JS: No longer use models-as-data CSV interface

Author: hvitved

javascript/ql/lib/qlpack.yml

@@ -15,4 +15,5 @@ dependencies:
   codeql/yaml: ${workspace}
 dataExtensions:
   - semmle/javascript/frameworks/**/model.yml
+  - semmle/javascript/frameworks/**/*.model.yml
 warnOnImplicitThis: true

javascript/ql/lib/semmle/javascript/frameworks/NoSQL.model.yml

@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      # In Mongo version 2.x, a client and a database handle were the same concept, but in 3.x
+      # they were separated. To handle everything with a single model, we treat them as the same here.
+      - ['mongodb.Db', 'mongodb.MongoClient', '']
+      # 'marsdb' has no typings and is archived.
+      # We just model is as a variant of 'mongoose'.
+      - ['mongoose.Model', 'marsdb', 'Member[Collection].Instance']
+      - ['mongoose.Query', 'marsdb', 'Member[Collection].Instance']
+      - ['mongoose.Query', 'mongoose.Query', 'Member[sortFunc].ReturnValue']

javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll

@@ -21,14 +21,6 @@ module NoSql {
  * Provides classes modeling the `mongodb` and `mongoose` libraries.
  */
 private module MongoDB {
-  private class OldMongoDbAdapter extends ModelInput::TypeModelCsv {
-    override predicate row(string row) {
-      // In Mongo version 2.x, a client and a database handle were the same concept, but in 3.x
-      // they were separated. To handle everything with a single model, we treat them as the same here.
-      row = "mongodb.Db;mongodb.MongoClient;"
-    }
-  }
-
   /**
    * An expression that is interpreted as a MongoDB query.
    */
@@ -169,24 +161,6 @@ private module Mongoose {
   }
 }
 
-/**
- * Provides classes modeling the MarsDB library.
- */
-private module MarsDB {
-  // 'marsdb' has no typings and is archived.
-  // We just model is as a variant of 'mongoose'.
-  private class MongooseExtension extends ModelInput::TypeModelCsv {
-    override predicate row(string row) {
-      row =
-        [
-          "mongoose.Query;marsdb;Member[Collection].Instance",
-          "mongoose.Model;marsdb;Member[Collection].Instance",
-          "mongoose.Query;mongoose.Query;Member[sortFunc].ReturnValue",
-        ]
-    }
-  }
-}
-
 /**
  * Provides classes modeling the `Node Redis` library.
  *

javascript/ql/lib/semmle/javascript/frameworks/SQL.model.yml

@@ -0,0 +1,19 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sourceModel
+    data:
+      - ['@google-cloud/spanner.~SpannerObject', 'Member[executeSql].Argument[0..].Parameter[1]', 'database-access-result']
+      - ['@google-cloud/spanner.~SpannerObject', 'Member[executeSql].ReturnValue.Awaited.Member[0]', 'database-access-result']
+      - ['@google-cloud/spanner.~SpannerObject', 'Member[run].Argument[0..].Parameter[1]', 'database-access-result']
+      - ['@google-cloud/spanner.~SpannerObject', 'Member[run].ReturnValue.Awaited', 'database-access-result']
+      - ['sequelize.Sequelize', 'Member[query].ReturnValue.Awaited', 'database-access-result']
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sinkModel
+    data:
+      - ['@google-cloud/spanner.Transaction', 'Member[batchUpdate].Argument[0]', 'sql-injection']
+      - ['@google-cloud/spanner.Transaction', 'Member[batchUpdate].Argument[0].ArrayElement.Member[sql]', 'sql-injection']
+      - ['@google-cloud/spanner.~SqlExecutorDirect', 'Argument[0]', 'sql-injection']
+      - ['@google-cloud/spanner.~SqlExecutorDirect', 'Argument[0].Member[sql]', 'sql-injection']

