From 13e0829d19c85c61f28ffc1145602a797a7a314b Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Tue, 28 Jan 2025 15:00:58 +0100
Subject: [PATCH] Shared: Generalize the number of columns in a generated MaD
 row

---
 .../modelgenerator/internal/CaptureModels.qll | 24 +++++++++++-
 .../internal/CaptureModelsPrinting.qll        |  6 ++-
 .../modelgenerator/internal/CaptureModels.qll | 29 +++++++++++----
 .../internal/CaptureModelsPrinting.qll        |  4 +-
 .../internal/ModelGeneratorImpl.qll           | 22 ++++++-----
 .../modelgenerator/internal/ModelPrinting.qll | 37 ++++++-------------
 6 files changed, 76 insertions(+), 46 deletions(-)

diff --git a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
index aa456fe2c790..f5fc49354be5 100644
--- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -361,7 +361,29 @@ module ModelGeneratorInput implements ModelGeneratorInputSig<Location, CsharpDat
     c.isDelegateCallReturn() and result = "ReturnValue"
   }
 
-  predicate partialModel = ExternalFlow::partialModel/6;
+  string partialModelRow(Callable api, int i) {
+    i = 0 and ExternalFlow::partialModel(api, result, _, _, _, _) // package
+    or
+    i = 1 and ExternalFlow::partialModel(api, _, result, _, _, _) // type
+    or
+    i = 2 and ExternalFlow::partialModel(api, _, _, result, _, _) // extensible
+    or
+    i = 3 and ExternalFlow::partialModel(api, _, _, _, result, _) // name
+    or
+    i = 4 and ExternalFlow::partialModel(api, _, _, _, _, result) // parameters
+    or
+    i = 5 and result = "" // ext
+  }
+
+  string partialNeutralModelRow(Callable api, int i) {
+    i = 0 and result = partialModelRow(api, 0) // package
+    or
+    i = 1 and result = partialModelRow(api, 1) // type
+    or
+    i = 2 and result = partialModelRow(api, 3) // name
+    or
+    i = 3 and result = partialModelRow(api, 4) // parameters
+  }
 
   predicate sourceNode = ExternalFlow::sourceNode/2;
 
diff --git a/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll b/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll
index 90452b1fc91e..97e58d439f0c 100644
--- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll
+++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll
@@ -1,11 +1,13 @@
 private import csharp as CS
 private import codeql.mad.modelgenerator.internal.ModelPrinting
-private import semmle.code.csharp.dataflow.internal.ExternalFlow as ExternalFlow
+private import CaptureModels::ModelGeneratorInput as ModelGeneratorInput
 
 private module ModelPrintingLang implements ModelPrintingLangSig {
   class Callable = CS::Callable;
 
-  predicate partialModel = ExternalFlow::partialModel/6;
+  predicate partialModelRow = ModelGeneratorInput::partialModelRow/2;
+
+  predicate partialNeutralModelRow = ModelGeneratorInput::partialNeutralModelRow/2;
 }
 
 import ModelPrintingImpl<ModelPrintingLang>
diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
index 3e8859be9326..113e9bd2c2f8 100644
--- a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -282,13 +282,28 @@ module ModelGeneratorInput implements ModelGeneratorInputSig<Location, JavaDataF
     c instanceof DataFlowUtil::MapKeyContent and result = "MapKey"
   }
 
-  predicate partialModel(
-    Callable api, string package, string type, string extensible, string name, string parameters
-  ) {
-    qualifiedName(api, package, type) and
-    extensible = isExtensible(api) and
-    name = api.getName() and
-    parameters = ExternalFlow::paramsString(api)
+  string partialModelRow(Callable api, int i) {
+    i = 0 and qualifiedName(api, result, _) // package
+    or
+    i = 1 and qualifiedName(api, _, result) // type
+    or
+    i = 2 and result = isExtensible(api) // extensible
+    or
+    i = 3 and result = api.getName() // name
+    or
+    i = 4 and result = ExternalFlow::paramsString(api) // parameters
+    or
+    i = 5 and result = "" // ext
+  }
+
+  string partialNeutralModelRow(Callable api, int i) {
+    i = 0 and qualifiedName(api, result, _) // package
+    or
+    i = 1 and qualifiedName(api, _, result) // type
+    or
+    i = 2 and result = api.getName() // name
+    or
+    i = 3 and result = ExternalFlow::paramsString(api) // parameters
   }
 
