025-04-16-model-generation.md new file mode 100644 index 000000000000..e90a44dbd093 --- /dev/null +++ b/rust/ql/src/change-notes/2025-04-16-model-generation.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Changes to the MaD model generation infrastructure: Changed the query `rust/utils/modelgenerator/summary-models` to use the implementation from `rust/utils/modelgenerator/mixed-summary-models`. Removed the now-redundant `rust/utils/modelgenerator/mixed-summary-models` query. Similar replacement was made for `rust/utils/modelgenerator/neutral-models`. That is, if `GenerateFlowModel.py` is provided with `--with-summaries` combined/mixed models are now generated instead of heuristic models (and similar for `--with-neutrals`). \ No newline at end of file diff --git a/rust/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql b/rust/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql deleted file mode 100644 index 7cd58a60335a..000000000000 --- a/rust/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql +++ /dev/null @@ -1,13 +0,0 @@ -/** - * @name Capture mixed neutral models. - * @description Finds neutral models to be used by other queries. - * @kind diagnostic - * @id rust/utils/modelgenerator/mixed-neutral-models - * @tags modelgenerator - */ - -import internal.CaptureModels - -from DataFlowSummaryTargetApi api, string noflow -where noflow = captureMixedNeutral(api) -select noflow order by noflow diff --git a/rust/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql b/rust/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql deleted file mode 100644 index 76d6a4022dba..000000000000 --- a/rust/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql +++ /dev/null @@ -1,13 +0,0 @@ -/** - * @name Capture mixed summary models. - * @description Finds applicable summary models to be used by other queries. - * @kind diagnostic - * @id rust/utils/modelgenerator/mixed-summary-models - * @tags modelgenerator - */ - -import internal.CaptureModels - -from DataFlowSummaryTargetApi api, string flow -where flow = captureMixedFlow(api, _) -select flow order by flow diff --git a/rust/ql/src/utils/modelgenerator/CaptureNeutralModels.ql b/rust/ql/src/utils/modelgenerator/CaptureNeutralModels.ql index fe23b4e382f3..8efc8a485e12 100644 --- a/rust/ql/src/utils/modelgenerator/CaptureNeutralModels.ql +++ b/rust/ql/src/utils/modelgenerator/CaptureNeutralModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSummaryTargetApi api, string noflow -where noflow = captureNoFlow(api) +where noflow = Heuristic::captureNoFlow(api) select noflow order by noflow diff --git a/rust/ql/src/utils/modelgenerator/CaptureSinkModels.ql b/rust/ql/src/utils/modelgenerator/CaptureSinkModels.ql index 615e87f8a6ff..36b1b8132977 100644 --- a/rust/ql/src/utils/modelgenerator/CaptureSinkModels.ql +++ b/rust/ql/src/utils/modelgenerator/CaptureSinkModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSinkTargetApi api, string sink -where sink = captureSink(api) +where sink = Heuristic::captureSink(api) select sink order by sink diff --git a/rust/ql/src/utils/modelgenerator/CaptureSourceModels.ql b/rust/ql/src/utils/modelgenerator/CaptureSourceModels.ql index 9c65bdcefae1..7086f719b2d8 100644 --- a/rust/ql/src/utils/modelgenerator/CaptureSourceModels.ql +++ b/rust/ql/src/utils/modelgenerator/CaptureSourceModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSourceTargetApi api, string source -where source = captureSource(api) +where source = Heuristic::captureSource(api) select source order by source diff --git a/rust/ql/src/utils/modelgenerator/CaptureSummaryModels.ql b/rust/ql/src/utils/modelgenerator/CaptureSummaryModels.ql index 19e29c36d9b5..8947dd015310 100644 --- a/rust/ql/src/utils/modelgenerator/CaptureSummaryModels.ql +++ b/rust/ql/src/utils/modelgenerator/CaptureSummaryModels.ql @@ -9,5 +9,5 @@ import internal.CaptureModels from DataFlowSummaryTargetApi api, string flow -where flow = captureFlow(api) +where flow = captureFlow(api, _) select flow order by flow diff --git a/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql b/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql index b6b4016acad1..fc557c91207b 100644 --- a/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql +++ b/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql @@ -14,7 +14,7 @@ import PartialFlow::PartialPathGraph int explorationLimit() { result = 3 } -module PartialFlow = PropagateFlow::FlowExplorationFwd; +module PartialFlow = Heuristic::PropagateFlow::FlowExplorationFwd; from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink, diff --git a/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql b/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql index 17b2e357513a..38437d0346f8 100644 --- a/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql +++ b/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql @@ -10,6 +10,7 @@ private import codeql.rust.dataflow.DataFlow import utils.modelgenerator.internal.CaptureModels +import Heuristic import PropagateFlow::PathGraph from diff --git a/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.ql b/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.ql index aa1925451814..14edea3af8a1 100644 --- a/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.ql +++ b/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.ql @@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels import utils.test.InlineMadTest module InlineMadTestConfig implements InlineMadTestConfigSig { - string getCapturedModel(Function f) { result = captureSink(f) } + string getCapturedModel(Function f) { result = Heuristic::captureSink(f) } string getKind() { result = "sink" } } diff --git a/rust/ql/test/utils-tests/modelgenerator/CaptureSourceModels.ql b/rust/ql/test/utils-tests/modelgenerator/CaptureSourceModels.ql index 201816bd2f84..66f0780448c7 100644 --- a/rust/ql/test/utils-tests/modelgenerator/CaptureSourceModels.ql +++ b/rust/ql/test/utils-tests/modelgenerator/CaptureSourceModels.ql @@ -4,7 +4,7 @@ import utils.test.InlineMadTest import codeql.rust.dataflow.internal.ModelsAsData module InlineMadTestConfig implements InlineMadTestConfigSig { - string getCapturedModel(Function c) { result = captureSource(c) } + string getCapturedModel(Function c) { result = Heuristic::captureSource(c) } string getKind() { result = "source" } } diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll index 37934b921147..27521b31d00b 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll @@ -338,10 +338,6 @@ module MakeModelGenerator< } } - private string getOutput(ReturnNodeExt node) { - result = PrintReturnNodeExt::getOutput(node) - } - final private class SummaryTargetApiFinal = SummaryTargetApi; class DataFlowSummaryTargetApi extends SummaryTargetApiFinal { @@ -352,16 +348,6 @@ module MakeModelGenerator< class DataFlowSinkTargetApi = SinkTargetApi; - private module ModelPrintingInput implements Printing::ModelPrintingSig { - class SummaryApi = DataFlowSummaryTargetApi; - - class SourceOrSinkApi = SourceOrSinkTargetApi; - - string getProvenance() { result = "df-generated" } - } - - module ModelPrinting = Printing::ModelPrinting; - /** * Holds if `c` is a relevant content kind, where the underlying type is relevant. */ @@ -369,19 +355,6 @@ module MakeModelGenerator< isRelevantType(getUnderlyingContentType(c)) } - /** - * Holds if data can flow from `node1` to `node2` either via a read or a write of an intermediate field `f`. - */ - private predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - exists(DataFlow::ContentSet f | - DataFlow::readStep(node1, f, node2) and - // Partially restrict the content types used for intermediate steps. - (not exists(getUnderlyingContentType(f)) or isRelevantTypeInContent(f)) - ) - or - exists(DataFlow::ContentSet f | DataFlow::storeStep(node1, f, node2) | containerContent(f)) - } - /** * Holds if content `c` is either a field, a synthetic field or language specific * content of a relevant type or a container like content. @@ -393,177 +366,302 @@ module MakeModelGenerator< } /** - * Gets the MaD string representation of the parameter node `p`. + * Provides classes and predicates related to capturing models + * based on heuristic data flow. */ - string parameterNodeAsInput(DataFlow::ParameterNode p) { - result = parameterAccess(asParameter(p)) - or - result = qualifierString() and p instanceof InstanceParameterNode - } + module Heuristic { + private module ModelPrintingInput implements Printing::ModelPrintingSig { + class SummaryApi = DataFlowSummaryTargetApi; - /** - * Gets the MaD input string representation of `source`. - */ - string asInputArgument(NodeExtended source) { result = getInputArgument(source) } + class SourceOrSinkApi = SourceOrSinkTargetApi; - /** - * Gets the summary model of `api`, if it follows the `fluent` programming pattern (returns `this`). - */ - private string captureQualifierFlow(DataFlowSummaryTargetApi api) { - exists(ReturnNodeExt ret | - api = returnNodeEnclosingCallable(ret) and - isOwnInstanceAccessNode(ret) - ) and - result = ModelPrinting::asLiftedValueModel(api, qualifierString(), "ReturnValue") - } + string