javascript/ql/lib/semmle/javascript/frameworks/SQL.qll

@@ -415,42 +415,3 @@ private module MsSql {
     override string getCredentialsKind() { result = kind }
   }
 }
-
-/**
- * Provides classes modeling the `sequelize` package.
- */
-private module Sequelize {
-  // Note: the sinks are specified directly in the MaD model
-  class SequelizeSource extends ModelInput::SourceModelCsv {
-    override predicate row(string row) {
-      row = "sequelize.Sequelize;Member[query].ReturnValue.Awaited;database-access-result"
-    }
-  }
-}
-
-private module SpannerCsv {
-  class SpannerSinks extends ModelInput::SinkModelCsv {
-    override predicate row(string row) {
-      // type; path; kind
-      row =
-        [
-          "@google-cloud/spanner.~SqlExecutorDirect;Argument[0];sql-injection",
-          "@google-cloud/spanner.~SqlExecutorDirect;Argument[0].Member[sql];sql-injection",
-          "@google-cloud/spanner.Transaction;Member[batchUpdate].Argument[0];sql-injection",
-          "@google-cloud/spanner.Transaction;Member[batchUpdate].Argument[0].ArrayElement.Member[sql];sql-injection",
-        ]
-    }
-  }
-
-  class SpannerSources extends ModelInput::SourceModelCsv {
-    override predicate row(string row) {
-      row =
-        [
-          "@google-cloud/spanner.~SpannerObject;Member[executeSql].Argument[0..].Parameter[1];database-access-result",
-          "@google-cloud/spanner.~SpannerObject;Member[executeSql].ReturnValue.Awaited.Member[0];database-access-result",
-          "@google-cloud/spanner.~SpannerObject;Member[run].ReturnValue.Awaited;database-access-result",
-          "@google-cloud/spanner.~SpannerObject;Member[run].Argument[0..].Parameter[1];database-access-result",
-        ]
-    }
-  }
-}

javascript/ql/test/library-tests/frameworks/data/test.ext.yml

@@ -0,0 +1,76 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sourceModel
+    data:
+      - ['testlib', 'Member[BaseClass].Instance.Member[baseclassSource].ReturnValue', 'test-source']
+      - ['testlib', 'Member[ClassDecorator].DecoratedClass.Instance.Member[inputIsSource].Parameter[0]', 'test-source']
+      - ['testlib', 'Member[FieldDecoratorSource].DecoratedMember', 'test-source']
+      - ['testlib', 'Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.Parameter[0]', 'test-source']
+      - ['testlib', 'Member[MethodDecorator].DecoratedMember.Parameter[0]', 'test-source']
+      - ['testlib', 'Member[ParamDecoratorSource].DecoratedParameter', 'test-source']
+      - ['testlib', 'Member[getSource].ReturnValue', 'test-source']
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sinkModel
+    data:
+      - ['testlib', 'AnyMember.Member[memberSink].Argument[0]', 'test-sink']
+      - ['testlib', 'Fuzzy.Member[fuzzyCall].Argument[0]', 'test-sink']
+      - ['testlib', 'Member[ClassDecorator].DecoratedClass.Instance.Member[returnValueIsSink].ReturnValue', 'test-sink']
+      - ['testlib', 'Member[FieldDecoratorSink].DecoratedMember', 'test-sink']
+      - ['testlib', 'Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.ReturnValue', 'test-sink']
+      - ['testlib', 'Member[MethodDecorator].DecoratedMember.ReturnValue', 'test-sink']
+      - ['testlib', 'Member[ParamDecoratorSink].DecoratedParameter', 'test-sink']
+      - ['testlib', 'Member[foo', 'test-sink']
+      - ['testlib', 'Member[foo] .Member[bar]', 'test-sink']
+      - ['testlib', 'Member[foo] Member[bar]', 'test-sink']
+      - ['testlib', 'Member[foo], Member[bar]', 'test-sink']
+      - ['testlib', 'Member[foo],Member[bar]', 'test-sink']
+      - ['testlib', 'Member[foo]. Member[bar]', 'test-sink']
+      - ['testlib', 'Member[foo]..Member[bar]', 'test-sink']
+      - ['testlib', 'Member[foo]Member[bar]', 'test-sink']
+      - ['testlib', 'Member[foo]]', 'test-sink']
+      - ['testlib', 'Member[foo]].Member[bar]', 'test-sink']
+      - ['testlib', 'Member[mySinkExceptLast].Argument[0..N-2]', 'test-sink']
+      - ['testlib', 'Member[mySinkIfArityTwo].WithArity[2].Argument[0]', 'test-sink']
+      - ['testlib', 'Member[mySinkIfCall].Call.Argument[0]', 'test-sink']
+      - ['testlib', 'Member[mySinkIfNew].NewCall.Argument[0]', 'test-sink']
+      - ['testlib', 'Member[mySinkLast].Argument[N-1]', 'test-sink']
+      - ['testlib', 'Member[mySinkSecondLast].Argument[N-2]', 'test-sink']
+      - ['testlib', 'Member[mySinkTwoLastRange].Argument[N-2..N-1]', 'test-sink']
+      - ['testlib', 'Member[mySinkTwoLast].Argument[N-1,N-2]', 'test-sink']
+      - ['testlib', 'Member[mySink].Argument[0]', 'test-sink']
+      - ['testlib', 'Member[overloadedSink].WithStringArgument[0=danger].Argument[1]', 'test-sink']
+      - ['testlib', 'Member[sink1, sink2, sink3 ].Argument[0]', 'test-sink']
+      - ['testlib', 'Member[typevar].TypeVar[ABC].Member[mySink].Argument[0]', 'test-sink']
+      - ['testlib', 'Member[typevar].TypeVar[ABC].TypeVar[ABC].Member[mySink].Argument[1]', 'test-sink']
+      - ['testlib', 'Member[typevar].TypeVar[LeftRight].Member[mySink].Argument[0]', 'test-sink']
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: summaryModel
+    data:
+      - ['testlib', 'Member[getSource].ReturnValue.Member[continue]', 'Argument[this]', 'ReturnValue', 'taint']
+      - ['testlib', 'Member[preserveAllButFirstArgument]', 'Argument[1..]', 'ReturnValue', 'taint']
+      - ['testlib', 'Member[preserveAllIfCall].Call', 'Argument[0..]', 'ReturnValue', 'taint']
+      - ['testlib', 'Member[preserveArgZeroAndTwo]', 'Argument[0,2]', 'ReturnValue', 'taint']
+      - ['testlib', 'Member[preserveTaint]', 'Argument[0]', 'ReturnValue', 'taint']
+      - ['testlib', 'Member[taintIntoCallbackThis]', 'Argument[0]', 'Argument[1..2].Parameter[this]', 'taint']
+      - ['testlib', 'Member[taintIntoCallback]', 'Argument[0]', 'Argument[1..2].Parameter[0]', 'taint']
+      - ['testlib.~HasThisFlow', '', '', 'Member[getThis].ReturnValue', 'type']
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - ['testlib.~HasThisFlow', 'testlib', 'Member[typevar]']
+      - ['testlib.~HasThisFlow', 'testlib.~HasThisFlow', 'Member[left,right,x]']
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: typeVariableModel
+    data:
+      - ['ABC', 'Member[a].Member[b].WithArity[0].ReturnValue.Member[c]']
+      - ['LeftRight', 'Member[left].TypeVar[LeftRight].Member[right]']
+      - ['LeftRight', 'Member[x]']

