C#: Initial steps to allow generated as a part of the kind.

michaelnebel · michaelnebel · commit 4d953da48070 · 2022-04-05T08:55:11.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
@@ -165,7 +165,7 @@ private predicate summaryModel(string row) { any(SummaryModelCsv s).row(row) }
 /** Holds if a source model exists for the given parameters. */
 predicate sourceModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string output, string kind
+  string output, string kind, boolean generated
 ) {
   exists(string row |
     sourceModel(row) and
@@ -177,14 +177,15 @@ predicate sourceModel(
     row.splitAt(";", 4) = signature and
     row.splitAt(";", 5) = ext and
     row.splitAt(";", 6) = output and
-    row.splitAt(";", 7) = kind
+    row.splitAt(";", 7) = kind and
+    generated = false
   )
 }
 
 /** Holds if a sink model exists for the given parameters. */
 predicate sinkModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string kind
+  string input, string kind, boolean generated
 ) {
   exists(string row |
     sinkModel(row) and
@@ -196,14 +197,15 @@ predicate sinkModel(
     row.splitAt(";", 4) = signature and
     row.splitAt(";", 5) = ext and
     row.splitAt(";", 6) = input and
-    row.splitAt(";", 7) = kind
+    row.splitAt(";", 7) = kind and
+    generated = false
   )
 }
 
 /** Holds if a summary model exists for the given parameters. */
 predicate summaryModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string output, string kind
+  string input, string output, string kind, boolean generated
 ) {
   exists(string row |
     summaryModel(row) and
@@ -216,14 +218,15 @@ predicate summaryModel(
     row.splitAt(";", 5) = ext and
     row.splitAt(";", 6) = input and
     row.splitAt(";", 7) = output and
-    row.splitAt(";", 8) = kind
+    row.splitAt(";", 8) = kind and
+    generated = false // We need to split the "kind" field on ":".
   )
 }
 
 private predicate relevantNamespace(string namespace) {
-  sourceModel(namespace, _, _, _, _, _, _, _) or
-  sinkModel(namespace, _, _, _, _, _, _, _) or
-  summaryModel(namespace, _, _, _, _, _, _, _, _)
+  sourceModel(namespace, _, _, _, _, _, _, _, _) or
+  sinkModel(namespace, _, _, _, _, _, _, _, _) or
+  summaryModel(namespace, _, _, _, _, _, _, _, _, _)
 }
 
 private predicate namespaceLink(string shortns, string longns) {
@@ -251,25 +254,25 @@ predicate modelCoverage(string namespace, int namespaces, string kind, string pa
     part = "source" and
     n =
       strictcount(string subns, string type, boolean subtypes, string name, string signature,
-        string ext, string output |
+        string ext, string output, boolean generated |
         canonicalNamespaceLink(namespace, subns) and
-        sourceModel(subns, type, subtypes, name, signature, ext, output, kind)
+        sourceModel(subns, type, subtypes, name, signature, ext, output, kind, generated)
       )
     or
     part = "sink" and
     n =
       strictcount(string subns, string type, boolean subtypes, string name, string signature,
-        string ext, string input |
+        string ext, string input, boolean generated |
         canonicalNamespaceLink(namespace, subns) and
-        sinkModel(subns, type, subtypes, name, signature, ext, input, kind)
+        sinkModel(subns, type, subtypes, name, signature, ext, input, kind, generated)
       )
     or
     part = "summary" and
     n =
       strictcount(string subns, string type, boolean subtypes, string name, string signature,
-        string ext, string input, string output |
+        string ext, string input, string output, boolean generated |
         canonicalNamespaceLink(namespace, subns) and
-        summaryModel(subns, type, subtypes, name, signature, ext, input, output, kind)
+        summaryModel(subns, type, subtypes, name, signature, ext, input, output, kind, generated)
       )
   )
 }
@@ -279,11 +282,11 @@ module CsvValidation {
   /** Holds if some row in a CSV-based flow model appears to contain typos. */
   query predicate invalidModelRow(string msg) {
     exists(string pred, string namespace, string type, string name, string signature, string ext |
-      sourceModel(namespace, type, _, name, signature, ext, _, _) and pred = "source"
+      sourceModel(namespace, type, _, name, signature, ext, _, _, _) and pred = "source"
       or
-      sinkModel(namespace, type, _, name, signature, ext, _, _) and pred = "sink"
+      sinkModel(namespace, type, _, name, signature, ext, _, _, _) and pred = "sink"
       or
-      summaryModel(namespace, type, _, name, signature, ext, _, _, _) and pred = "summary"
+      summaryModel(namespace, type, _, name, signature, ext, _, _, _, _) and pred = "summary"
     |
       not namespace.regexpMatch("[a-zA-Z0-9_\\.]+") and
       msg = "Dubious namespace \"" + namespace + "\" in " + pred + " model."
@@ -302,9 +305,9 @@ module CsvValidation {
     )
     or
     exists(string pred, AccessPath input, string part |
-      sinkModel(_, _, _, _, _, _, input, _) and pred = "sink"
+      sinkModel(_, _, _, _, _, _, input, _, _) and pred = "sink"
       or
-      summaryModel(_, _, _, _, _, _, input, _, _) and pred = "summary"
+      summaryModel(_, _, _, _, _, _, input, _, _, _) and pred = "summary"
     |
       (
         invalidSpecComponent(input, part) and
@@ -319,9 +322,9 @@ module CsvValidation {
     )
     or
     exists(string pred, string output, string part |
-      sourceModel(_, _, _, _, _, _, output, _) and pred = "source"
+      sourceModel(_, _, _, _, _, _, output, _, _) and pred = "source"
       or
-      summaryModel(_, _, _, _, _, _, _, output, _) and pred = "summary"
+      summaryModel(_, _, _, _, _, _, _, output, _, _) and pred = "summary"
     |
       invalidSpecComponent(output, part) and
       not part = "" and
@@ -353,7 +356,7 @@ module CsvValidation {
     or
     exists(string row, string kind | summaryModel(row) |
       kind = row.splitAt(";", 8) and
-      not kind = ["taint", "value"] and
+      not kind = ["taint", "value", "generated:taint", "generated:value"] and
       msg = "Invalid kind \"" + kind + "\" in summary model."
     )
     or
@@ -374,9 +377,9 @@ module CsvValidation {
 private predicate elementSpec(
   string namespace, string type, boolean subtypes, string name, string signature, string ext
 ) {
-  sourceModel(namespace, type, subtypes, name, signature, ext, _, _) or
-  sinkModel(namespace, type, subtypes, name, signature, ext, _, _) or
-  summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _)
+  sourceModel(namespace, type, subtypes, name, signature, ext, _, _, _) or
+  sinkModel(namespace, type, subtypes, name, signature, ext, _, _, _) or
+  summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _)
 }
 
