Shared: include 'qltest%' and 'test-%'

Jami Cogswell · Jami Cogswell · commit 7b629f5d63de · 2023-06-05T12:18:33.000-04:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/SharedModelValidation.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/SharedModelValidation.qll
@@ -29,7 +29,7 @@ class ValidSinkKind extends string {
     or
     this.matches([
         // shared
-        "encryption-%",
+        "encryption-%", "qltest%", "test-%",
         // Java-only currently, but may be shared in the future
         "regex-use%",
         // JavaScript-only currently, but may be shared in the future
@@ -53,11 +53,15 @@ class ValidSourceKind extends string {
         // C#
         "file", "file-write",
         // JavaScript
-        "database-access-result"
+        "database-access-result", "remote-flow"
       ]
     or
-    // Swift
-    this.matches("%string-%length")
+    this.matches([
+        // shared
+        "qltest%", "test-%",
+        // Swift
+        "%string-%length"
+      ])
   }
 }
 
diff --git a/go/ql/lib/semmle/go/dataflow/SharedModelValidation.qll b/go/ql/lib/semmle/go/dataflow/SharedModelValidation.qll
@@ -29,7 +29,7 @@ class ValidSinkKind extends string {
     or
     this.matches([
         // shared
-        "encryption-%",
+        "encryption-%", "qltest%", "test-%",
         // Java-only currently, but may be shared in the future
         "regex-use%",
         // JavaScript-only currently, but may be shared in the future
@@ -53,11 +53,15 @@ class ValidSourceKind extends string {
         // C#
         "file", "file-write",
         // JavaScript
-        "database-access-result"
+        "database-access-result", "remote-flow"
       ]
     or
-    // Swift
-    this.matches("%string-%length")
+    this.matches([
+        // shared
+        "qltest%", "test-%",
+        // Swift
+        "%string-%length"
+      ])
   }
 }
 
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -318,7 +318,6 @@ module ModelValidation {
     or
     exists(string kind, string msg | sinkModel(_, _, _, _, _, _, _, kind, _) |
       not kind instanceof ValidSinkKind and
-      not kind.matches("qltest%") and
       msg = "Invalid kind \"" + kind + "\" in sink model." and
       // The part of this message that refers to outdated sink kinds can be deleted after June 1st, 2024.
       if kind instanceof OutdatedSinkKind
@@ -328,7 +327,6 @@ module ModelValidation {
     or
     exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) |
       not kind instanceof ValidSourceKind and
-      not kind.matches("qltest%") and
       result = "Invalid kind \"" + kind + "\" in source model."
     )
     or
diff --git a/java/ql/lib/semmle/code/java/dataflow/SharedModelValidation.qll b/java/ql/lib/semmle/code/java/dataflow/SharedModelValidation.qll
@@ -29,7 +29,7 @@ class ValidSinkKind extends string {
     or
     this.matches([
         // shared
-        "encryption-%",
+        "encryption-%", "qltest%", "test-%",
         // Java-only currently, but may be shared in the future
         "regex-use%",
         // JavaScript-only currently, but may be shared in the future
@@ -53,11 +53,15 @@ class ValidSourceKind extends string {
         // C#
         "file", "file-write",
         // JavaScript
-        "database-access-result"
+        "database-access-result", "remote-flow"
       ]
     or
-    // Swift
-    this.matches("%string-%length")
+    this.matches([
+        // shared
+        "qltest%", "test-%",
+        // Swift
+        "%string-%length"
+      ])
   }
 }
 