javascript/ql/test/library-tests/frameworks/data/test.ql

@@ -2,89 +2,6 @@ import javascript
 import testUtilities.ConsistencyChecking
 import semmle.javascript.frameworks.data.internal.ApiGraphModels as ApiGraphModels
 
-class Steps extends ModelInput::SummaryModelCsv {
-  override predicate row(string row) {
-    // type;path;input;output;kind
-    row =
-      [
-        "testlib;Member[preserveTaint];Argument[0];ReturnValue;taint",
-        "testlib;Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
-        "testlib;Member[taintIntoCallbackThis];Argument[0];Argument[1..2].Parameter[this];taint",
-        "testlib;Member[preserveArgZeroAndTwo];Argument[0,2];ReturnValue;taint",
-        "testlib;Member[preserveAllButFirstArgument];Argument[1..];ReturnValue;taint",
-        "testlib;Member[preserveAllIfCall].Call;Argument[0..];ReturnValue;taint",
-        "testlib;Member[getSource].ReturnValue.Member[continue];Argument[this];ReturnValue;taint",
-        "testlib.~HasThisFlow;;;Member[getThis].ReturnValue;type",
-      ]
-  }
-}
-
-class TypeDefs extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "testlib.~HasThisFlow;testlib;Member[typevar]",
-        "testlib.~HasThisFlow;testlib.~HasThisFlow;Member[left,right,x]",
-      ]
-  }
-}
-
-class Sinks extends ModelInput::SinkModelCsv {
-  override predicate row(string row) {
-    // type;path;kind
-    row =
-      [
-        "testlib;Member[mySink].Argument[0];test-sink",
-        "testlib;Member[mySinkIfCall].Call.Argument[0];test-sink",
-        "testlib;Member[mySinkIfNew].NewCall.Argument[0];test-sink",
-        "testlib;Member[mySinkLast].Argument[N-1];test-sink",
-        "testlib;Member[mySinkSecondLast].Argument[N-2];test-sink",
-        "testlib;Member[mySinkTwoLast].Argument[N-1,N-2];test-sink",
-        "testlib;Member[mySinkTwoLastRange].Argument[N-2..N-1];test-sink",
-        "testlib;Member[mySinkExceptLast].Argument[0..N-2];test-sink",
-        "testlib;Member[mySinkIfArityTwo].WithArity[2].Argument[0];test-sink",
-        "testlib;Member[sink1, sink2, sink3 ].Argument[0];test-sink",
-        "testlib;Member[ClassDecorator].DecoratedClass.Instance.Member[returnValueIsSink].ReturnValue;test-sink",
-        "testlib;Member[FieldDecoratorSink].DecoratedMember;test-sink",
-        "testlib;Member[MethodDecorator].DecoratedMember.ReturnValue;test-sink",
-        "testlib;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.ReturnValue;test-sink",
-        "testlib;Member[ParamDecoratorSink].DecoratedParameter;test-sink",
-        "testlib;AnyMember.Member[memberSink].Argument[0];test-sink",
-        "testlib;Member[overloadedSink].WithStringArgument[0=danger].Argument[1];test-sink",
-        "testlib;Member[typevar].TypeVar[ABC].Member[mySink].Argument[0];test-sink",
-        "testlib;Member[typevar].TypeVar[ABC].TypeVar[ABC].Member[mySink].Argument[1];test-sink",
-        "testlib;Member[typevar].TypeVar[LeftRight].Member[mySink].Argument[0];test-sink",
-        "testlib;Fuzzy.Member[fuzzyCall].Argument[0];test-sink"
-      ]
-  }
-}
-
-class TypeVars extends ModelInput::TypeVariableModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "ABC;Member[a].Member[b].WithArity[0].ReturnValue.Member[c]", //
-        "LeftRight;Member[left].TypeVar[LeftRight].Member[right]", //
-        "LeftRight;Member[x]",
-      ]
-  }
-}
-
-class Sources extends ModelInput::SourceModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "testlib;Member[getSource].ReturnValue;test-source",
-        "testlib;Member[ClassDecorator].DecoratedClass.Instance.Member[inputIsSource].Parameter[0];test-source",
-        "testlib;Member[FieldDecoratorSource].DecoratedMember;test-source",
-        "testlib;Member[ParamDecoratorSource].DecoratedParameter;test-source",
-        "testlib;Member[MethodDecorator].DecoratedMember.Parameter[0];test-source",
-        "testlib;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.Parameter[0];test-source",
-        "testlib;Member[BaseClass].Instance.Member[baseclassSource].ReturnValue;test-source",
-      ]
-  }
-}
-
 class BasicTaintTracking extends TaintTracking::Configuration {
   BasicTaintTracking() { this = "BasicTaintTracking" }
 