getProvenance() { result = "df-generated" } + } - private int accessPathLimit0() { result = 2 } + module ModelPrinting = Printing::ModelPrinting; - private newtype TTaintState = - TTaintRead(int n) { n in [0 .. accessPathLimit0()] } or - TTaintStore(int n) { n in [1 .. accessPathLimit0()] } + private string getOutput(ReturnNodeExt node) { + result = PrintReturnNodeExt::getOutput(node) + } - abstract private class TaintState extends TTaintState { - abstract string toString(); - } + /** + * Holds if data can flow from `node1` to `node2` either via a read or a write of an intermediate field `f`. + */ + private predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + exists(DataFlow::ContentSet f | + DataFlow::readStep(node1, f, node2) and + // Partially restrict the content types used for intermediate steps. + (not exists(getUnderlyingContentType(f)) or isRelevantTypeInContent(f)) + ) + or + exists(DataFlow::ContentSet f | DataFlow::storeStep(node1, f, node2) | containerContent(f)) + } - /** - * A FlowState representing a tainted read. - */ - private class TaintRead extends TaintState, TTaintRead { - private int step; + /** + * Gets the MaD string representation of the parameter node `p`. + */ + string parameterNodeAsInput(DataFlow::ParameterNode p) { + result = parameterAccess(asParameter(p)) + or + result = qualifierString() and p instanceof InstanceParameterNode + } - TaintRead() { this = TTaintRead(step) } + /** + * Gets the MaD input string representation of `source`. + */ + private string asInputArgument(NodeExtended source) { result = getInputArgument(source) } /** - * Gets the flow state step number. + * Gets the summary model of `api`, if it follows the `fluent` programming pattern (returns `this`). */ - int getStep() { result = step } + private string captureQualifierFlow(DataFlowSummaryTargetApi api) { + exists(ReturnNodeExt ret | + api = returnNodeEnclosingCallable(ret) and + isOwnInstanceAccessNode(ret) + ) and + result = ModelPrinting::asLiftedValueModel(api, qualifierString(), "ReturnValue") + } - override string toString() { result = "TaintRead(" + step + ")" } - } + private int accessPathLimit0() { result = 2 } - /** - * A FlowState representing a tainted write. - */ - private class TaintStore extends TaintState, TTaintStore { - private int step; + private newtype TTaintState = + TTaintRead(int n) { n in [0 .. accessPathLimit0()] } or + TTaintStore(int n) { n in [1 .. accessPathLimit0()] } - TaintStore() { this = TTaintStore(step) } + abstract private class TaintState extends TTaintState { + abstract string toString(); + } /** - * Gets the flow state step number. + * A FlowState representing a tainted read. */ - int getStep() { result = step } + private class TaintRead extends TaintState, TTaintRead { + private int step; - override string toString() { result = "TaintStore(" + step + ")" } - } + TaintRead() { this = TTaintRead(step) } - /** - * A data flow configuration for tracking flow through APIs. - * The sources are the parameters of an API and the sinks are the return values (excluding `this`) and parameters. - * - * This can be used to generate Flow summaries for APIs from parameter to return. - */ - module PropagateFlowConfig implements DataFlow::StateConfigSig { - class FlowState = TaintState; - - predicate isSource(DataFlow::Node source, FlowState state) { - source instanceof DataFlow::ParameterNode and - exists(Callable c | - c = getEnclosingCallable(source) and - c instanceof DataFlowSummaryTargetApi and - not isUninterestingForHeuristicDataFlowModels(c) - ) and - state.(TaintRead).getStep() = 0 + /** + * Gets the flow state step number. + */ + int getStep() { result = step } + + override string toString() { result = "TaintRead(" + step + ")" } } - predicate isSink(DataFlow::Node sink, FlowState state) { - sink instanceof ReturnNodeExt and - not isOwnInstanceAccessNode(sink) and - not exists(captureQualifierFlow(getAsExprEnclosingCallable(sink))) and - (state instanceof TaintRead or state instanceof TaintStore) + /** + * A FlowState representing a tainted write. + */ + private class TaintStore extends TaintState, TTaintStore { + private int step; + + TaintStore() { this = TTaintStore(step) } + + /** + * Gets the flow state step number. + */ + int getStep() { result = step } + + override string toString() { result = "TaintStore(" + step + ")" } } - predicate isAdditionalFlowStep( - DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 - ) { - exists(DataFlow::NodeEx n1, DataFlow::NodeEx n2, DataFlow::ContentSet c | - node1 = n1.asNode() and - node2 = n2.asNode() and - DataFlow::storeEx(n1, c.getAStoreContent(), n2, _, _) and - isRelevantContent0(c) and - ( - state1 instanceof TaintRead and state2.(TaintStore).getStep() = 1 - or - state1.(TaintStore).getStep() + 1 = state2.(TaintStore).getStep() + /** + * A data flow configuration for tracking flow through APIs. + * The sources are the parameters of an API and the sinks are the return values (excluding `this`) and parameters. + * + * This can be used to generate Flow summaries for APIs from parameter to return. + */ + private module PropagateFlowConfig implements DataFlow::StateConfigSig { + class FlowState = TaintState; + + predicate isSource(DataFlow::Node source, FlowState state) { + source instanceof DataFlow::ParameterNode and + exists(Callable c | + c = getEnclosingCallable(source) and + c instanceof DataFlowSummaryTargetApi and + not isUninterestingForHeuristicDataFlowModels(c) + ) and + state.(TaintRead).getStep() = 0 + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof ReturnNodeExt and + not isOwnInstanceAccessNode(sink) and + not exists(captureQualifierFlow(getAsExprEnclosingCallable(sink))) and + (state instanceof TaintRead or state instanceof TaintStore) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + exists(DataFlow::NodeEx n1, DataFlow::NodeEx n2, DataFlow::ContentSet c | + node1 = n1.asNode() and + node2 = n2.asNode() and + DataFlow::storeEx(n1, c.getAStoreContent(), n2, _, _) and + isRelevantContent0(c) and + ( + state1 instanceof TaintRead and state2.(TaintStore).getStep() = 1 + or + state1.(TaintStore).getStep() + 1 = state2.(TaintStore).getStep() + ) + ) + or + exists(DataFlow::ContentSet c | + DataFlow::readStep(node1, c, node2) and + isRelevantContent0(c) and + state1.(TaintRead).getStep() + 1 = state2.(TaintRead).getStep() ) + } + + predicate isBarrier(DataFlow::Node n) { + exists(Type t | t = n.(NodeExtended).getType() and not isRelevantType(t)) + } + + DataFlow::FlowFeature getAFeature() { + result instanceof DataFlow::FeatureEqualSourceSinkCallContext + } + } + + module PropagateFlow = TaintTracking::GlobalWithState; + + /** + * Gets the summary model(s) of `api`, if there is flow from parameters to return value or parameter. + */ + string captureThroughFlow0( + DataFlowSummaryTargetApi api, DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt + ) { + exists(string input, string output | + getEnclosingCallable(p) = api and + getEnclosingCallable(returnNodeExt) = api and + input = parameterNodeAsInput(p) and + output = getOutput(returnNodeExt) and + input != output and + result = ModelPrinting::asLiftedTaintModel(api, input, output) ) - or - exists(DataFlow::ContentSet c | - DataFlow::readStep(node1, c, node2) and - isRelevantContent0(c) and - state1.(TaintRead).getStep() + 1 = state2.(TaintRead).getStep() + } + + /** + * Gets the summary model(s) of `api`, if there is flow from parameters to return value or parameter. + */ + private string captureThroughFlow(DataFlowSummaryTargetApi api) { + exists(DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt | + PropagateFlow::flow(p, returnNodeExt) and + result = captureThroughFlow0(api, p, returnNodeExt) ) } - predicate isBarrier(DataFlow::Node n) { - exists(Type t | t = n.(NodeExtended).getType() and not isRelevantType(t)) + /** + * Gets the summary model(s) of `api`, if there is flow from parameters to the + * return value or parameter or if `api` is a fluent API. + */ + string captureFlow(DataFlowSummaryTargetApi api) { + result = captureQualifierFlow(api) or + result = captureThroughFlow(api) } - DataFlow::FlowFeature getAFeature() { - result instanceof DataFlow::FeatureEqualSourceSinkCallContext + /** + * Gets the neutral summary model for `api`, if any. + * A neutral summary model is generated, if we are not generating + * a summary model that applies to `api`. + */ + string captureNoFlow(DataFlowSummaryTargetApi api) { + not exists(DataFlowSummaryTargetApi api0 | + exists(captureFlow(api0)) and api0.lift() = api.lift() + ) and + api.isRelevant() and + result = ModelPrinting::asNeutralSummaryModel(api) } - } - module PropagateFlow = TaintTracking::GlobalWithState; + /** + * A data flow configuration used for finding new sources. + * The sources are the already known existing sources and the sinks are the API return nodes. + * + * This can be used to generate Source summaries for an API, if the API expose an already known source + * via its return (then the API itself becomes a source). + */ + module PropagateFromSourceConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + exists(string kind | + isRelevantSourceKind(kind) and + sourceNode(source, kind) + ) + } - /** - * Gets the summary model(s) of `api`, if there is flow from parameters to return value or parameter. - */ - string captureThroughFlow0( - DataFlowSummaryTargetApi api, DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt - ) { - exists(string input, string output | - getEnclosingCallable(p) = api and - getEnclosingCallable(returnNodeExt) = api and - input = parameterNodeAsInput(p) and - output = getOutput(returnNodeExt) and - input != output and - result = ModelPrinting::asLiftedTaintModel(api, input, output) - ) - } + predicate isSink(DataFlow::Node sink) { + sink instanceof ReturnNodeExt and + getEnclosingCallable(sink) instanceof DataFlowSourceTargetApi + } - /** - * Gets the summary model(s) of `api`, if there is flow from parameters to return value or parameter. - */ - private string captureThroughFlow(DataFlowSummaryTargetApi api) { - exists(DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt | - PropagateFlow::flow(p, returnNodeExt) and - result = captureThroughFlow0(api, p, returnNodeExt) - ) - } + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSinkCallContext } - /** - * Gets the summary model(s) of `api`, if there is flow from parameters to the - * return value or parameter or if `api` is a fluent API. - */ - string captureFlow(DataFlowSummaryTargetApi api) { - result = captureQualifierFlow(api) or - result = captureThroughFlow(api) - } + predicate isBarrier(DataFlow::Node n) { + exists(Type t | t = n.(NodeExtended).getType() and not isRelevantType(t)) + } - /** - * Gets the neutral summary model for `api`, if any. - * A neutral summary model is generated, if we are not generating - * a summary model that applies to `api`. - */ - string captureNoFlow(DataFlowSummaryTargetApi api) { - not exists(DataFlowSummaryTargetApi api0 | - exists(captureFlow(api0)) and api0.lift() = api.lift() - ) and - api.isRelevant() and - result = ModelPrinting::asNeutralSummaryModel(api) + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + isRelevantTaintStep(node1, node2) + } + } + + private module PropagateFromSource = TaintTracking::Global; + + /** + * Gets the source model(s) of `api`, if there is flow from an existing known source to the return of `api`. + */ + string captureSource(DataFlowSourceTargetApi api) { + exists(NodeExtended source, ReturnNodeExt sink, string kind | + PropagateFromSource::flow(source, sink) and + sourceNode(source, kind) and + api = getEnclosingCallable(sink) and + not irrelevantSourceSinkApi(getEnclosingCallable(source), api) and + result = ModelPrinting::asSourceModel(api, getOutput(sink), kind) + ) + } + + /** + * A data flow configuration used for finding new sinks. + * The sources are the parameters of the API and the fields of the enclosing type. + * + * This can be used to generate Sink summaries for APIs, if the API propagates a parameter (or enclosing type field) + * into an existing known sink (then the API itself becomes a sink). + */ + module PropagateToSinkConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + apiSource(source) and + getEnclosingCallable(source) instanceof DataFlowSinkTargetApi + } + + predicate isSink(DataFlow::Node sink) { + exists(string kind | isRelevantSinkKind(kind) and sinkNode(sink, kind)) + } + + predicate isBarrier(DataFlow::Node node) { + exists(Type t | t = node.(NodeExtended).getType() and not isRelevantType(t)) + or + sinkModelSanitizer(node) + } + + DataFlow::FlowFeature getAFeature() { + result instanceof DataFlow::FeatureHasSourceCallContext + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + isRelevantTaintStep(node1, node2) + } + } + + private module PropagateToSink = TaintTracking::Global; + + /** + * Gets the sink model(s) of `api`, if there is flow from a parameter to an existing known sink. + */ + string captureSink(DataFlowSinkTargetApi api) { + exists(NodeExtended src, NodeExtended sink, string kind | + PropagateToSink::flow(src, sink) and + sinkNode(sink, kind) and + api = getEnclosingCallable(src) and + result = ModelPrinting::asSinkModel(api, asInputArgument(src), kind) + ) + } } /** @@ -686,7 +784,7 @@ module MakeModelGenerator< * If an API produces more content flow on a parameter, it is likely that * 1. Types are not sufficiently constrained on the parameter leading to a combinatorial * explosion in dispatch and thus in the generated summaries. - * 2. It is a reasonable approximation to use the non-content based flow + * 2. It is a reasonable approximation to use the heuristic based flow * detection instead, as reads and stores would use a significant * part of an objects internal state. */ @@ -941,9 +1039,9 @@ module MakeModelGenerator< * The following heuristic is applied: * 1. If content based flow yields at lease one summary for an API, then we use that. * 2. If content based flow does not yield any summary for an API, then we try and - * generate flow summaries using the non-content based summary generator. + * generate flow summaries using the heuristic based summary generator. */ - string captureMixedFlow(DataFlowSummaryTargetApi api, boolean lift) { + string captureFlow(DataFlowSummaryTargetApi api, boolean lift) { result = ContentSensitive::captureFlow(api, lift) or not exists(DataFlowSummaryTargetApi api0 | @@ -953,7 +1051,7 @@ module MakeModelGenerator< api0.lift() = api.lift() and exists(ContentSensitive::captureFlow(api0, true)) ) and - result = captureFlow(api) and + result = Heuristic::captureFlow(api) and lift = true } @@ -962,9 +1060,9 @@ module MakeModelGenerator< * A neutral summary model is generated, if we are not generating * a mixed summary model that applies to `api`. */ - string captureMixedNeutral(DataFlowSummaryTargetApi api) { + string captureNeutral(DataFlowSummaryTargetApi api) { not exists(DataFlowSummaryTargetApi api0, boolean lift | - exists(captureMixedFlow(api0, lift)) and + exists(captureFlow(api0, lift)) and ( lift = false and (api0 = api or api0 = api.lift()) @@ -973,96 +1071,6 @@ module MakeModelGenerator< ) ) and api.isRelevant() and - result = ModelPrinting::asNeutralSummaryModel(api) - } - - /** - * A data flow configuration used for finding new sources. - * The sources are the already known existing sources and the sinks are the API return nodes. - * - * This can be used to generate Source summaries for an API, if the API expose an already known source - * via its return (then the API itself becomes a source). - */ - module PropagateFromSourceConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { - exists(string kind | - isRelevantSourceKind(kind) and - sourceNode(source, kind) - ) - } - - predicate isSink(DataFlow::Node sink) { - sink instanceof ReturnNodeExt and - getEnclosingCallable(sink) instanceof DataFlowSourceTargetApi - } - - DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSinkCallContext } - - predicate isBarrier(DataFlow::Node n) { - exists(Type t | t = n.(NodeExtended).getType() and not isRelevantType(t)) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - isRelevantTaintStep(node1, node2) - } - } - - private module PropagateFromSource = TaintTracking::Global; - - /** - * Gets the source model(s) of `api`, if there is flow from an existing known source to the return of `api`. - */ - string captureSource(DataFlowSourceTargetApi api) { - exists(NodeExtended source, ReturnNodeExt sink, string kind | - PropagateFromSource::flow(source, sink) and - sourceNode(source, kind) and - api = getEnclosingCallable(sink) and - not irrelevantSourceSinkApi(getEnclosingCallable(source), api) and - result = ModelPrinting::asSourceModel(api, getOutput(sink), kind) - ) - } - - /** - * A data flow configuration used for finding new sinks. - * The sources are the parameters of the API and the fields of the enclosing type. - * - * This can be used to generate Sink summaries for APIs, if the API propagates a parameter (or enclosing type field) - * into an existing known sink (then the API itself becomes a sink). - */ - module PropagateToSinkConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { - apiSource(source) and - getEnclosingCallable(source) instanceof DataFlowSinkTargetApi - } - - predicate isSink(DataFlow::Node sink) { - exists(string kind | isRelevantSinkKind(kind) and sinkNode(sink, kind)) - } - - predicate isBarrier(DataFlow::Node node) { - exists(Type t | t = node.(NodeExtended).getType() and not isRelevantType(t)) - or - sinkModelSanitizer(node) - } - - DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - isRelevantTaintStep(node1, node2) - } - } - - private module PropagateToSink = TaintTracking::Global; - - /** - * Gets the sink model(s) of `api`, if there is flow from a parameter to an existing known sink. - */ - string captureSink(DataFlowSinkTargetApi api) { - exists(NodeExtended src, NodeExtended sink, string kind | - PropagateToSink::flow(src, sink) and - sinkNode(sink, kind) and - api = getEnclosingCallable(src) and - result = ModelPrinting::asSinkModel(api, asInputArgument(src), kind) - ) + result = Heuristic::ModelPrinting::asNeutralSummaryModel(api) } }