Java/Ruby: Hardcode generated flag to false.

michaelnebel · michaelnebel · commit 784327c1839a · 2022-04-05T08:55:12.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -86,7 +86,7 @@ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) {
 /**
  * Holds if an external flow summary exists for `c` with input specification
  * `input`, output specification `output`, kind `kind`, and a flag `generated`
- * stating whether the summary is autogenerated or not.
+ * stating whether the summary is autogenerated.
  */
 predicate summaryElement(
   DataFlowCallable c, string input, string output, string kind, boolean generated
@@ -101,8 +101,8 @@ predicate summaryElement(
 
 /**
  * Holds if an external source specification exists for `e` with output specification
- * `output`, kind `kind`, and a flag `generated` stating whether the summary is
- * autogenerated or not.
+ * `output`, kind `kind`, and a flag `generated` stating whether the source specification is
+ * autogenerated.
  */
 predicate sourceElement(Element e, string output, string kind, boolean generated) {
   exists(
@@ -114,9 +114,9 @@ predicate sourceElement(Element e, string output, string kind, boolean generated
 }
 
 /**
- * Holds if an external sink specification exists for `n` with input specification
- * `input`, kind `kind` and a flag `generated` stating whether the summary is
- * autogenerated or not..
+ * Holds if an external sink specification exists for `e` with input specification
+ * `input`, kind `kind` and a flag `generated` stating whether the sink specification is
+ * autogenerated.
  */
 predicate sinkElement(Element e, string input, string kind, boolean generated) {
   exists(
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -53,14 +53,18 @@ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) {
 
 /**
  * Holds if an external flow summary exists for `c` with input specification
- * `input`, output specification `output`, and kind `kind`.
+ * `input`, output specification `output`, kind `kind`, and a flag `generated`
+ * stating whether the summary is autogenerated.
  */
-predicate summaryElement(DataFlowCallable c, string input, string output, string kind) {
+predicate summaryElement(
+  DataFlowCallable c, string input, string output, string kind, boolean generated
+) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
   |
     summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind) and
-    c.asCallable() = interpretElement(namespace, type, subtypes, name, signature, ext)
+    c.asCallable() = interpretElement(namespace, type, subtypes, name, signature, ext) and
+    generated = false
   )
 }
 
@@ -112,27 +116,31 @@ class SourceOrSinkElement = Top;
 
 /**
  * Holds if an external source specification exists for `e` with output specification
- * `output` and kind `kind`.
+ * `output`, kind `kind`, and a flag `generated` stating whether the source specification is
+ * autogenerated.
  */
-predicate sourceElement(SourceOrSinkElement e, string output, string kind) {
+predicate sourceElement(SourceOrSinkElement e, string output, string kind, boolean generated) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
   |
     sourceModel(namespace, type, subtypes, name, signature, ext, output, kind) and
-    e = interpretElement(namespace, type, subtypes, name, signature, ext)
+    e = interpretElement(namespace, type, subtypes, name, signature, ext) and
+    generated = false
   )
 }
 
 /**
  * Holds if an external sink specification exists for `e` with input specification
- * `input` and kind `kind`.
+ * `input`, kind `kind` and a flag `generated` stating whether the sink specification is
+ * autogenerated.
  */
-predicate sinkElement(SourceOrSinkElement e, string input, string kind) {
+predicate sinkElement(SourceOrSinkElement e, string input, string kind, boolean generated) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
   |
     sinkModel(namespace, type, subtypes, name, signature, ext, input, kind) and
-    e = interpretElement(namespace, type, subtypes, name, signature, ext)
+    e = interpretElement(namespace, type, subtypes, name, signature, ext) and
+    generated = false
   )
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -42,13 +42,17 @@ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { any() }
 
 /**
  * Holds if an external flow summary exists for `c` with input specification
- * `input`, output specification `output`, and kind `kind`.
+ * `input`, output specification `output`, kind `kind`, and a flag `generated`
+ * stating whether the summary is autogenerated.
  */
-predicate summaryElement(DataFlowCallable c, string input, string output, string kind) {
+predicate summaryElement(
+  DataFlowCallable c, string input, string output, string kind, boolean generated
+) {
   exists(FlowSummary::SummarizedCallable sc, boolean preservesValue |
     sc.propagatesFlowExt(input, output, preservesValue) and
     c.asLibraryCallable() = sc and
-    if preservesValue = true then kind = "value" else kind = "taint"
+    (if preservesValue = true then kind = "value" else kind = "taint") and
+    generated = false
   )
 }
 
@@ -128,16 +132,18 @@ NormalReturnKind getReturnValueKind() { any() }
  */
 private module UnusedSourceSinkInterpretation {
   /**
-   * Holds if an external source specification exists for `e` with output specification
-   * `output` and kind `kind`.
+   * Holds if an external source specification exists for `n` with output specification
+   * `output`, kind `kind`, and a flag `generated` stating whether the source specification is
+   * autogenerated.
    */
-  predicate sourceElement(AstNode n, string output, string kind) { none() }
+  predicate sourceElement(AstNode n, string output, string kind, boolean generated) { none() }
 
   /**
    * Holds if an external sink specification exists for `n` with input specification
-   * `input` and kind `kind`.
+   * `input`, kind `kind` and a flag `generated` stating whether the sink specification is
+   * autogenerated.
    */
-  predicate sinkElement(AstNode n, string input, string kind) { none() }
+  predicate sinkElement(AstNode n, string input, string kind, boolean generated) { none() }
 
   class SourceOrSinkElement = AstNode;
 