@@ -109,24 +26,6 @@ query predicate isSink(DataFlow::Node node, string kind) {
   node = ModelOutput::getASinkNode(kind).asSink()
 }
 
-class SyntaxErrorTest extends ModelInput::SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "testlib;Member[foo],Member[bar];test-sink", //
-        "testlib;Member[foo] Member[bar];test-sink", //
-        "testlib;Member[foo]. Member[bar];test-sink", //
-        "testlib;Member[foo], Member[bar];test-sink", //
-        "testlib;Member[foo]..Member[bar];test-sink", //
-        "testlib;Member[foo] .Member[bar];test-sink", //
-        "testlib;Member[foo]Member[bar];test-sink", //
-        "testlib;Member[foo;test-sink", //
-        "testlib;Member[foo]];test-sink", //
-        "testlib;Member[foo]].Member[bar];test-sink"
-      ]
-  }
-}
-
 query predicate syntaxErrors(ApiGraphModels::AccessPath path) { path.hasSyntaxError() }
 
 query predicate warning = ModelOutput::getAWarning/0;

javascript/ql/test/library-tests/frameworks/data/warnings.expected

@@ -1,5 +1,3 @@
-| CSV type row should have 3 columns but has 1: test.TooFewColumns |
-| CSV type row should have 3 columns but has 6: test.TooManyColumns;;Member[Foo].Instance;too;many;columns |
 | Invalid argument '0-1' in token 'Argument[0-1]' in access path: Method[foo].Argument[0-1] |
 | Invalid argument '*' in token 'Argument[*]' in access path: Method[foo].Argument[*] |
 | Invalid token 'Argument' is missing its arguments, in access path: Method[foo].Argument |

javascript/ql/test/library-tests/frameworks/data/warnings.ext.yml

@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - ['test.X', 'test.Y', 'Method[foo].Arg[0]']
+      - ['test.X', 'test.Y', 'Method[foo].Argument[0-1]']
+      - ['test.X', 'test.Y', 'Method[foo].Argument[*]']
+      - ['test.X', 'test.Y', 'Method[foo].Argument']
+      - ['test.X', 'test.Y', 'Method[foo].Member']

javascript/ql/test/library-tests/frameworks/data/warnings.ql

@@ -1,21 +1,6 @@
 import javascript
 import semmle.javascript.frameworks.data.internal.ApiGraphModels as ApiGraphModels
 
-private class InvalidTypeModel extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "test.TooManyColumns;;Member[Foo].Instance;too;many;columns", //
-        "test.TooFewColumns", //
-        "test.X;test.Y;Method[foo].Arg[0]", //
-        "test.X;test.Y;Method[foo].Argument[0-1]", //
-        "test.X;test.Y;Method[foo].Argument[*]", //
-        "test.X;test.Y;Method[foo].Argument", //
-        "test.X;test.Y;Method[foo].Member", //
-      ]
-  }
-}
-
 class IsTesting extends ApiGraphModels::TestAllModels {
   IsTesting() { this = this }
 }