Java/C#: Introduce kind for neutrals. by michaelnebel · Pull Request #12931 · github/codeql

michaelnebel · 2023-04-26T09:39:12Z

In this PR we introduce a kind for neutrals.

The kind of a neutral is used to describe, whether the neutral is neutral with respect to

summary: They neutral does not have flow through it (ie. no summary flow).
source: The neutral is not a source (of any source kind).
sink: The neutral is not a sink (of any sink kind).

michaelnebel · 2023-05-03T10:59:12Z

DCA looks good.

jcogs33

I added a few minor suggestions about updating comments, otherwise looks reasonable to me.

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll

java/ql/lib/semmle/code/java/dataflow/ExternalFlowExtensions.qll

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlowExtensions.qll

michaelnebel · 2023-05-08T10:32:45Z

I added a few minor suggestions about updating comments, otherwise looks reasonable to me.
Thank you very much!!

hvitved

LGTM

Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>

In CodeQL 2.13.3, the definition of the neutralModel predicate has changed to include the `kind`. This updates the definition of the data extensions editor to match the new definition. One caveat is that when selecting a `kind` other than `summary`, the method will not be shown as supported. This is because a `NeutralCallable` only calls into `neutralSummaryElement`. This matches the previous behavior because setting the `kind` to `source` or `sink` only says that the method is either not a source or not a sink, but not both. Only `summary` fully models the method. See: github/codeql#12931 See: https://github.com/github/codeql/blob/ff78ac98d27c7b9f1adffcf235c56855f8348ad0/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll#L338 See: https://github.com/github/codeql/blob/ff78ac98d27c7b9f1adffcf235c56855f8348ad0/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll#L160

github-actions bot added C# DataFlow Library Go Java Python Ruby Swift documentation labels Apr 26, 2023

michaelnebel force-pushed the neutralkinds branch from acb6d95 to 5ce4ff3 Compare April 26, 2023 11:37

michaelnebel mentioned this pull request Apr 26, 2023

Java: Update customizing library models for java documentation. #12935

Merged

michaelnebel force-pushed the neutralkinds branch from 5ce4ff3 to b16a6ff Compare April 26, 2023 12:39

michaelnebel marked this pull request as ready for review April 26, 2023 14:27

michaelnebel requested review from a team as code owners April 26, 2023 14:27

michaelnebel force-pushed the neutralkinds branch from b16a6ff to e108846 Compare May 3, 2023 11:24

jcogs33 reviewed May 4, 2023

View reviewed changes

michaelnebel force-pushed the neutralkinds branch from 378a7f4 to 1a14357 Compare May 8, 2023 10:39

hvitved previously approved these changes May 8, 2023

View reviewed changes

michaelnebel dismissed hvitved’s stale review via dc74814 May 8, 2023 14:18

michaelnebel added 5 commits May 8, 2023 16:18

C#: Extend neutrals with a kind column and introduce validation.

4dcfb4d

C#: Update existing neutrals to include kind information.

fe32abe

Go/Python/Ruby/Swift: Sync files and make dummy implementation.

4ac0396

Java: Extend neutrals with a kind column and introduce validation.

bcbda90

Java: Update existing neutrals to include kind information.

bd23814

michaelnebel and others added 8 commits May 8, 2023 16:18

Java: Adjust the model generator to produce kinds.

d103a57

Java: Update expected test out for the model generator.

c30f080

C#: Adjust the model generator to produce kinds for neutrals.

7c3a258

C#: Update expected test output for the model generator test.

87731b2

C#/Java: Add change note.

7858da6

C#/Java: Update model converter queries to handle kind information.

8435c31

Apply suggestions from code review

efa2bd8

Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>

Apply suggestions from code review

baee4ce

Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>

michaelnebel force-pushed the neutralkinds branch from dc74814 to baee4ce Compare May 8, 2023 14:19

michaelnebel requested a review from hvitved May 9, 2023 06:36

hvitved approved these changes May 9, 2023

View reviewed changes

michaelnebel merged commit f2f9944 into github:main May 9, 2023

michaelnebel deleted the neutralkinds branch May 9, 2023 06:42

jcogs33 mentioned this pull request May 10, 2023

Java: Add manual models for org.apache.commons.net #12965

Merged

jhelie mentioned this pull request May 10, 2023

Java: Automodel Framework Mode Extraction Queries #12830

Merged

jcogs33 mentioned this pull request May 26, 2023

Java: add some neutral models discovered with heuristics #12249

Merged

koesie10 mentioned this pull request Jun 1, 2023

Fix neutral definition for CodeQL 2.13.3 github/vscode-codeql#2467

Merged

3 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Java/C#: Introduce kind for neutrals.#12931

Java/C#: Introduce kind for neutrals.#12931
michaelnebel merged 13 commits intogithub:mainfrom
michaelnebel:neutralkinds

michaelnebel commented Apr 26, 2023

Uh oh!

michaelnebel commented May 3, 2023

Uh oh!

jcogs33 left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

michaelnebel commented May 8, 2023

Uh oh!

hvitved left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

michaelnebel commented Apr 26, 2023

Uh oh!

michaelnebel commented May 3, 2023

Uh oh!

jcogs33 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

michaelnebel commented May 8, 2023

Uh oh!

hvitved left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants