Rust: Add Deprecated suffix to existing MaD extensible predicates

Author: hvitved

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll

@@ -44,24 +44,3 @@ private module Input implements InputSig<Location, RustDataFlow> {
 
 import MakeConsistency<Location, RustDataFlow, RustTaintTracking, Input>
 private import codeql.rust.dataflow.internal.ModelsAsData
-
-query predicate missingMadSummaryCanonicalPath(string crate, string path, Addressable a) {
-  summaryModel(crate, path, _, _, _, _, _) and
-  a.getCrateOrigin() = crate and
-  a.getExtendedCanonicalPath() = path and
-  not exists(a.getCanonicalPath())
-}
-
-query predicate missingMadSourceCanonicalPath(string crate, string path, Addressable a) {
-  sourceModel(crate, path, _, _, _, _) and
-  a.getCrateOrigin() = crate and
-  a.getExtendedCanonicalPath() = path and
-  not exists(a.getCanonicalPath())
-}
-
-query predicate missingMadSinkCanonicalPath(string crate, string path, Addressable a) {
-  sinkModel(crate, path, _, _, _, _) and
-  a.getCrateOrigin() = crate and
-  a.getExtendedCanonicalPath() = path and
-  not exists(a.getCanonicalPath())
-}

rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll

@@ -50,6 +50,8 @@ private import codeql.rust.dataflow.FlowSink
 private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
 
 /**
+ * DEPRECATED: Do not use.
+ *
  * Holds if in a call to the function with canonical path `path`, defined in the
  * crate `crate`, the value referred to by `output` is a flow source of the given
  * `kind`.
@@ -59,12 +61,14 @@ private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprB
  * For more information on the `kind` parameter, see
  * https://github.com/github/codeql/blob/main/docs/codeql/reusables/threat-model-description.rst.
  */
-extensible predicate sourceModel(
+extensible predicate sourceModelDeprecated(
   string crate, string path, string output, string kind, string provenance,
   QlBuiltins::ExtensionId madId
 );
 
 /**
+ * DEPRECATED: Do not use.
+ *
  * Holds if in a call to the function with canonical path `path`, defined in the
  * crate `crate`, the value referred to by `input` is a flow sink of the given
  * `kind`.
@@ -75,20 +79,22 @@ extensible predicate sourceModel(
  *
  * - `sql-injection`: a flow sink for SQL injection.
  */
-extensible predicate sinkModel(
+extensible predicate sinkModelDeprecated(
   string crate, string path, string input, string kind, string provenance,
   QlBuiltins::ExtensionId madId
 );
 
 /**
+ * DEPRECATED: Do not use.
+ *
  * Holds if in a call to the function with canonical path `path`, defined in the
  * crate `crate`, the value referred to by `input` can flow to the value referred
  * to by `output`.
  *
  * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving
  * steps, respectively.
  */
-extensible predicate summaryModel(
+extensible predicate summaryModelDeprecated(
   string crate, string path, string input, string output, string kind, string provenance,
   QlBuiltins::ExtensionId madId
 );
@@ -100,27 +106,27 @@ extensible predicate summaryModel(
  */
 predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
   exists(string crate, string path, string output, string kind |
-    sourceModel(crate, path, kind, output, _, madId) and
+    sourceModelDeprecated(crate, path, kind, output, _, madId) and
     model = "Source: " + crate + "; " + path + "; " + output + "; " + kind
   )
   or
   exists(string crate, string path, string input, string kind |
-    sinkModel(crate, path, kind, input, _, madId) and
+    sinkModelDeprecated(crate, path, kind, input, _, madId) and
     model = "Sink: " + crate + "; " + path + "; " + input + "; " + kind
   )
   or
   exists(string type, string path, string input, string output, string kind |
-    summaryModel(type, path, input, output, kind, _, madId) and
+    summaryModelDeprecated(type, path, input, output, kind, _, madId) and
     model = "Summary: " + type + "; " + path + "; " + input + "; " + output + "; " + kind
   )
 }
 
-private class SummarizedCallableFromModel extends SummarizedCallable::Range {
+private class SummarizedCallableFromModelDeprecated extends SummarizedCallable::Range {
   private string crate;
   private string path;
 
-  SummarizedCallableFromModel() {
-    summaryModel(crate, path, _, _, _, _, _) and
+  SummarizedCallableFromModelDeprecated() {
+    summaryModelDeprecated(crate, path, _, _, _, _, _) and
     exists(CallExprBase call, Resolvable r |
       call.getStaticTarget() = this and
       r = CallExprBaseImpl::getCallResolvable(call) and
@@ -133,7 +139,7 @@ private class SummarizedCallableFromModel extends SummarizedCallable::Range {
     string input, string output, boolean preservesValue, string model
   ) {
     exists(string kind, QlBuiltins::ExtensionId madId |
-      summaryModel(crate, path, input, output, kind, _, madId) and
+      summaryModelDeprecated(crate, path, input, output, kind, _, madId) and
       model = "MaD:" + madId.toString()
     |
       kind = "value" and
@@ -145,35 +151,35 @@ private class SummarizedCallableFromModel extends SummarizedCallable::Range {
   }
 }
 
