Java/C#: Introduce kind for neutrals.

csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Updated the `neutralModel` extensible predicate to include a `kind` column.

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll

@@ -12,8 +12,8 @@
  * - Summaries:
  *   `namespace; type; subtypes; name; signature; ext; input; output; kind; provenance`
  * - Neutrals:
- *   `namespace; type; name; signature; provenance`
- *   A neutral is used to indicate that there is no flow via a callable.
+ *   `namespace; type; name; signature; kind; provenance`
+ *   A neutral is used to indicate that a callable is neutral with respect to flow (no summary), source (is not a source) or sink (is not a sink).
  *
  * The interpretation of a row is similar to API-graphs with a left-to-right
  * reading.
@@ -72,7 +72,9 @@
  *    which classes the interpreted elements should be added. For example, for
  *    sources "remote" indicates a default remote flow source, and for summaries
  *    "taint" indicates a default additional taint step and "value" indicates a
- *    globally applicable value-preserving step.
+ *    globally applicable value-preserving step. For neutrals the kind can be `summary`,
+ *    `source` or `sink` to indicate that the neutral is neutral with respect to
+ *    flow (no summary), source (is not a source) or sink (is not a sink).
  * 9. The `provenance` column is a tag to indicate the origin and verification of a model.
  *    The format is {origin}-{verification} or just "manual" where the origin describes
  *    the origin of the model and verification describes how the model has been verified.
@@ -103,8 +105,8 @@ predicate sinkModel = Extensions::sinkModel/9;
 /** Holds if a summary model exists for the given parameters. */
 predicate summaryModel = Extensions::summaryModel/10;
 
-/** Holds if a model exists indicating there is no flow for the given parameters. */
-predicate neutralModel = Extensions::neutralModel/5;
+/** Holds if a neutral model exists for the given parameters. */
+predicate neutralModel = Extensions::neutralModel/6;
 
 private predicate relevantNamespace(string namespace) {
   sourceModel(namespace, _, _, _, _, _, _, _, _) or
@@ -218,6 +220,11 @@ module ModelValidation {
       not kind = ["local", "remote", "file", "file-write"] and
       result = "Invalid kind \"" + kind + "\" in source model."
     )
+    or
+    exists(string kind | neutralModel(_, _, _, _, kind, _) |
+      not kind = ["summary", "source", "sink"] and
+      result = "Invalid kind \"" + kind + "\" in neutral model."
+    )
   }
 
   private string getInvalidModelSignature() {
@@ -232,7 +239,7 @@ module ModelValidation {
       summaryModel(namespace, type, _, name, signature, ext, _, _, _, provenance) and
       pred = "summary"
       or
-      neutralModel(namespace, type, name, signature, provenance) and
+      neutralModel(namespace, type, name, signature, _, provenance) and
       ext = "" and
       pred = "neutral"
     |
@@ -275,7 +282,7 @@ private predicate elementSpec(
   or
   summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _)
   or
-  neutralModel(namespace, type, name, signature, _) and ext = "" and subtypes = false
+  neutralModel(namespace, type, name, signature, _, _) and ext = "" and subtypes = false
 }
 
 private predicate elementSpec(

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlowExtensions.qll

@@ -27,8 +27,8 @@ extensible predicate summaryModel(
 );
 
 /**
- * Holds if a model exists indicating there is no flow for the given parameters.
+ * Holds if a neutral model exists for the given parameters.
  */
 extensible predicate neutralModel(
-  string namespace, string type, string name, string signature, string provenance
+  string namespace, string type, string name, string signature, string kind, string provenance
 );

csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll

@@ -335,7 +335,7 @@ module Public {
   class NeutralCallable extends SummarizedCallableBase {
     private Provenance provenance;
 
-    NeutralCallable() { neutralElement(this, provenance) }
+    NeutralCallable() { neutralSummaryElement(this, provenance) }
 
     /**
      * Holds if the neutral is auto generated.

csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll

@@ -111,12 +111,12 @@ predicate summaryElement(Callable c, string input, string output, string kind, s
 }
 
