Merge pull request github#13935 from yoff/python/mad-on-externals

Python: MaD on externals

Author: yoff

config/identical-files.json

@@ -556,5 +556,9 @@
   "EncryptionKeySizes Python/Java": [
     "python/ql/lib/semmle/python/security/internal/EncryptionKeySizes.qll",
     "java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll"
+  ],
+  "Python model summaries test extension": [
+    "python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ext.yml",
+    "python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ext.yml"
   ]
 }

python/ql/lib/qlpack.yml

@@ -13,5 +13,5 @@ dependencies:
   codeql/util: ${workspace}
   codeql/yaml: ${workspace}
 dataExtensions:
-  - semmle/python/frameworks/**/model.yml
+  - semmle/python/frameworks/**/*.model.yml
 warnOnImplicitThis: true

python/ql/lib/semmle/python/frameworks/data/internal/model.yml renamed to python/ql/lib/semmle/python/frameworks/data/internal/empty.model.yml

@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: codeql/python-all
+      extensible: summaryModel
+    data:
+      - ["foo", "Member[MS_identity]", "Argument[0]", "ReturnValue", "value"]
+      - ["foo", "Member[MS_apply_lambda]", "Argument[1]", "Argument[0].Parameter[0]", "value"]
+      - ["foo", "Member[MS_apply_lambda]", "Argument[0].ReturnValue", "ReturnValue", "value"]
+      - ["foo", "Member[MS_reversed]", "Argument[0].ListElement", "ReturnValue.ListElement", "value"]
+      - ["foo", "Member[MS_reversed]", "Argument[0]", "ReturnValue", "taint"]
+      - ["foo", "Member[MS_list_map]", "Argument[1].ListElement", "Argument[0].Parameter[0]", "value"]
+      - ["foo", "Member[MS_list_map]", "Argument[0].ReturnValue", "ReturnValue.ListElement", "value"]
+      - ["foo", "Member[MS_list_map]", "Argument[1]", "ReturnValue", "taint"]
+      - ["foo", "Member[MS_append_to_list]", "Argument[0].ListElement", "ReturnValue.ListElement", "value"]
+      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue.ListElement", "value"]
+      - ["foo", "Member[MS_append_to_list]", "Argument[0]", "ReturnValue", "taint"]
+      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue", "taint"]
+      - ["json", "Member[MS_loads]", "Argument[0]", "ReturnValue", "taint"]

python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ext.yml

@@ -1,4 +1,3 @@
 import python
-private import TestSummaries
 import experimental.meta.InlineTaintTest
 import MakeInlineTaintTest<TestTaintTrackingConfig>

python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ql

@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: codeql/python-all
+      extensible: summaryModel
+    data:
+      - ["foo", "Member[MS_identity]", "Argument[0]", "ReturnValue", "value"]
+      - ["foo", "Member[MS_apply_lambda]", "Argument[1]", "Argument[0].Parameter[0]", "value"]
+      - ["foo", "Member[MS_apply_lambda]", "Argument[0].ReturnValue", "ReturnValue", "value"]
+      - ["foo", "Member[MS_reversed]", "Argument[0].ListElement", "ReturnValue.ListElement", "value"]
+      - ["foo", "Member[MS_reversed]", "Argument[0]", "ReturnValue", "taint"]
+      - ["foo", "Member[MS_list_map]", "Argument[1].ListElement", "Argument[0].Parameter[0]", "value"]
+      - ["foo", "Member[MS_list_map]", "Argument[0].ReturnValue", "ReturnValue.ListElement", "value"]
+      - ["foo", "Member[MS_list_map]", "Argument[1]", "ReturnValue", "taint"]
+      - ["foo", "Member[MS_append_to_list]", "Argument[0].ListElement", "ReturnValue.ListElement", "value"]
+      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue.ListElement", "value"]
+      - ["foo", "Member[MS_append_to_list]", "Argument[0]", "ReturnValue", "taint"]
+      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue", "taint"]
+      - ["json", "Member[MS_loads]", "Argument[0]", "ReturnValue", "taint"]

python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ext.yml

@@ -1,3 +1,2 @@
 import python
-private import TestSummaries
 import experimental.dataflow.TestUtil.NormalDataflowTest