-private class FlowSourceFromModel extends FlowSource::Range {
+private class FlowSourceFromModelDeprecated extends FlowSource::Range {
   private string crate;
   private string path;
 
-  FlowSourceFromModel() {
-    sourceModel(crate, path, _, _, _, _) and
+  FlowSourceFromModelDeprecated() {
+    sourceModelDeprecated(crate, path, _, _, _, _) and
     this.callResolvesTo(crate, path)
   }
 
   override predicate isSource(string output, string kind, Provenance provenance, string model) {
     exists(QlBuiltins::ExtensionId madId |
-      sourceModel(crate, path, output, kind, provenance, madId) and
+      sourceModelDeprecated(crate, path, output, kind, provenance, madId) and
       model = "MaD:" + madId.toString()
     )
   }
 }
 
-private class FlowSinkFromModel extends FlowSink::Range {
+private class FlowSinkFromModelDeprecated extends FlowSink::Range {
   private string crate;
   private string path;
 
-  FlowSinkFromModel() {
-    sinkModel(crate, path, _, _, _, _) and
+  FlowSinkFromModelDeprecated() {
+    sinkModelDeprecated(crate, path, _, _, _, _) and
     this.callResolvesTo(crate, path)
   }
 
   override predicate isSink(string input, string kind, Provenance provenance, string model) {
     exists(QlBuiltins::ExtensionId madId |
-      sinkModel(crate, path, input, kind, provenance, madId) and
+      sinkModelDeprecated(crate, path, input, kind, provenance, madId) and
       model = "MaD:" + madId.toString()
     )
   }

rust/ql/lib/codeql/rust/dataflow/internal/empty.model.yml

@@ -3,15 +3,15 @@ extensions:
   # to avoid errors about undefined extensionals.
   - addsTo:
       pack: codeql/rust-all
-      extensible: sourceModel
+      extensible: sourceModelDeprecated
     data: []
 
   - addsTo:
       pack: codeql/rust-all
-      extensible: sinkModel
+      extensible: sinkModelDeprecated
     data: []
 
   - addsTo:
       pack: codeql/rust-all
-      extensible: summaryModel
+      extensible: summaryModelDeprecated
     data: []

rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml

@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/rust-all
-      extensible: sourceModel
+      extensible: sourceModelDeprecated
     data:
       - ["repo:https://github.com/async-rs/async-std:async-std", "<crate::net::tcp::stream::TcpStream>::connect", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"]

rust/ql/lib/codeql/rust/frameworks/futures.model.yml

@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/rust-all
-      extensible: summaryModel
+      extensible: summaryModelDeprecated
     data:
       - ["repo:https://github.com/rust-lang/futures-rs:futures-executor", "crate::local_pool::block_on", "Argument[0]", "ReturnValue", "value", "manual"]
       - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "<crate::io::buf_reader::BufReader>::new", "Argument[0]", "ReturnValue", "taint", "manual"]

rust/ql/lib/codeql/rust/frameworks/http.model.yml

@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/rust-all
-      extensible: sourceModel
+      extensible: sourceModelDeprecated
     data:
       - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::conn::http1::SendRequest>::send_request", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"]
       - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::conn::http2::SendRequest>::send_request", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"]

rust/ql/lib/codeql/rust/frameworks/libc.model.yml

@@ -1,12 +1,12 @@
 extensions:
   - addsTo:
       pack: codeql/rust-all
-      extensible: sourceModel
+      extensible: sourceModelDeprecated
     data:
       - ["repo:https://github.com/rust-lang/libc:libc", "::free", "Argument[0]", "pointer-invalidate", "manual"]
   - addsTo:
       pack: codeql/rust-all
-      extensible: sinkModel
+      extensible: sinkModelDeprecated
     data:
       - ["repo:https://github.com/rust-lang/libc:libc", "::malloc", "Argument[0]", "alloc-size", "manual"]
       - ["repo:https://github.com/rust-lang/libc:libc", "::aligned_alloc", "Argument[1]", "alloc-size", "manual"]

rust/ql/lib/codeql/rust/frameworks/log.model.yml

@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/rust-all
-      extensible: sinkModel
+      extensible: sinkModelDeprecated
     data:
       - ["repo:https://github.com/rust-lang/log:log", "crate::__private_api::log", "Argument[0]", "log-injection", "manual"] # logger / args (pre v0.4.27)
       - ["repo:https://github.com/rust-lang/log:log", "crate::__private_api::log", "Argument[1]", "log-injection", "manual"] # args / level (pre v0.4.27)

rust/ql/lib/codeql/rust/frameworks/postgres.model.yml

@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: codeql/rust-all
-      extensible: sinkModel
+      extensible: sinkModelDeprecated
     data:
       - ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::execute", "Argument[0]", "sql-injection", "manual"]
       - ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::batch_execute", "Argument[0]", "sql-injection", "manual"]

rust/ql/lib/codeql/rust/frameworks/regex.model.yml

@@ -2,6 +2,6 @@
 extensions:
   - addsTo:
       pack: codeql/rust-all
-      extensible: summaryModel
+      extensible: summaryModelDeprecated
     data:
       - ["repo:https://github.com/rust-lang/regex:regex", "crate::escape", "Argument[0].Reference", "ReturnValue", "taint", "manual"]