 private predicate elementSpec(
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -91,7 +91,7 @@ predicate summaryElement(DataFlowCallable c, string input, string output, string
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
   |
-    summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind) and
+    summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, _) and
     c = interpretElement(namespace, type, subtypes, name, signature, ext)
   )
 }
@@ -104,7 +104,7 @@ predicate sourceElement(Element e, string output, string kind) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
   |
-    sourceModel(namespace, type, subtypes, name, signature, ext, output, kind) and
+    sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, _) and
     e = interpretElement(namespace, type, subtypes, name, signature, ext)
   )
 }
@@ -117,7 +117,7 @@ predicate sinkElement(Element e, string input, string kind) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
   |
-    sinkModel(namespace, type, subtypes, name, signature, ext, input, kind) and
+    sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, _) and
     e = interpretElement(namespace, type, subtypes, name, signature, ext)
   )
 }

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ predicate summaryElement(DataFlowCallable c, string input, string output, string`
`91`	`91`	`exists(`
`92`	`92`	`string namespace, string type, boolean subtypes, string name, string signature, string ext`
`93`	`93`	`\|`
`94`		`- summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind) and`
	`94`	`+ summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, _) and`
`95`	`95`	`c = interpretElement(namespace, type, subtypes, name, signature, ext)`
`96`	`96`	`)`
`97`	`97`	`}`
`@@ -104,7 +104,7 @@ predicate sourceElement(Element e, string output, string kind) {`
`104`	`104`	`exists(`
`105`	`105`	`string namespace, string type, boolean subtypes, string name, string signature, string ext`
`106`	`106`	`\|`
`107`		`- sourceModel(namespace, type, subtypes, name, signature, ext, output, kind) and`
	`107`	`+ sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, _) and`
`108`	`108`	`e = interpretElement(namespace, type, subtypes, name, signature, ext)`
`109`	`109`	`)`
`110`	`110`	`}`
`@@ -117,7 +117,7 @@ predicate sinkElement(Element e, string input, string kind) {`
`117`	`117`	`exists(`
`118`	`118`	`string namespace, string type, boolean subtypes, string name, string signature, string ext`
`119`	`119`	`\|`
`120`		`- sinkModel(namespace, type, subtypes, name, signature, ext, input, kind) and`
	`120`	`+ sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, _) and`
`121`	`121`	`e = interpretElement(namespace, type, subtypes, name, signature, ext)`
`122`	`122`	`)`
`123`	`123`	`}`