C#: Merge ExternalFlow.qll and ExternalFlowExtensions.qll, and move to internal

hvitved · hvitved · commit 2a33a86c9d54 · 2023-11-05T20:58:47.000+01:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlowExtensions.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlowExtensions.qll
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll
@@ -87,27 +87,45 @@
  */
 
 import csharp
-private import ExternalFlowExtensions as Extensions
-private import internal.AccessPathSyntax
-private import internal.DataFlowDispatch
-private import internal.DataFlowPrivate
-private import internal.DataFlowPublic
-private import internal.FlowSummaryImpl::Public
-private import internal.FlowSummaryImpl::Private::External
-private import internal.FlowSummaryImplSpecific
+private import AccessPathSyntax
+private import DataFlowDispatch
+private import DataFlowPrivate
+private import DataFlowPublic
+private import FlowSummaryImpl::Public
+private import FlowSummaryImpl::Private::External
+private import FlowSummaryImplSpecific
 private import codeql.mad.ModelValidation as SharedModelVal
 
-/** Holds if a source model exists for the given parameters. */
-predicate sourceModel = Extensions::sourceModel/9;
+/**
+ * Holds if a source model exists for the given parameters.
+ */
+extensible predicate sourceModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string output, string kind, string provenance
+);
 
-/** Holds if a sink model exists for the given parameters. */
-predicate sinkModel = Extensions::sinkModel/9;
+/**
+ * Holds if a sink model exists for the given parameters.
+ */
+extensible predicate sinkModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string kind, string provenance
+);
 
-/** Holds if a summary model exists for the given parameters. */
-predicate summaryModel = Extensions::summaryModel/10;
+/**
+ * Holds if a summary model exists for the given parameters.
+ */
+extensible predicate summaryModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string output, string kind, string provenance
+);
 
-/** Holds if a neutral model exists for the given parameters. */
-predicate neutralModel = Extensions::neutralModel/6;
+/**
+ * Holds if a neutral model exists for the given parameters.
+ */
+extensible predicate neutralModel(
+  string namespace, string type, string name, string signature, string kind, string provenance
+);
 
 private predicate relevantNamespace(string namespace) {
   sourceModel(namespace, _, _, _, _, _, _, _, _) or
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -12,7 +12,7 @@ private import DataFlowImplCommon
 private import FlowSummaryImpl::Private
 private import FlowSummaryImpl::Public
 private import semmle.code.csharp.Unification
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import ExternalFlow
 private import semmle.code.csharp.dataflow.FlowSummary as FlowSummary
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll
@@ -4,7 +4,7 @@
  */
 
