Update to latest dataflow shared library

Author: Alvaro Muñoz

ql/lib/codeql-pack.lock.yml

@@ -2,15 +2,15 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/controlflow:
-    version: 0.1.8
+    version: 1.0.0
   codeql/dataflow:
-    version: 0.1.8
+    version: 1.0.0
   codeql/ssa:
-    version: 0.2.8
+    version: 1.0.0
   codeql/typetracking:
-    version: 0.2.8
+    version: 1.0.0
   codeql/util:
-    version: 0.2.8
+    version: 1.0.0
   codeql/yaml:
-    version: 0.1.5
+    version: 1.0.0
 compiled: false

ql/lib/codeql/actions/DataFlow.qll

@@ -2,18 +2,21 @@
  * Provides classes for performing local (intra-procedural) and
  * global (inter-procedural) data flow analyses.
  */
+
+import codeql.Locations
+
 module DataFlow {
   private import codeql.dataflow.DataFlow
   private import codeql.actions.dataflow.internal.DataFlowImplSpecific
-  import DataFlowMake<ActionsDataFlow>
+  import DataFlowMake<Location, ActionsDataFlow>
   import codeql.actions.dataflow.internal.DataFlowPublic
   // debug
   private import codeql.actions.dataflow.internal.TaintTrackingImplSpecific
   import codeql.dataflow.internal.DataFlowImplConsistency as DFIC
 
-  module ActionsConsistency implements DFIC::InputSig<ActionsDataFlow> { }
+  module ActionsConsistency implements DFIC::InputSig<Location, ActionsDataFlow> { }
 
   module Consistency {
-    import DFIC::MakeConsistency<ActionsDataFlow, ActionsTaintTracking, ActionsConsistency>
+    import DFIC::MakeConsistency<Location, ActionsDataFlow, ActionsTaintTracking, ActionsConsistency>
   }
 }

ql/lib/codeql/actions/TaintTracking.qll

@@ -2,9 +2,12 @@
  * Provides classes for performing local (intra-procedural) and
  * global (inter-procedural) taint-tracking analyses.
  */
+
+import codeql.Locations
+
 module TaintTracking {
   private import codeql.actions.dataflow.internal.DataFlowImplSpecific
   private import codeql.actions.dataflow.internal.TaintTrackingImplSpecific
   private import codeql.dataflow.TaintTracking
-  import TaintFlowMake<ActionsDataFlow, ActionsTaintTracking>
+  import TaintFlowMake<Location, ActionsDataFlow, ActionsTaintTracking>
 }

ql/lib/codeql/actions/dataflow/internal/DataFlowImplSpecific.qll

@@ -4,8 +4,9 @@
  */
 
 private import codeql.dataflow.DataFlow
+private import codeql.Locations
 
-module ActionsDataFlow implements InputSig {
+module ActionsDataFlow implements InputSig<Location> {
   import DataFlowPrivate as Private
   import DataFlowPublic
   import Private

ql/lib/codeql/actions/dataflow/internal/DataFlowPrivate.qll

@@ -1,3 +1,4 @@
+private import codeql.util.Unit
 private import codeql.dataflow.DataFlow
 private import codeql.actions.Ast
 private import codeql.actions.Cfg as Cfg
@@ -8,6 +9,8 @@ private import codeql.actions.dataflow.ExternalFlow
 private import codeql.actions.dataflow.FlowSteps
 private import codeql.actions.dataflow.FlowSources
 
+class DataFlowSecondLevelScope = Unit;
+
 cached
 newtype TNode = TExprNode(DataFlowExpr e)
 
@@ -78,6 +81,9 @@ class DataFlowCall instanceof Cfg::Node {
   string getName() { result = super.getAstNode().(Uses).getCallee() }
 
   DataFlowCallable getEnclosingCallable() { result = super.getScope() }
+
+  /** Gets a best-effort total ordering. */
+  int totalorder() { none() }
 }
 