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll
@@ -663,7 +663,6 @@ module ModelOutput {
     or
     exists(string kind | sinkModel(_, _, kind) |
       not kind instanceof ValidSinkKind and
-      not kind.matches("test-%") and
       result = "Invalid kind \"" + kind + "\" in sink model."
     )
     or
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/SharedModelValidation.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/SharedModelValidation.qll
@@ -29,7 +29,7 @@ class ValidSinkKind extends string {
     or
     this.matches([
         // shared
-        "encryption-%",
+        "encryption-%", "qltest%", "test-%",
         // Java-only currently, but may be shared in the future
         "regex-use%",
         // JavaScript-only currently, but may be shared in the future
@@ -53,11 +53,15 @@ class ValidSourceKind extends string {
         // C#
         "file", "file-write",
         // JavaScript
-        "database-access-result"
+        "database-access-result", "remote-flow"
       ]
     or
-    // Swift
-    this.matches("%string-%length")
+    this.matches([
+        // shared
+        "qltest%", "test-%",
+        // Swift
+        "%string-%length"
+      ])
   }
 }
 
diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
@@ -663,7 +663,6 @@ module ModelOutput {
     or
     exists(string kind | sinkModel(_, _, kind) |
       not kind instanceof ValidSinkKind and
-      not kind.matches("test-%") and
       result = "Invalid kind \"" + kind + "\" in sink model."
     )
     or
diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/SharedModelValidation.qll b/python/ql/lib/semmle/python/frameworks/data/internal/SharedModelValidation.qll
@@ -29,7 +29,7 @@ class ValidSinkKind extends string {
     or
     this.matches([
         // shared
-        "encryption-%",
+        "encryption-%", "qltest%", "test-%",
         // Java-only currently, but may be shared in the future
         "regex-use%",
         // JavaScript-only currently, but may be shared in the future
@@ -53,11 +53,15 @@ class ValidSourceKind extends string {
         // C#
         "file", "file-write",
         // JavaScript
-        "database-access-result"
+        "database-access-result", "remote-flow"
       ]
     or
-    // Swift
-    this.matches("%string-%length")
+    this.matches([
+        // shared
+        "qltest%", "test-%",
+        // Swift
+        "%string-%length"
+      ])
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll
@@ -663,7 +663,6 @@ module ModelOutput {
     or
     exists(string kind | sinkModel(_, _, kind) |
       not kind instanceof ValidSinkKind and
-      not kind.matches("test-%") and
       result = "Invalid kind \"" + kind + "\" in sink model."
     )
     or
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/SharedModelValidation.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/SharedModelValidation.qll
@@ -29,7 +29,7 @@ class ValidSinkKind extends string {
     or
     this.matches([
         // shared
-        "encryption-%",
+        "encryption-%", "qltest%", "test-%",
         // Java-only currently, but may be shared in the future
         "regex-use%",
         // JavaScript-only currently, but may be shared in the future
@@ -53,11 +53,15 @@ class ValidSourceKind extends string {
         // C#
         "file", "file-write",
         // JavaScript
-        "database-access-result"
+        "database-access-result", "remote-flow"
       ]
     or
-    // Swift
-    this.matches("%string-%length")
+    this.matches([
+        // shared
+        "qltest%", "test-%",
+        // Swift
+        "%string-%length"
+      ])
   }
 }
 
diff --git a/swift/ql/lib/codeql/swift/dataflow/SharedModelValidation.qll b/swift/ql/lib/codeql/swift/dataflow/SharedModelValidation.qll
@@ -29,7 +29,7 @@ class ValidSinkKind extends string {
     or
     this.matches([
         // shared
-        "encryption-%",
+        "encryption-%", "qltest%", "test-%",
         // Java-only currently, but may be shared in the future
         "regex-use%",
         // JavaScript-only currently, but may be shared in the future
@@ -53,11 +53,15 @@ class ValidSourceKind extends string {
         // C#
         "file", "file-write",
         // JavaScript
-        "database-access-result"
+        "database-access-result", "remote-flow"
       ]
     or
-    // Swift
-    this.matches("%string-%length")
+    this.matches([
+        // shared
+        "qltest%", "test-%",
+        // Swift
+        "%string-%length"
+      ])
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -663,7 +663,6 @@ module ModelOutput {`
`663`	`663`	`or`
`664`	`664`	`exists(string kind \| sinkModel(_, _, kind) \|`
`665`	`665`	`not kind instanceof ValidSinkKind and`
`666`		`- not kind.matches("test-%") and`
`667`	`666`	`result = "Invalid kind \"" + kind + "\" in sink model."`
`668`	`667`	`)`
`669`	`668`	`or`