diff --git a/codeql-workspace.yml b/codeql-workspace.yml index 03f5866a0c28..31c946769621 100644 --- a/codeql-workspace.yml +++ b/codeql-workspace.yml @@ -29,6 +29,7 @@ provide: - "swift/extractor-pack/codeql-extractor.yml" - "swift/integration-tests/qlpack.yml" - "ql/extractor-pack/codeql-extractor.yml" + - ".github/codeql/extensions/**/codeql-pack.yml" versionPolicies: default: diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll index 11c3bb9657ea..f0edf1702d3c 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll @@ -17,7 +17,7 @@ extensible predicate sourceModel(string type, string path, string kind); extensible predicate sinkModel(string type, string path, string kind); /** - * Holds if calls to `(type, path)`, the value referred to by `input` + * Holds if in calls to `(type, path)`, the value referred to by `input` * can flow to the value referred to by `output`. * * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps, @@ -25,6 +25,13 @@ extensible predicate sinkModel(string type, string path, string kind); */ extensible predicate summaryModel(string type, string path, string input, string output, string kind); +/** + * Holds if calls to `(type, path)` should be considered neutral. The meaning of this depends on the `kind`. + * If `kind` is `summary`, the call does not propagate data flow. If `kind` is `source`, the call is not a source. + * If `kind` is `sink`, the call is not a sink. + */ +extensible predicate neutralModel(string type, string path, string kind); + /** * Holds if `(type2, path)` should be seen as an instance of `type1`. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/model.yml b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/model.yml index 634a1bb3f8b5..016192a224ae 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/model.yml +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/model.yml @@ -15,6 +15,11 @@ extensions: extensible: summaryModel data: [] + - addsTo: + pack: codeql/javascript-all + extensible: neutralModel + data: [] + - addsTo: pack: codeql/javascript-all extensible: typeModel diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll index 11c3bb9657ea..f0edf1702d3c 100644 --- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll +++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll @@ -17,7 +17,7 @@ extensible predicate sourceModel(string type, string path, string kind); extensible predicate sinkModel(string type, string path, string kind); /** - * Holds if calls to `(type, path)`, the value referred to by `input` + * Holds if in calls to `(type, path)`, the value referred to by `input` * can flow to the value referred to by `output`. * * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps, @@ -25,6 +25,13 @@ extensible predicate sinkModel(string type, string path, string kind); */ extensible predicate summaryModel(string type, string path, string input, string output, string kind); +/** + * Holds if calls to `(type, path)` should be considered neutral. The meaning of this depends on the `kind`. + * If `kind` is `summary`, the call does not propagate data flow. If `kind` is `source`, the call is not a source. + * If `kind` is `sink`, the call is not a sink. + */ +extensible predicate neutralModel(string type, string path, string kind); + /** * Holds if `(type2, path)` should be seen as an instance of `type1`. */ diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/empty.model.yml b/python/ql/lib/semmle/python/frameworks/data/internal/empty.model.yml index 46fdcfe96bfe..49a1f01983f2 100644 --- a/python/ql/lib/semmle/python/frameworks/data/internal/empty.model.yml +++ b/python/ql/lib/semmle/python/frameworks/data/internal/empty.model.yml @@ -15,6 +15,11 @@ extensions: extensible: summaryModel data: [] + - addsTo: + pack: codeql/python-all + extensible: neutralModel + data: [] + - addsTo: pack: codeql/python-all extensible: typeModel diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll index 11c3bb9657ea..f0edf1702d3c 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll @@ -17,7 +17,7 @@ extensible predicate sourceModel(string type, string path, string kind); extensible predicate sinkModel(string type, string path, string kind); /** - * Holds if calls to `(type, path)`, the value referred to by `input` + * Holds if in calls to `(type, path)`, the value referred to by `input` * can flow to the value referred to by `output`. * * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving steps, @@ -25,6 +25,13 @@ extensible predicate sinkModel(string type, string path, string kind); */ extensible predicate summaryModel(string type, string path, string input, string output, string kind); +/** + * Holds if calls to `(type, path)` should be considered neutral. The meaning of this depends on the `kind`. + * If `kind` is `summary`, the call does not propagate data flow. If `kind` is `source`, the call is not a source. + * If `kind` is `sink`, the call is not a sink. + */ +extensible predicate neutralModel(string type, string path, string kind); + /** * Holds if `(type2, path)` should be seen as an instance of `type1`. */ diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/model.yml b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/model.yml index f69da6cc3634..7dd7c7a9c0cb 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/model.yml +++ b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/model.yml @@ -15,6 +15,11 @@ extensions: extensible: summaryModel data: [] + - addsTo: + pack: codeql/ruby-all + extensible: neutralModel + data: [] + - addsTo: pack: codeql/ruby-all extensible: typeModel