python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ql

@@ -0,0 +1,76 @@
+extensions:
+  # Contribute empty data sets to avoid errors about an undefined extensionals
+  - addsTo:
+      pack: codeql/python-all
+      extensible: sourceModel
+    data:
+      - ["testlib", "Member[getSource].ReturnValue", "test-source"]
+      - ["testlib.Alias", "", "test-source"]
+      # testing parameter syntax
+      - ["testlib", "Member[Callbacks].Member[first].Argument[0].Parameter[0]", "test-source"]
+      - ["testlib", "Member[Callbacks].Member[param1to3].Argument[0].Parameter[1..3]", "test-source"]
+      - ["testlib", "Member[Callbacks].Member[nonFirst].Argument[0].Parameter[1..]", "test-source"]
+      # Common tokens.
+      - ["testlib", "Member[CommonTokens].Member[makePromise].ReturnValue.Awaited", "test-source"]
+      - ["testlib", "Member[CommonTokens].Member[Class].Instance", "test-source"]
+      - ["testlib", "Member[CommonTokens].Member[Super].Subclass.Instance", "test-source"]
+      # method
+      - ["testlib", "Member[CommonTokens].Member[Class].Instance.Method[foo]", "test-source"]
+      # testing non-positional arguments
+      - ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[self]", "test-source"]
+      - ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[named:]", "test-source"]
+      - ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[secondAndAfter].Parameter[1..]", "test-source"]
+      - ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[otherSelfTest].Parameter[0]", "test-source"]
+      - ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[anyParam].Parameter[any]", "test-source"]
+      - ["testlib", "Member[ArgPos].Member[MyClass].Subclass.Member[anyNamed].Parameter[any-named]", "test-source"]
+
+  - addsTo:
+      pack: codeql/python-all
+      extensible: sinkModel
+    data:
+      - ["testlib", "Member[mySink].Argument[0,sinkName:]", "test-sink"]
+      # testing argument syntax
+      - ["testlib", "Member[Args].Member[arg0].Argument[0]", "test-sink"]
+      - ["testlib", "Member[Args].Member[arg1to3].Argument[1..3]", "test-sink"]
+      - ["testlib", "Member[Args].Member[lastarg].Argument[N-1]", "test-sink"]
+      - ["testlib", "Member[Args].Member[nonFist].Argument[1..]", "test-sink"]
+      # callsite filter.
+      - ["testlib", "Member[CallFilter].Member[arityOne].WithArity[1].Argument[any]", "test-sink"]
+      - ["testlib", "Member[CallFilter].Member[twoOrMore].WithArity[2..].Argument[0..]", "test-sink"]
+      # testing non-positional arguments
+      - ["testlib", "Member[ArgPos].Instance.Member[self_thing].Argument[self]", "test-sink"]
+      # any argument
+      - ["testlib", "Member[ArgPos].Member[anyParam].Argument[any]", "test-sink"]
+      - ["testlib", "Member[ArgPos].Member[anyNamed].Argument[any-named]", "test-sink"]
+      # testing package syntax
+      - ["foo1.bar", "Member[baz1].Argument[any]", "test-sink"]
+      - ["foo2", "Member[bar].Member[baz2].Argument[any]", "test-sink"]
+      # testing fuzzy
+      - ["testlib", "Fuzzy.Member[fuzzyCall].Argument[0]", "test-sink"]
+      # testing syntax errors
+      - ["testlib", "Member[foo],Member[bar]", "test-sink"]
+      - ["testlib", "Member[foo] Member[bar]", "test-sink"]
+      - ["testlib", "Member[foo]. Member[bar]", "test-sink"]
+      - ["testlib", "Member[foo], Member[bar]", "test-sink"]
+      - ["testlib", "Member[foo]..Member[bar]", "test-sink"]
+      - ["testlib", "Member[foo] .Member[bar]", "test-sink"]
+      - ["testlib", "Member[foo]Member[bar]", "test-sink"]
+      - ["testlib", "Member[foo", "test-sink"]
+      - ["testlib", "Member[foo]]", "test-sink"]
+      - ["testlib", "Member[foo]].Member[bar]", "test-sink"]
+
+  - addsTo:
+      pack: codeql/python-all
+      extensible: summaryModel
+    data:
+      - ["testlib", "Member[Steps].Member[preserveTaint].Call", "Argument[0]", "ReturnValue", "taint"]
+      - ["testlib", "Member[Steps].Member[taintIntoCallback]", "Argument[0]", "Argument[1..2].Parameter[0]", "taint"]
+      - ["testlib", "Member[Steps].Member[preserveArgZeroAndTwo]", "Argument[0,2]", "ReturnValue", "taint"]
+      - ["testlib", "Member[Steps].Member[preserveAllButFirstArgument].Call", "Argument[1..]", "ReturnValue", "taint"]
+
+  - addsTo:
+      pack: codeql/python-all
+      extensible: typeModel
+    data:
+     - ["testlib.Alias", "testlib", "Member[alias].ReturnValue"]
+     - ["testlib.Alias", "testlib.Alias", "Member[chain].ReturnValue"]

python/ql/test/experimental/dataflow/model-summaries/TestSummaries.qll

@@ -5,86 +5,6 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.DataFlow
 private import semmle.python.ApiGraphs
 
-class Steps extends ModelInput::SummaryModelCsv {
-  override predicate row(string row) {
-    // type;path;input;output;kind
-    row =
-      [
-        "testlib;Member[Steps].Member[preserveTaint].Call;Argument[0];ReturnValue;taint",
-        "testlib;Member[Steps].Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
-        "testlib;Member[Steps].Member[preserveArgZeroAndTwo];Argument[0,2];ReturnValue;taint",
-        "testlib;Member[Steps].Member[preserveAllButFirstArgument].Call;Argument[1..];ReturnValue;taint",
-      ]
-  }
-}
-
-class Types extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    // type1;type2;path
-    row =
-      [
-        "testlib.Alias;testlib;Member[alias].ReturnValue",
-        "testlib.Alias;testlib.Alias;Member[chain].ReturnValue",
-      ]
-  }
-}
-
-class Sinks extends ModelInput::SinkModelCsv {
-  override predicate row(string row) {
-    // type;path;kind
-    row =
-      [
-        "testlib;Member[mySink].Argument[0,sinkName:];test-sink",
-        // testing argument syntax
-        "testlib;Member[Args].Member[arg0].Argument[0];test-sink", //
-        "testlib;Member[Args].Member[arg1to3].Argument[1..3];test-sink", //
-        "testlib;Member[Args].Member[lastarg].Argument[N-1];test-sink", //
-        "testlib;Member[Args].Member[nonFist].Argument[1..];test-sink", //
-        // callsite filter.
-        "testlib;Member[CallFilter].Member[arityOne].WithArity[1].Argument[any];test-sink", //
-        "testlib;Member[CallFilter].Member[twoOrMore].WithArity[2..].Argument[0..];test-sink", //
-        // testing non-positional arguments
-        "testlib;Member[ArgPos].Instance.Member[self_thing].Argument[self];test-sink", //
-        // any argument
-        "testlib;Member[ArgPos].Member[anyParam].Argument[any];test-sink", //
-        "testlib;Member[ArgPos].Member[anyNamed].Argument[any-named];test-sink", //
-        // testing package syntax
-        "foo1.bar;Member[baz1].Argument[any];test-sink", //
-        "foo2;Member[bar].Member[baz2].Argument[any];test-sink", //
-        // testing fuzzy
-        "testlib;Fuzzy.Member[fuzzyCall].Argument[0];test-sink", //
-      ]
-  }
-}
-
-class Sources extends ModelInput::SourceModelCsv {
-  // type;path;kind
-  override predicate row(string row) {
-    row =
-      [
-        "testlib;Member[getSource].ReturnValue;test-source", //
-        "testlib.Alias;;test-source",
-        // testing parameter syntax
-        "testlib;Member[Callbacks].Member[first].Argument[0].Parameter[0];test-source", //
-        "testlib;Member[Callbacks].Member[param1to3].Argument[0].Parameter[1..3];test-source", //
-        "testlib;Member[Callbacks].Member[nonFirst].Argument[0].Parameter[1..];test-source", //
-        // Common tokens.
-        "testlib;Member[CommonTokens].Member[makePromise].ReturnValue.Awaited;test-source", //
-        "testlib;Member[CommonTokens].Member[Class].Instance;test-source", //
-        "testlib;Member[CommonTokens].Member[Super].Subclass.Instance;test-source", //
-        // method
-        "testlib;Member[CommonTokens].Member[Class].Instance.Method[foo];test-source", //
-        // testing non-positional arguments
-        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[self];test-source", //
-        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[foo].Parameter[named:];test-source", //
-        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[secondAndAfter].Parameter[1..];test-source", //
-        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[otherSelfTest].Parameter[0];test-source", //
-        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[anyParam].Parameter[any];test-source", //
-        "testlib;Member[ArgPos].Member[MyClass].Subclass.Member[anyNamed].Parameter[any-named];test-source", //
-      ]
-  }
-}
-
 class BasicTaintTracking extends TaintTracking::Configuration {
   BasicTaintTracking() { this = "BasicTaintTracking" }
 
@@ -109,24 +29,6 @@ query predicate isSource(DataFlow::Node node, string kind) {
   node = ModelOutput::getASourceNode(kind).asSource()
 }
 
-class SyntaxErrorTest extends ModelInput::SinkModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "testlib;Member[foo],Member[bar];test-sink", //
-        "testlib;Member[foo] Member[bar];test-sink", //
-        "testlib;Member[foo]. Member[bar];test-sink", //
-        "testlib;Member[foo], Member[bar];test-sink", //
-        "testlib;Member[foo]..Member[bar];test-sink", //
-        "testlib;Member[foo] .Member[bar];test-sink", //
-        "testlib;Member[foo]Member[bar];test-sink", //
-        "testlib;Member[foo;test-sink", //
-        "testlib;Member[foo]];test-sink", //
-        "testlib;Member[foo]].Member[bar];test-sink", //
-      ]
-  }
-}
-
 query predicate syntaxErrors(AccessPathSyntax::AccessPath path) { path.hasSyntaxError() }
 
 query predicate warning = ModelOutput::getAWarning/0;