Merge pull request github#13136 from jcogs33/jcogs33/revamp-java-source-kinds

Java: change `android-widget` MaD source kind to `remote`

Author: jcogs33

docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst

@@ -315,7 +315,7 @@ The following source kinds are supported:
 
 Below is an enumeration of the remaining source kinds, but they are out of scope for this documentation:
 
-- **contentprovider**, **android-widget**, **android-external-storage-dir**.
+- **contentprovider**, **android-external-storage-dir**.
 
 sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

java/ql/lib/change-notes/2023-05-12-androidwidget-source-kind-to-remote.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Changed the `android-widget` Java source kind to `remote`. Any custom data extensions that use the `android-widget` source kind will need to be updated accordingly in order to continue working.

java/ql/lib/ext/android.widget.model.yml

@@ -3,7 +3,7 @@ extensions:
       pack: codeql/java-all
       extensible: sourceModel
     data:
-      - ["android.widget", "EditText", True, "getText", "", "", "ReturnValue", "android-widget", "manual"]
+      - ["android.widget", "EditText", True, "getText", "", "", "ReturnValue", "remote", "manual"]
   - addsTo:
       pack: codeql/java-all
       extensible: summaryModel

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

@@ -287,7 +287,7 @@ module ModelValidation {
     )
     or
     exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) |
-      not kind = ["remote", "contentprovider", "android-widget", "android-external-storage-dir"] and
+      not kind = ["remote", "contentprovider", "android-external-storage-dir"] and
       not kind.matches("qltest%") and
       result = "Invalid kind \"" + kind + "\" in source model."
     )

java/ql/lib/semmle/code/java/dataflow/FlowSources.qll

@@ -36,13 +36,6 @@ abstract class RemoteFlowSource extends DataFlow::Node {
   abstract string getSourceType();
 }
 
-/**
- * A module for importing frameworks that define remote flow sources.
- */
-private module RemoteFlowSources {
-  private import semmle.code.java.frameworks.android.Widget
-}
-
 private class ExternalRemoteFlowSource extends RemoteFlowSource {
   ExternalRemoteFlowSource() { sourceNode(this, "remote") }
 

java/ql/lib/semmle/code/java/frameworks/android/Widget.qll

@@ -4,12 +4,6 @@ import java
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
 
-private class DefaultAndroidWidgetSources extends RemoteFlowSource {
-  DefaultAndroidWidgetSources() { sourceNode(this, "android-widget") }
-
-  override string getSourceType() { result = "Android widget source" }
-}
-
 private class EditableToStringStep extends AdditionalTaintStep {
   override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
     exists(MethodAccess ma |