 /**
@@ -104,6 +110,9 @@ class DataFlowCallable instanceof Cfg::CfgScope {
                     .indexOf(["/action.yml", "/action.yaml"]))
       else none()
   }
+
+  /** Gets a best-effort total ordering. */
+  int totalorder() { none() }
 }
 
 newtype TReturnKind = TNormalReturn()
@@ -158,6 +167,19 @@ newtype TContent =
 
 predicate forceHighPrecision(Content c) { c instanceof FieldContent }
 
+class NodeRegion instanceof Unit {
+  string toString() { result = "NodeRegion" }
+
+  predicate contains(Node n) { none() }
+
+  int totalOrder() { result = 1 }
+}
+
+/**
+ * Holds if the nodes in `nr` are unreachable when the call context is `call`.
+ */
+predicate isUnreachableInCall(NodeRegion nr, DataFlowCall call) { none() }
+
 class ContentApprox = ContentSet;
 
 ContentApprox getContentApprox(Content c) { result = c }
@@ -287,9 +309,13 @@ predicate localFlowStep(Node nodeFrom, Node nodeTo) {
 }
 
 /**
- * a simple local flow step that should always preserve the call context (same callable)
+ * This is the local flow predicate that is used as a building block in global
+ * data flow.
  */
-predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { localFlowStep(nodeFrom, nodeTo) }
+cached
+predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) {
+  localFlowStep(nodeFrom, nodeTo) and model = ""
+}
 
 /**
  * Holds if data can flow from `node1` to `node2` through a non-local step
@@ -366,11 +392,6 @@ predicate clearsContent(Node n, ContentSet c) { none() }
  */
 predicate expectsContent(Node n, ContentSet c) { none() }
 
-/**
- * Holds if the node `n` is unreachable when the call context is `call`.
- */
-predicate isUnreachableInCall(Node n, DataFlowCall call) { none() }
-
 /**
  * Holds if flow is allowed to pass from parameter `p` and back to itself as a
  * side-effect, resulting in a summary from `p` to itself.
@@ -400,3 +421,7 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
  * This compression is normally done to not show SSA steps, casts, etc.
  */
 predicate neverSkipInPathGraph(Node node) { any() }
+
+predicate knownSourceModel(Node source, string model) { none() }
+
+predicate knownSinkModel(Node sink, string model) { none() }

ql/lib/codeql/actions/dataflow/internal/DataFlowPublic.qll

@@ -178,7 +178,7 @@ class FieldContent extends Content, TFieldContent {
 
 predicate hasLocalFlow(Node n1, Node n2) {
   n1 = n2 or
-  simpleLocalFlowStep(n1, n2) or
+  simpleLocalFlowStep(n1, n2, _) or
   exists(ContentSet c | ctxFieldReadStep(n1, n2, c))
 }
 

ql/lib/codeql/actions/dataflow/internal/TaintTrackingImplSpecific.qll

@@ -3,9 +3,10 @@
  * Implementation of https://github.com/github/codeql/blob/main/shared/dataflow/codeql/dataflow/TaintTracking.qll
  */
 
+private import codeql.Locations
 private import codeql.dataflow.TaintTracking
 private import DataFlowImplSpecific
 
-module ActionsTaintTracking implements InputSig<ActionsDataFlow> {
+module ActionsTaintTracking implements InputSig<Location, ActionsDataFlow> {
   import TaintTrackingPrivate
 }

ql/lib/codeql/actions/dataflow/internal/TaintTrackingPrivate.qll

@@ -14,12 +14,16 @@ private import codeql.actions.Ast
  */
 predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
 
+// predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
+//   any(AdditionalTaintStep s).step(nodeFrom, nodeTo)
+// }
 /**
  * Holds if the additional step from `nodeFrom` to `nodeTo` should be included
  * in all global taint flow configurations.
  */
-predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-  any(AdditionalTaintStep s).step(nodeFrom, nodeTo)
+cached
+predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) {
+  any(AdditionalTaintStep s).step(nodeFrom, nodeTo) and model = ""
 }
 
 /**

ql/lib/qlpack.gbo

@@ -4,10 +4,10 @@ warnOnImplicitThis: true
 name: githubsecuritylab/actions-all
 version: 0.0.33
 dependencies:
-  codeql/util: ^0.2.0
-  codeql/yaml: ^0.1.2
-  codeql/controlflow: ^0.1.0
-  codeql/dataflow: ^0.1.0
+  codeql/util: ^1.0.0
+  codeql/yaml: ^1.0.0
+  codeql/controlflow: ^1.0.0
+  codeql/dataflow: ^1.0.0
 dbscheme: yaml.dbscheme
 extractor: yaml
 groups: