Merge pull request github#12750 from smowton/smowton/admin/add-dataflow-viableParamArgSpecific-hook

Go: mass-convert taint-flow models to models-as-data format (with `viableParamArgSpecific` hook)

Author: smowton

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowDispatch.qll

@@ -79,3 +79,13 @@ class ArgumentPosition extends int {
 /** Holds if arguments at position `apos` match parameters at position `ppos`. */
 pragma[inline]
 predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { ppos = apos }
+
+/**
+ * Holds if flow from `call`'s argument `arg` to parameter `p` is permissible.
+ *
+ * This is a temporary hook to support technical debt in the Go language; do not use.
+ */
+pragma[inline]
+predicate golangSpecificParamArgFilter(DataFlowCall call, ParameterNode p, ArgumentNode arg) {
+  any()
+}

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll

@@ -425,7 +425,8 @@ private module Cached {
     exists(ParameterPosition ppos |
       viableParam(call, ppos, p) and
       argumentPositionMatch(call, arg, ppos) and
-      compatibleTypes(getNodeDataFlowType(arg), getNodeDataFlowType(p))
+      compatibleTypes(getNodeDataFlowType(arg), getNodeDataFlowType(p)) and
+      golangSpecificParamArgFilter(call, p, arg)
     )
   }
 

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll

@@ -271,3 +271,13 @@ Function viableImplInCallContext(CallInstruction call, CallInstruction ctx) {
 /** Holds if arguments at position `apos` match parameters at position `ppos`. */
 pragma[inline]
 predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { ppos = apos }
+
+/**
+ * Holds if flow from `call`'s argument `arg` to parameter `p` is permissible.
+ *
+ * This is a temporary hook to support technical debt in the Go language; do not use.
+ */
+pragma[inline]
+predicate golangSpecificParamArgFilter(DataFlowCall call, ParameterNode p, ArgumentNode arg) {
+  any()
+}

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll

@@ -425,7 +425,8 @@ private module Cached {
     exists(ParameterPosition ppos |
       viableParam(call, ppos, p) and
       argumentPositionMatch(call, arg, ppos) and
-      compatibleTypes(getNodeDataFlowType(arg), getNodeDataFlowType(p))
+      compatibleTypes(getNodeDataFlowType(arg), getNodeDataFlowType(p)) and
+      golangSpecificParamArgFilter(call, p, arg)
     )
   }
 

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll

@@ -555,3 +555,13 @@ predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) {
     apos.isImplicitCapturedArgumentPosition(v)
   )
 }
+
+/**
+ * Holds if flow from `call`'s argument `arg` to parameter `p` is permissible.
+ *
+ * This is a temporary hook to support technical debt in the Go language; do not use.
+ */
+pragma[inline]
+predicate golangSpecificParamArgFilter(DataFlowCall call, ParameterNode p, ArgumentNode arg) {
+  any()
+}

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll

@@ -425,7 +425,8 @@ private module Cached {
     exists(ParameterPosition ppos |
       viableParam(call, ppos, p) and
       argumentPositionMatch(call, arg, ppos) and
-      compatibleTypes(getNodeDataFlowType(arg), getNodeDataFlowType(p))
+      compatibleTypes(getNodeDataFlowType(arg), getNodeDataFlowType(p)) and
+      golangSpecificParamArgFilter(call, p, arg)
     )
   }
 

go/ql/lib/ext/archive.tar.model.yml

@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["archive/tar", "", False, "FileInfoHeader", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["archive/tar", "", False, "NewReader", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["archive/tar", "Header", True, "FileInfo", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["archive/tar", "Reader", True, "Next", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
+      - ["archive/tar", "Writer", True, "WriteHeader", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]

go/ql/lib/ext/archive.zip.model.yml

@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["archive/zip", "", False, "FileInfoHeader", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["archive/zip", "", False, "NewReader", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["archive/zip", "", False, "OpenReader", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["archive/zip", "File", True, "Open", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
+      - ["archive/zip", "File", True, "OpenRaw", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
+      - ["archive/zip", "Writer", True, "Copy", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]

go/ql/lib/ext/archive_tar.model.yml

@@ -0,0 +1,22 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["bufio", "", False, "NewReadWriter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["bufio", "", False, "NewReader", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["bufio", "", False, "NewReaderSize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["bufio", "", False, "NewScanner", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["bufio", "", False, "ScanBytes", "", "", "Argument[0]", "ReturnValue[1]", "taint", "manual"]
+      - ["bufio", "", False, "ScanLines", "", "", "Argument[0]", "ReturnValue[1]", "taint", "manual"]
+      - ["bufio", "", False, "ScanRunes", "", "", "Argument[0]", "ReturnValue[1]", "taint", "manual"]
+      - ["bufio", "", False, "ScanWords", "", "", "Argument[0]", "ReturnValue[1]", "taint", "manual"]
+      - ["bufio", "Reader", True, "Peek", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
+      - ["bufio", "Reader", True, "ReadBytes", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
+      - ["bufio", "Reader", True, "ReadLine", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
+      - ["bufio", "Reader", True, "ReadSlice", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
+      - ["bufio", "Reader", True, "ReadString", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
+      - ["bufio", "Reader", True, "Reset", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["bufio", "Scanner", True, "Bytes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["bufio", "Scanner", True, "Text", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["bufio", "Writer", True, "Reset", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]