Python: Use FlowSummaryImpl from dataflow pack

Author: hvitved

config/identical-files.json

@@ -56,7 +56,6 @@
   "DataFlow Java/C#/Go/Ruby/Python/Swift Flow Summaries": [
     "java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll",
     "go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll",
     "swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll"
   ],
   "SsaReadPosition Java/C#": [
@@ -467,7 +466,6 @@
   "AccessPathSyntax": [
     "go/ql/lib/semmle/go/dataflow/internal/AccessPathSyntax.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/AccessPathSyntax.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/AccessPathSyntax.qll",
     "swift/ql/lib/codeql/swift/dataflow/internal/AccessPathSyntax.qll"
   ],
   "IncompleteUrlSubstringSanitization": [

python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll

@@ -13,83 +13,29 @@ private module Summaries {
   private import semmle.python.Frameworks
 }
 
-class SummaryComponent = Impl::Public::SummaryComponent;
+deprecated class SummaryComponent = Impl::Private::SummaryComponent;
 
 /** Provides predicates for constructing summary components. */
-module SummaryComponent {
-  private import Impl::Public::SummaryComponent as SC
+deprecated module SummaryComponent = Impl::Private::SummaryComponent;
 
-  predicate parameter = SC::parameter/1;
+deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack;
 
-  predicate argument = SC::argument/1;
-
-  predicate content = SC::content/1;
-
-  /** Gets a summary component that represents a list element. */
-  SummaryComponent listElement() { result = content(any(ListElementContent c)) }
-
-  /** Gets a summary component that represents a set element. */
-  SummaryComponent setElement() { result = content(any(SetElementContent c)) }
-
-  /** Gets a summary component that represents a tuple element. */
-  SummaryComponent tupleElement(int index) {
-    exists(TupleElementContent c | c.getIndex() = index and result = content(c))
-  }
-
-  /** Gets a summary component that represents a dictionary element. */
-  SummaryComponent dictionaryElement(string key) {
-    exists(DictionaryElementContent c | c.getKey() = key and result = content(c))
-  }
-
-  /** Gets a summary component that represents a dictionary element at any key. */
-  SummaryComponent dictionaryElementAny() { result = content(any(DictionaryElementAnyContent c)) }
-
-  /** Gets a summary component that represents an attribute element. */
-  SummaryComponent attribute(string attr) {
-    exists(AttributeContent c | c.getAttribute() = attr and result = content(c))
-  }
-
-  /** Gets a summary component that represents the return value of a call. */
-  SummaryComponent return() { result = SC::return(any(ReturnKind rk)) }
-}
-
-class SummaryComponentStack = Impl::Public::SummaryComponentStack;
-
-/** Provides predicates for constructing stacks of summary components. */
-module SummaryComponentStack {
-  private import Impl::Public::SummaryComponentStack as SCS
-
-  predicate singleton = SCS::singleton/1;
-
-  predicate push = SCS::push/2;
-
-  predicate argument = SCS::argument/1;
-
-  /** Gets a singleton stack representing the return value of a call. */
-  SummaryComponentStack return() { result = singleton(SummaryComponent::return()) }
-}
+deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack;
 
 /** A callable with a flow summary, identified by a unique string. */
 abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable {
   bindingset[this]
   SummarizedCallable() { any() }
 
   /**
-   * Same as
-   *
-   * ```ql
-   * propagatesFlow(
-   *   SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
-   * )
-   * ```
-   *
-   * but uses an external (string) representation of the input and output stacks.
+   * DEPRECATED: Use `propagatesFlow` instead.
    */
-  pragma[nomagic]
-  predicate propagatesFlowExt(string input, string output, boolean preservesValue) { none() }
+  deprecated predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+    this.propagatesFlow(input, output, preservesValue)
+  }
 }
 
-class RequiredSummaryComponentStack = Impl::Public::RequiredSummaryComponentStack;
+deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack;
 
 private class SummarizedCallableFromModel extends SummarizedCallable {
   string type;
@@ -109,7 +55,7 @@ private class SummarizedCallableFromModel extends SummarizedCallable {
     )
   }
 
