Move from yaml to js extractor

Author: Alvaro Muñoz

.!79690!.DS_Store

@@ -1,16 +1,24 @@
 ---
 lockVersion: 1.0.0
 dependencies:
-  codeql/controlflow:
-    version: 1.0.0
   codeql/dataflow:
     version: 1.0.0
+  codeql/javascript-all:
+    version: 1.0.0
+  codeql/mad:
+    version: 1.0.0
+  codeql/regex:
+    version: 1.0.0
   codeql/ssa:
     version: 1.0.0
+  codeql/tutorial:
+    version: 1.0.0
   codeql/typetracking:
     version: 1.0.0
   codeql/util:
     version: 1.0.0
+  codeql/xml:
+    version: 1.0.0
   codeql/yaml:
     version: 1.0.0
 compiled: false

ql/lib/codeql-pack.lock.yml

@@ -55,8 +55,8 @@ predicate externallyTriggerableEventsDataModel(string event) {
  *    - output arg: To node (prefixed with either `env.` or `output.`)
  *    - provenance: verification of the model
  */
-predicate sourceModel(string action, string version, string output, string kind, string provenance) {
-  Extensions::sourceModel(action, version, output, kind, provenance)
+predicate actionsSourceModel(string action, string version, string output, string kind, string provenance) {
+  Extensions::actionsSourceModel(action, version, output, kind, provenance)
 }
 
 /**
@@ -69,10 +69,10 @@ predicate sourceModel(string action, string version, string output, string kind,
  *    - kind: Either 'Taint' or 'Value'
  *    - provenance: verification of the model
  */
-predicate summaryModel(
+predicate actionsSummaryModel(
   string action, string version, string input, string output, string kind, string provenance
 ) {
-  Extensions::summaryModel(action, version, input, output, kind, provenance)
+  Extensions::actionsSummaryModel(action, version, input, output, kind, provenance)
 }
 
 /**
@@ -84,13 +84,13 @@ predicate summaryModel(
  *    - kind: sink kind
  *    - provenance: verification of the model
  */
-predicate sinkModel(string action, string version, string input, string kind, string provenance) {
-  Extensions::sinkModel(action, version, input, kind, provenance)
+predicate actionsSinkModel(string action, string version, string input, string kind, string provenance) {
+  Extensions::actionsSinkModel(action, version, input, kind, provenance)
 }
 
 predicate externallyDefinedSource(DataFlow::Node source, string sourceType, string fieldName) {
   exists(Uses uses, string action, string version, string kind |
-    sourceModel(action, version, fieldName, kind, _) and
+    actionsSourceModel(action, version, fieldName, kind, _) and
     uses.getCallee() = action.toLowerCase() and
     (
       if version.trim() = "*"
@@ -113,7 +113,7 @@ predicate externallyDefinedStoreStep(
   DataFlow::Node pred, DataFlow::Node succ, DataFlow::ContentSet c
 ) {
   exists(Uses uses, string action, string version, string input, string output |
-    summaryModel(action, version, input, output, "taint", _) and
+    actionsSummaryModel(action, version, input, output, "taint", _) and
     c = any(DataFlow::FieldContent ct | ct.getName() = output.replaceAll("output.", "")) and
     uses.getCallee() = action.toLowerCase() and
     (
@@ -135,7 +135,7 @@ predicate externallyDefinedStoreStep(
 
 predicate externallyDefinedSink(DataFlow::Node sink, string kind) {
   exists(Uses uses, string action, string version, string input |
-    sinkModel(action, version, input, kind, _) and
+    actionsSinkModel(action, version, input, kind, _) and
     uses.getCallee() = action.toLowerCase() and
     (
       if input.trim().matches("env.%")

ql/lib/codeql/actions/dataflow/ExternalFlow.qll

@@ -5,21 +5,21 @@
 /**
  * Holds if a source model exists for the given parameters.
  */
-extensible predicate sourceModel(
+extensible predicate actionsSourceModel(
   string action, string version, string output, string kind, string provenance
 );
 
 /**
  * Holds if a summary model exists for the given parameters.
  */
-extensible predicate summaryModel(
+extensible predicate actionsSummaryModel(
   string action, string version, string input, string output, string kind, string provenance
 );
 
 /**
  * Holds if a sink model exists for the given parameters.
  */
-extensible predicate sinkModel(
+extensible predicate actionsSinkModel(
   string action, string version, string input, string kind, string provenance
 );
 

ql/lib/codeql/actions/dataflow/internal/ExternalFlowExtensions.qll

@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
     data:
       - ["8398a7/action-slack", "*", "input.custom_payload", "code-injection", "manual"]

ql/lib/ext/8398a7_action-slack.model.yml

@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
     data:
       - ["SonarSource/sonarcloud-github-action", "*", "input.args", "secret-exfiltration", "manual"]
 

ql/lib/ext/SonarSource_sonarcloud-github-action.model.yml

@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
     data:
       - ["actions/github-script", "*", "input.script", "code-injection", "manual"]

ql/lib/ext/actions_github-script.model.yml

@@ -1,7 +1,7 @@
 extensions:
   - addsTo:
       pack: githubsecuritylab/actions-all
-      extensible: sourceModel
+      extensible: actionsSourceModel
     data:
       - ["ahmadnassri/action-changed-files", "*", "output.files", "filename", "manual"]
       - ["ahmadnassri/action-changed-files", "*", "output.json", "json", "manual"]

ql/lib/ext/ahmadnassri_action-changed-files.model.yml

@@ -1,12 +1,12 @@
 extensions:
   - addsTo:
       pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
     data:
       - ["akhileshns/heroku-deploy", "*", "input.branch", "output.status", "taint", "manual"]
   - addsTo:
       pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
     data:
       - ["akhileshns/heroku-deploy", "*", "input.heroku_app_name", "command-injection", "manual"]
       - ["akhileshns/heroku-deploy", "*", "input.buildpack", "command-injection", "manual"]

ql/lib/ext/akhileshns_heroku-deploy.model.yml

@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: githubsecuritylab/actions-all
-      extensible: sourceModel
+      extensible: actionsSourceModel
     data:
       - ["amannn/action-semantic-pull-request", "*", "output.error_message", "text", "manual"]