 import csharp
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 module HardcodedSymmetricEncryptionKey {
   private import semmle.code.csharp.frameworks.system.security.cryptography.SymmetricAlgorithm
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
@@ -7,7 +7,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.Remote
 private import semmle.code.csharp.security.dataflow.flowsources.Local
 private import semmle.code.csharp.frameworks.system.codedom.Compiler
 private import semmle.code.csharp.security.Sanitizers
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 /**
  * A data flow source for user input treated as code vulnerabilities.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
@@ -6,7 +6,7 @@ import csharp
 private import semmle.code.csharp.security.dataflow.flowsources.Remote
 private import semmle.code.csharp.frameworks.system.Diagnostics
 private import semmle.code.csharp.security.Sanitizers
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 /**
  * A source specific to command injection vulnerabilities.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
@@ -8,7 +8,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.Remote
 private import semmle.code.csharp.frameworks.system.DirectoryServices
 private import semmle.code.csharp.frameworks.system.directoryservices.Protocols
 private import semmle.code.csharp.security.Sanitizers
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 /**
  * A data flow source for unvalidated user input that is used to construct LDAP queries.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
@@ -8,7 +8,7 @@ private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
 private import semmle.code.csharp.security.Sanitizers
 private import semmle.code.csharp.security.dataflow.flowsinks.ExternalLocationSink
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 /**
  * A data flow source for untrusted user input used in log entries.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll
@@ -7,7 +7,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.Remote
 private import semmle.code.csharp.security.dataflow.flowsources.Local
 private import semmle.code.csharp.frameworks.Sql
 private import semmle.code.csharp.security.Sanitizers
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 /**
  * A source specific to SQL injection vulnerabilities.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
@@ -9,7 +9,7 @@ private import semmle.code.csharp.frameworks.system.Web
 private import semmle.code.csharp.frameworks.system.web.Mvc
 private import semmle.code.csharp.security.Sanitizers
 private import semmle.code.csharp.frameworks.microsoft.AspNetCore
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 /**
  * A data flow source for unvalidated URL redirect vulnerabilities.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll
@@ -9,7 +9,7 @@ private import semmle.code.csharp.frameworks.system.Web
 private import semmle.code.csharp.frameworks.system.web.UI
 private import semmle.code.csharp.security.dataflow.flowsinks.Html
 private import semmle.code.csharp.security.dataflow.flowsinks.Remote
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 private import semmle.code.csharp.frameworks.ServiceStack::XSS
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll
@@ -7,7 +7,7 @@ private import Remote
 private import semmle.code.csharp.commons.Loggers
 private import semmle.code.csharp.frameworks.system.Web
 private import semmle.code.csharp.frameworks.system.IO
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 /**
  * An external location sink.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/Html.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/Html.qll
@@ -13,7 +13,7 @@ private import semmle.code.csharp.frameworks.system.web.UI
 private import semmle.code.csharp.frameworks.system.web.ui.WebControls
 private import semmle.code.csharp.frameworks.system.windows.Forms
 private import semmle.code.csharp.security.dataflow.flowsources.Remote
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 private import semmle.code.asp.AspNet
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Local.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Local.qll
@@ -4,7 +4,7 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.windows.Forms
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 /** A data flow source of local data. */
 abstract class LocalFlowSource extends DataFlow::Node {
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll
@@ -12,7 +12,7 @@ private import semmle.code.csharp.frameworks.system.web.ui.WebControls
 private import semmle.code.csharp.frameworks.WCF
 private import semmle.code.csharp.frameworks.microsoft.Owin
 private import semmle.code.csharp.frameworks.microsoft.AspNetCore
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 /** A data flow source of remote user input. */
 abstract class RemoteFlowSource extends DataFlow::Node {
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll
@@ -3,7 +3,7 @@
  */
 
 import csharp
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 private import semmle.code.csharp.frameworks.system.data.Common
 private import semmle.code.csharp.frameworks.system.data.Entity
 private import semmle.code.csharp.frameworks.EntityFramework
diff --git a/csharp/ql/src/Metrics/Summaries/FrameworkCoverage.ql b/csharp/ql/src/Metrics/Summaries/FrameworkCoverage.ql
@@ -7,7 +7,7 @@
  */
 
 import csharp
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 from string namespaceAndType, int rows
 where
diff --git a/csharp/ql/src/Telemetry/ExternalApi.qll b/csharp/ql/src/Telemetry/ExternalApi.qll
@@ -2,10 +2,10 @@
 
 private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
-private import semmle.code.csharp.dataflow.ExternalFlow
 private import semmle.code.csharp.dataflow.FlowSummary
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
 private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
 private import semmle.code.csharp.security.dataflow.flowsources.Remote
diff --git a/csharp/ql/src/meta/frameworks/Coverage.ql b/csharp/ql/src/meta/frameworks/Coverage.ql
@@ -7,7 +7,7 @@
  */
 
 import csharp
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 from string namespace, int pkgs, string kind, string part, int n
 where modelCoverage(namespace, pkgs, kind, part, n)
diff --git a/csharp/ql/src/utils/modelconverter/ExtractNeutrals.ql b/csharp/ql/src/utils/modelconverter/ExtractNeutrals.ql
@@ -5,7 +5,7 @@
  */
 
 import csharp
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 from string package, string type, string name, string signature, string kind, string provenance
 where
diff --git a/csharp/ql/src/utils/modelconverter/ExtractSinks.ql b/csharp/ql/src/utils/modelconverter/ExtractSinks.ql
@@ -5,7 +5,7 @@
  */
 