-  override predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
+  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
     exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind) |
       kind = "value" and
       preservesValue = true

python/ql/lib/semmle/python/dataflow/new/internal/AccessPathSyntax.qll

@@ -36,7 +36,6 @@ private import python
 private import DataFlowPublic
 private import DataFlowPrivate
 private import FlowSummaryImpl as FlowSummaryImpl
-private import FlowSummaryImplSpecific as FlowSummaryImplSpecific
 private import semmle.python.internal.CachedStages
 private import semmle.python.dataflow.new.internal.TypeTracker::CallGraphConstruction as CallGraphConstruction
 
@@ -49,13 +48,13 @@ newtype TParameterPosition =
     // since synthetic parameters are made for a synthetic summary callable, based on
     // what Argument positions they have flow for, we need to make sure we have such
     // parameter positions available.
-    FlowSummaryImplSpecific::ParsePositions::isParsedPositionalArgumentPosition(_, index)
+    FlowSummaryImpl::ParsePositions::isParsedPositionalArgumentPosition(_, index)
   } or
   TKeywordParameterPosition(string name) {
     name = any(Parameter p).getName()
     or
     // see comment for TPositionalParameterPosition
-    FlowSummaryImplSpecific::ParsePositions::isParsedKeywordArgumentPosition(_, name)
+    FlowSummaryImpl::ParsePositions::isParsedKeywordArgumentPosition(_, name)
   } or
   TStarArgsParameterPosition(int index) {
     // since `.getPosition` does not work for `*args`, we need *args parameter positions
@@ -136,13 +135,13 @@ newtype TArgumentPosition =
     // since synthetic calls within a summarized callable could use a unique argument
     // position, we need to ensure we make these available (these are specified as
     // parameters in the flow-summary spec)
-    FlowSummaryImplSpecific::ParsePositions::isParsedPositionalParameterPosition(_, index)
+    FlowSummaryImpl::ParsePositions::isParsedPositionalParameterPosition(_, index)
   } or
   TKeywordArgumentPosition(string name) {
     exists(any(CallNode c).getArgByName(name))
     or
     // see comment for TPositionalArgumentPosition
-    FlowSummaryImplSpecific::ParsePositions::isParsedKeywordParameterPosition(_, name)
+    FlowSummaryImpl::ParsePositions::isParsedKeywordParameterPosition(_, name)
   } or
   TStarArgsArgumentPosition(int index) {
     exists(Call c | c.getPositionalArg(index) instanceof Starred)
@@ -1559,12 +1558,15 @@ private class SummaryReturnNode extends FlowSummaryNode, ReturnNode {
 }
 
 private class SummaryArgumentNode extends FlowSummaryNode, ArgumentNode {
+  private SummaryCall call_;
+  private ArgumentPosition pos_;
+
   SummaryArgumentNode() {
-    FlowSummaryImpl::Private::summaryArgumentNode(_, this.getSummaryNode(), _)
+    FlowSummaryImpl::Private::summaryArgumentNode(call_.getReceiver(), this.getSummaryNode(), _)
   }
 
   override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) {
-    FlowSummaryImpl::Private::summaryArgumentNode(call, this.getSummaryNode(), pos)
+    call = call_ and pos = pos_
   }
 }
 
@@ -1662,10 +1664,16 @@ private module OutNodes {
   }
 
   private class SummaryOutNode extends FlowSummaryNode, OutNode {
-    SummaryOutNode() { FlowSummaryImpl::Private::summaryOutNode(_, this.getSummaryNode(), _) }
+    private SummaryCall call;
+    private ReturnKind kind_;
+
+    SummaryOutNode() {
+      FlowSummaryImpl::Private::summaryOutNode(call.getReceiver(), this.getSummaryNode(), kind_)
+    }
 
     override DataFlowCall getCall(ReturnKind kind) {
-      FlowSummaryImpl::Private::summaryOutNode(result, this.getSummaryNode(), kind)
+      result = call and
+      kind = kind_
     }
   }
 }

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll

@@ -1028,7 +1028,10 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
  * by default as a heuristic.
  */
 predicate allowParameterReturnInSelf(ParameterNode p) {
-  FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(p)
+  exists(DataFlowCallable c, ParameterPosition pos |
+    p.(ParameterNodeImpl).isParameterOf(c, pos) and
+    FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(c.asLibraryCallable(), pos)
+  )
 }
 
 /** An approximated `Content`. */