 /**
- * Holds if a neutral model exists for `c` with provenance `provenace`,
+ * Holds if a neutral summary model exists for `c` with provenance `provenace`,
  * which means that there is no flow through `c`.
  */
-predicate neutralElement(Callable c, string provenance) {
+predicate neutralSummaryElement(Callable c, string provenance) {
   exists(string namespace, string type, string name, string signature |
-    neutralModel(namespace, type, name, signature, provenance) and
+    neutralModel(namespace, type, name, signature, "summary", provenance) and
     c = interpretElement(namespace, type, false, name, signature, "")
   )
 }

csharp/ql/src/utils/modelconverter/ExtractNeutrals.ql

@@ -7,8 +7,9 @@
 import csharp
 import semmle.code.csharp.dataflow.ExternalFlow
 
-from string package, string type, string name, string signature, string provenance
+from string package, string type, string name, string signature, string kind, string provenance
 where
-  neutralModel(package, type, name, signature, provenance) and
+  neutralModel(package, type, name, signature, kind, provenance) and
   not provenance.matches("%generated")
-select package, type, name, signature, provenance order by package, type, name, signature
+select package, type, name, signature, kind, provenance order by
+    package, type, name, signature, kind

csharp/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll

@@ -25,8 +25,11 @@ module PrintingImpl<PrintingSig Printing> {
         + Printing::getProvenance()
   }
 
-  string asNeutralModel(Printing::Api api) {
-    result = asPartialNeutralModel(api) + Printing::getProvenance()
+  string asNeutralSummaryModel(Printing::Api api) {
+    result =
+      asPartialNeutralModel(api) //
+        + "summary" + ";" //
+        + Printing::getProvenance()
   }
 
   /**

csharp/ql/src/utils/modelgenerator/internal/CaptureSummaryFlowQuery.qll

@@ -86,5 +86,5 @@ string captureFlow(DataFlowTargetApi api) {
  */
 string captureNoFlow(DataFlowTargetApi api) {
   not exists(captureFlow(api)) and
-  result = ModelPrinting::asNeutralModel(api)
+  result = ModelPrinting::asNeutralSummaryModel(api)
 }

csharp/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.expected

@@ -1,28 +1,28 @@
-| NoSummaries;BaseClass;M1;(System.String);df-generated |
-| NoSummaries;BaseClass;M2;(System.String);df-generated |
-| NoSummaries;CollectionFlow;ReturnSimpleTypeArray;(System.Int32[]);df-generated |
-| NoSummaries;CollectionFlow;ReturnSimpleTypeDictionary;(System.Collections.Generic.Dictionary<System.Int32,System.Int32>);df-generated |
-| NoSummaries;CollectionFlow;ReturnSimpleTypeList;(System.Collections.Generic.List<System.Int32>);df-generated |
-| NoSummaries;EquatableBound;Equals;(System.Object);df-generated |
-| NoSummaries;EquatableUnBound<>;Equals;(T);df-generated |
-| NoSummaries;SimpleTypes;M1;(System.Boolean);df-generated |
-| NoSummaries;SimpleTypes;M2;(System.Boolean);df-generated |
-| NoSummaries;SimpleTypes;M3;(System.Int32);df-generated |
-| NoSummaries;SimpleTypes;M4;(System.Int32);df-generated |
-| Sinks;NewSinks;WrapFieldResponseWriteFile;();df-generated |
-| Sinks;NewSinks;WrapPrivateFieldResponseWriteFile;();df-generated |
-| Sinks;NewSinks;WrapPrivatePropResponseWriteFile;();df-generated |
-| Sinks;NewSinks;WrapPropPrivateSetResponseWriteFile;();df-generated |
-| Sinks;NewSinks;WrapPropResponseWriteFile;();df-generated |
-| Sinks;NewSinks;WrapResponseWrite;(System.Object);df-generated |
-| Sinks;NewSinks;WrapResponseWriteFile;(System.String);df-generated |
-| Sinks;NewSinks;get_PrivateSetTaintedProp;();df-generated |
-| Sinks;NewSinks;get_TaintedProp;();df-generated |
-| Sinks;NewSinks;set_PrivateSetTaintedProp;(System.String);df-generated |
-| Sinks;NewSinks;set_TaintedProp;(System.String);df-generated |
-| Sources;NewSources;WrapConsoleReadKey;();df-generated |
-| Sources;NewSources;WrapConsoleReadLine;();df-generated |
-| Sources;NewSources;WrapConsoleReadLineAndProcees;(System.String);df-generated |
-| Summaries;EqualsGetHashCodeNoFlow;Equals;(System.Object);df-generated |
-| Summaries;EqualsGetHashCodeNoFlow;GetHashCode;();df-generated |
-| Summaries;OperatorFlow;op_Increment;(Summaries.OperatorFlow);df-generated |
+| NoSummaries;BaseClass;M1;(System.String);summary;df-generated |
+| NoSummaries;BaseClass;M2;(System.String);summary;df-generated |
+| NoSummaries;CollectionFlow;ReturnSimpleTypeArray;(System.Int32[]);summary;df-generated |
+| NoSummaries;CollectionFlow;ReturnSimpleTypeDictionary;(System.Collections.Generic.Dictionary<System.Int32,System.Int32>);summary;df-generated |
+| NoSummaries;CollectionFlow;ReturnSimpleTypeList;(System.Collections.Generic.List<System.Int32>);summary;df-generated |
+| NoSummaries;EquatableBound;Equals;(System.Object);summary;df-generated |
+| NoSummaries;EquatableUnBound<>;Equals;(T);summary;df-generated |
+| NoSummaries;SimpleTypes;M1;(System.Boolean);summary;df-generated |
+| NoSummaries;SimpleTypes;M2;(System.Boolean);summary;df-generated |
+| NoSummaries;SimpleTypes;M3;(System.Int32);summary;df-generated |
+| NoSummaries;SimpleTypes;M4;(System.Int32);summary;df-generated |
+| Sinks;NewSinks;WrapFieldResponseWriteFile;();summary;df-generated |
+| Sinks;NewSinks;WrapPrivateFieldResponseWriteFile;();summary;df-generated |
+| Sinks;NewSinks;WrapPrivatePropResponseWriteFile;();summary;df-generated |
+| Sinks;NewSinks;WrapPropPrivateSetResponseWriteFile;();summary;df-generated |
+| Sinks;NewSinks;WrapPropResponseWriteFile;();summary;df-generated |
+| Sinks;NewSinks;WrapResponseWrite;(System.Object);summary;df-generated |
+| Sinks;NewSinks;WrapResponseWriteFile;(System.String);summary;df-generated |
+| Sinks;NewSinks;get_PrivateSetTaintedProp;();summary;df-generated |
+| Sinks;NewSinks;get_TaintedProp;();summary;df-generated |
+| Sinks;NewSinks;set_PrivateSetTaintedProp;(System.String);summary;df-generated |
+| Sinks;NewSinks;set_TaintedProp;(System.String);summary;df-generated |
+| Sources;NewSources;WrapConsoleReadKey;();summary;df-generated |
+| Sources;NewSources;WrapConsoleReadLine;();summary;df-generated |
+| Sources;NewSources;WrapConsoleReadLineAndProcees;(System.String);summary;df-generated |
+| Summaries;EqualsGetHashCodeNoFlow;Equals;(System.Object);summary;df-generated |
+| Summaries;EqualsGetHashCodeNoFlow;GetHashCode;();summary;df-generated |
+| Summaries;OperatorFlow;op_Increment;(Summaries.OperatorFlow);summary;df-generated |

go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll

@@ -335,7 +335,7 @@ module Public {
   class NeutralCallable extends SummarizedCallableBase {
     private Provenance provenance;
 
-    NeutralCallable() { neutralElement(this, provenance) }
+    NeutralCallable() { neutralSummaryElement(this, provenance) }
 
     /**
      * Holds if the neutral is auto generated.

go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll

@@ -72,11 +72,11 @@ predicate summaryElement(
 }
 
 /**
- * Holds if a neutral model exists for `c` with provenance `provenance`,
+ * Holds if a neutral summary model exists for `c` with provenance `provenance`,
  * which means that there is no flow through `c`.
  * Note. Neutral models have not been implemented for Go.
  */
-predicate neutralElement(SummarizedCallable c, string provenance) { none() }
+predicate neutralSummaryElement(SummarizedCallable c, string provenance) { none() }
 
 /** Gets the summary component for specification component `c`, if any. */
 bindingset[c]

java/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Updated the `neutralModel` extensible predicate to include a `kind` column.