 import csharp
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 from
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
diff --git a/csharp/ql/src/utils/modelconverter/ExtractSources.ql b/csharp/ql/src/utils/modelconverter/ExtractSources.ql
@@ -5,7 +5,7 @@
  */
 
 import csharp
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 from
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
diff --git a/csharp/ql/src/utils/modelconverter/ExtractSummaries.ql b/csharp/ql/src/utils/modelconverter/ExtractSummaries.ql
@@ -5,7 +5,7 @@
  */
 
 import csharp
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 from
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
diff --git a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll
@@ -1,5 +1,5 @@
 private import csharp
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
 private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
diff --git a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll
@@ -1,5 +1,5 @@
 private import csharp
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 private import semmle.code.csharp.frameworks.Test
 private import ModelEditor
 
diff --git a/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll b/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll
@@ -8,7 +8,7 @@ private import semmle.code.csharp.commons.Util as Util
 private import semmle.code.csharp.commons.Collections as Collections
 private import semmle.code.csharp.dataflow.internal.DataFlowDispatch
 private import semmle.code.csharp.frameworks.system.linq.Expressions
-import semmle.code.csharp.dataflow.ExternalFlow as ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow as ExternalFlow
 import semmle.code.csharp.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon
 import semmle.code.csharp.dataflow.internal.DataFlowPrivate as DataFlowPrivate
 
diff --git a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ql b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ql
@@ -3,7 +3,7 @@
  */
 
 import csharp
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 import Taint::PathGraph
 import ModelValidation
 
diff --git a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ql b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ql
@@ -1,6 +1,6 @@
 import csharp
 import DataFlow
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 import ModelValidation
 
 from DataFlow::Node node, string kind
diff --git a/csharp/ql/test/library-tests/dataflow/external-models/srcs.ql b/csharp/ql/test/library-tests/dataflow/external-models/srcs.ql
@@ -1,6 +1,6 @@
 import csharp
 import DataFlow
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 import ModelValidation
 
 from DataFlow::Node node, string kind
diff --git a/csharp/ql/test/library-tests/dataflow/external-models/steps.ql b/csharp/ql/test/library-tests/dataflow/external-models/steps.ql
@@ -1,6 +1,6 @@
 import csharp
 import DataFlow
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 import ModelValidation
 import semmle.code.csharp.dataflow.FlowSummary
 import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch
diff --git a/csharp/ql/test/library-tests/dataflow/external-models/validatemodels.ql b/csharp/ql/test/library-tests/dataflow/external-models/validatemodels.ql
@@ -1,5 +1,5 @@
 import csharp
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 import semmle.code.csharp.dataflow.internal.AccessPathSyntax
 import ModelValidation
 
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql
@@ -1,6 +1,6 @@
 import shared.FlowSummaries
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate::Csv
-private import semmle.code.csharp.dataflow.ExternalFlow
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 class IncludeFilteredSummarizedCallable extends IncludeSummarizedCallable instanceof SummarizedCallable
 {
diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql
@@ -1,6 +1,6 @@
 import semmle.code.csharp.frameworks.EntityFramework::EntityFramework
 import shared.FlowSummaries
-import semmle.code.csharp.dataflow.ExternalFlow as ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow as ExternalFlow
 
 private class IncludeEFSummarizedCallable extends IncludeSummarizedCallable instanceof EFSummarizedCallable
 { }
diff --git a/csharp/ql/test/library-tests/frameworks/sql/Sql1.ql b/csharp/ql/test/library-tests/frameworks/sql/Sql1.ql
@@ -1,5 +1,5 @@
 import semmle.code.csharp.frameworks.Sql
-import semmle.code.csharp.dataflow.ExternalFlow
+import semmle.code.csharp.dataflow.internal.ExternalFlow
 import semmle.code.csharp.dataflow.internal.DataFlowPublic
 
 query predicate sqlExpressions(SqlExpr se, Expr e) { se.getSql() = e }
