Use extension packs for threat models

Author: Dave Bartolomeo

codeql-workspace.yml

@@ -6,7 +6,7 @@ provide:
   - "*/ql/consistency-queries/qlpack.yml"
   - "*/ql/automodel/src/qlpack.yml"
   - "*/ql/automodel/test/qlpack.yml"
-  - "shared/*/qlpack.yml"
+  - "shared/**/qlpack.yml"
   - "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml"
   - "go/ql/config/legacy-support/qlpack.yml"
   - "go/build/codeql-extractor-go/codeql-extractor.yml"

java/ql/lib/qlpack.yml

@@ -9,12 +9,12 @@ dependencies:
   codeql/dataflow: ${workspace}
   codeql/mad: ${workspace}
   codeql/regex: ${workspace}
+  codeql/threat-models: ${workspace}
   codeql/tutorial: ${workspace}
   codeql/typetracking: ${workspace}
   codeql/util: ${workspace}
 dataExtensions:
   - ext/*.model.yml
   - ext/generated/*.model.yml
   - ext/experimental/*.model.yml
-  - ext/threatmodels/*.model.yml
 warnOnImplicitThis: true

java/ql/lib/semmle/code/java/dataflow/FlowSources.qll

@@ -29,7 +29,7 @@ import semmle.code.java.frameworks.struts.StrutsActions
 import semmle.code.java.frameworks.Thrift
 import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
 private import semmle.code.java.dataflow.ExternalFlow
-private import semmle.code.java.dataflow.ExternalFlowConfiguration
+private import codeql.threatmodels.ThreatModels
 
 /**
  * A data flow source.

java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql

@@ -1,5 +1,5 @@
-import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
+import codeql.threatmodels.ThreatModels as ThreatModels
 
 query predicate supportedThreatModels(string kind) {
-  ExternalFlowConfiguration::currentThreatModel(kind)
+  ThreatModels::currentThreatModel(kind)
 }

java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql

@@ -1,5 +1,5 @@
-import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
+import codeql.threatmodels.ThreatModels as ThreatModels
 
 query predicate supportedThreatModels(string kind) {
-  ExternalFlowConfiguration::currentThreatModel(kind)
+  ThreatModels::currentThreatModel(kind)
 }

shared/threat-models-ext/android/qlpack.yml

@@ -0,0 +1,10 @@
+name: codeql/threat-android
+version: 0.0.0-dev
+groups:
+  - shared
+  - threat-models
+library: true
+dataExtensions:
+  - "*.model.yml"
+extensionTargets:
+  codeql/threat-models: ${workspace}

shared/threat-models-ext/android/threat.model.yml

@@ -0,0 +1,7 @@
+extensions:
+
+  - addsTo:
+      pack: codeql/threat-models
+      extensible: supportedThreatModels
+    data:
+      - ["android"]

shared/threat-models-ext/local/qlpack.yml

@@ -0,0 +1,10 @@
+name: codeql/threat-local
+version: 0.0.0-dev
+groups:
+  - shared
+  - threat-models
+library: true
+dataExtensions:
+  - "*.model.yml"
+extensionTargets:
+  codeql/threat-models: ${workspace}

shared/threat-models-ext/local/threat.model.yml

@@ -0,0 +1,7 @@
+extensions:
+
+  - addsTo:
+      pack: codeql/threat-models
+      extensible: supportedThreatModels
+    data:
+      - ["local"]

java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll renamed to shared/threat-models/codeql/threatmodels/ThreatModels.qll

@@ -5,12 +5,10 @@
  * are applicable to generic queries.
  */
 
-private import ExternalFlowExtensions
-
 /**
  * Holds if the specified kind of source model is supported for the current query.
  */
-extensible private predicate supportedThreatModels(string kind);
+extensible predicate supportedThreatModels(string kind);
 
 /**
  * Holds if the specified kind of source model is containted within the specified group.