From c20f12fa6cb226a7f940f869dddab7506d3ab0d1 Mon Sep 17 00:00:00 2001
From: Anders Schack-Mulligen <aschackmull@github.com>
Date: Wed, 16 Oct 2024 11:19:09 +0200
Subject: [PATCH] Add qldoc.

---
 .../code/cpp/dataflow/internal/TaintTrackingUtil.qll      | 4 ++++
 .../code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll   | 4 ++++
 .../csharp/dataflow/internal/TaintTrackingPrivate.qll     | 4 ++++
 .../lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll | 4 ++++
 .../code/java/dataflow/internal/TaintTrackingUtil.qll     | 4 ++++
 .../python/dataflow/new/internal/TaintTrackingPrivate.qll | 4 ++++
 .../ruby/dataflow/internal/TaintTrackingPrivate.qll       | 4 ++++
 shared/dataflow/codeql/dataflow/TaintTracking.qll         | 8 ++++++++
 .../swift/dataflow/internal/TaintTrackingPrivate.qll      | 4 ++++
 9 files changed, 40 insertions(+)

diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll
index 0b35e74db8c4..493b531a49a9 100644
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll
@@ -282,4 +282,8 @@ private predicate exprToPartialDefinitionStep(Expr exprIn, Expr exprOut) {
 
 private predicate iteratorDereference(Call c) { c.getTarget() instanceof IteratorReferenceFunction }
 
+/**
+ * Holds if the additional step from `src` to `sink` should be considered in
+ * speculative taint flow exploration.
+ */
 predicate speculativeTaintStep(DataFlow::Node src, DataFlow::Node sink) { none() }
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
index 9921be8a147d..b6d332e3d4c2 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
@@ -219,6 +219,10 @@ private module SpeculativeTaintFlow {
   private import semmle.code.cpp.ir.dataflow.internal.DataFlowDispatch as DataFlowDispatch
   private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate as DataFlowPrivate
 
+  /**
+   * Holds if the additional step from `src` to `sink` should be considered in
+   * speculative taint flow exploration.
+   */
   predicate speculativeTaintStep(DataFlow::Node src, DataFlow::Node sink) {
     exists(DataFlowCall call, ArgumentPosition argpos |
       // TODO: exclude neutrals and anything that has QL modeling.
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll
index c5bf4b082497..1a044a77777d 100644
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll
@@ -185,6 +185,10 @@ private module SpeculativeTaintFlow {
     exists(FlowSummaryImpl::Public::NeutralSinkCallable sc | sc.getACall() = call)
   }
 
+  /**
+   * Holds if the additional step from `src` to `sink` should be considered in
+   * speculative taint flow exploration.
+   */
   predicate speculativeTaintStep(DataFlow::Node src, DataFlow::Node sink) {
     exists(DataFlowCall call, Call srcCall, ArgumentPosition argpos |
       not exists(viableCallable(call)) and
diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
index 0ea9dbae200a..5365228e2310 100644
--- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
@@ -434,6 +434,10 @@ import SpeculativeTaintFlow
 private module SpeculativeTaintFlow {
   private import semmle.go.dataflow.internal.DataFlowDispatch as DataFlowDispatch
 
+  /**
+   * Holds if the additional step from `src` to `sink` should be considered in
+   * speculative taint flow exploration.
+   */
   predicate speculativeTaintStep(DataFlow::Node src, DataFlow::Node sink) {
     exists(DataFlowPrivate::DataFlowCall call, DataFlowDispatch::ArgumentPosition argpos |
       // TODO: exclude neutrals and anything that has QL modeling.
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
index a3231b4b1cf8..ad770b75a3eb 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -690,6 +690,10 @@ private module SpeculativeTaintFlow {
         .hasName("java.util.function")
   }
 
+  /**
+   * Holds if the additional step from `src` to `sink` should be considered in
+   * speculative taint flow exploration.
+   */
   predicate speculativeTaintStep(DataFlow::Node src, DataFlow::Node sink) {
     exists(DataFlowCall call, Call srcCall, int argpos |
       not hasTarget(srcCall) and
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
index 8c94a4749f76..cc59bc679338 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
@@ -226,6 +226,10 @@ private module SpeculativeTaintFlow {
   private import semmle.python.dataflow.new.internal.DataFlowDispatch as DataFlowDispatch
   private import semmle.python.dataflow.new.internal.DataFlowPublic as DataFlowPublic
 
+  /**
+   * Holds if the additional step from `src` to `sink` should be considered in
+   * speculative taint flow exploration.
+   */
   predicate speculativeTaintStep(DataFlow::Node src, DataFlow::Node sink) {
     exists(DataFlowDispatch::DataFlowCall call, DataFlowDispatch::ArgumentPosition argpos |
       // TODO: exclude neutrals and anything that has QL modeling.
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
index 3c86cccd9628..cae2266e1a2b 100644
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
@@ -155,6 +155,10 @@ private module SpeculativeTaintFlow {
   private import codeql.ruby.dataflow.internal.DataFlowDispatch as DataFlowDispatch
   private import codeql.ruby.dataflow.internal.DataFlowPublic as DataFlowPublic
 
+  /**
+   * Holds if the additional step from `src` to `sink` should be considered in
+   * speculative taint flow exploration.
+   */
   predicate speculativeTaintStep(DataFlow::Node src, DataFlow::Node sink) {
     exists(
       DataFlowDispatch::DataFlowCall call, MethodCall srcCall,
diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll
index beec8f384993..eb98ec2a8096 100644
--- a/shared/dataflow/codeql/dataflow/TaintTracking.qll
+++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll
@@ -208,6 +208,10 @@ module TaintFlowMake<
     }
   }
 
+  /**
+   * Constructs a global taint tracking computation that also allows a given
+   * maximum number of speculative taint steps.
+   */
   module SpeculativeFlow<DataFlow::ConfigSig Config, speculationLimitSig/0 speculationLimit>
     implements DataFlow::GlobalFlowSig
   {
@@ -229,6 +233,10 @@ module TaintFlowMake<
     import DataFlowInternal::Impl<C>
   }
 
+  /**
+   * Constructs a global taint tracking computation using flow state that also
+   * allows a given maximum number of speculative taint steps.
+   */
   module SpeculativeFlowWithState<
     DataFlow::StateConfigSig Config, speculationLimitSig/0 speculationLimit> implements
     DataFlow::GlobalFlowSig
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
index 53c828981ffe..c3f14b03f835 100644
--- a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
@@ -106,6 +106,10 @@ private module SpeculativeTaintFlow {
   private import codeql.swift.dataflow.internal.DataFlowPublic as DataFlowPublic
   private import codeql.swift.dataflow.internal.DataFlowPrivate as DataFlowPrivate
 
+  /**
+   * Holds if the additional step from `src` to `sink` should be considered in
+   * speculative taint flow exploration.
+   */
   predicate speculativeTaintStep(DataFlow::Node src, DataFlow::Node sink) {
     exists(DataFlowDispatch::DataFlowCall call, DataFlowDispatch::ArgumentPosition argpos |
       // TODO: exclude neutrals and anything that has QL modeling.