   predicate sourceNode = ExternalFlow::sourceNode/2;
diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll
index dbf08b15e902..4b376654afbe 100644
--- a/java/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll
+++ b/java/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll
@@ -5,7 +5,9 @@ private import CaptureModels::ModelGeneratorInput as ModelGeneratorInput
 private module ModelPrintingLang implements ModelPrintingLangSig {
   class Callable = J::Callable;
 
-  predicate partialModel = ModelGeneratorInput::partialModel/6;
+  predicate partialModelRow = ModelGeneratorInput::partialModelRow/2;
+
+  predicate partialNeutralModelRow = ModelGeneratorInput::partialNeutralModelRow/2;
 }
 
 import ModelPrintingImpl<ModelPrintingLang>
diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll
index 5b53943ff832..64b5b0c3b1f9 100644
--- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll
+++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll
@@ -238,12 +238,14 @@ signature module ModelGeneratorInputSig<LocationSig Location, InputSig<Location>
   predicate isUninterestingForHeuristicDataFlowModels(Callable api);
 
   /**
-   * Holds if `namespace`, `type`, `extensible`, `name` and `parameters` are string representations
-   * for the corresponding MaD columns for `api`.
+   * Gets the string representation for the `i`th column in the MaD row for `api`.
    */
-  predicate partialModel(
-    Callable api, string namespace, string type, string extensible, string name, string parameters
-  );
+  string partialModelRow(Callable api, int i);
+
+  /**
+   * Gets the string representation for the `i`th column in the neutral MaD row for `api`.
+   */
+  string partialNeutralModelRow(Callable api, int i);
 
   /**
    * Holds if `node` is specified as a source with the given kind in a MaD flow
@@ -274,7 +276,9 @@ module MakeModelGenerator<
   private module ModelPrintingLang implements ModelPrintingLangSig {
     class Callable = ModelGeneratorInput::Callable;
 
-    predicate partialModel = ModelGeneratorInput::partialModel/6;
+    predicate partialModelRow = ModelGeneratorInput::partialModelRow/2;
+
+    predicate partialNeutralModelRow = ModelGeneratorInput::partialNeutralModelRow/2;
   }
 
   private import ModelPrintingImpl<ModelPrintingLang> as Printing
@@ -436,7 +440,7 @@ module MakeModelGenerator<
   }
 
   /**
-   * A data-flow configuration for tracking flow through APIs.
+   * A data flow configuration for tracking flow through APIs.
    * The sources are the parameters of an API and the sinks are the return values (excluding `this`) and parameters.
    *
    * This can be used to generate Flow summaries for APIs from parameter to return.
@@ -952,7 +956,7 @@ module MakeModelGenerator<
   }
 
   /**
-   * A dataflow configuration used for finding new sources.
+   * A data flow configuration used for finding new sources.
    * The sources are the already known existing sources and the sinks are the API return nodes.
    *
    * This can be used to generate Source summaries for an API, if the API expose an already known source
@@ -997,7 +1001,7 @@ module MakeModelGenerator<
   }
 
   /**
-   * A dataflow configuration used for finding new sinks.
+   * A data flow configuration used for finding new sinks.
    * The sources are the parameters of the API and the fields of the enclosing type.
    *
    * This can be used to generate Sink summaries for APIs, if the API propagates a parameter (or enclosing type field)
diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelPrinting.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelPrinting.qll
index 4f5fa59d5377..7cd4906ac660 100644
--- a/shared/mad/codeql/mad/modelgenerator/internal/ModelPrinting.qll
+++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelPrinting.qll
@@ -5,13 +5,14 @@ signature module ModelPrintingLangSig {
   class Callable;
 
   /**
-   * Holds if `container`, `type`, `name`, and `parameters` contain the type signature of `api`
-   * and `extensible` is the string representation of a boolean that is true, if
-   * `api` can be overridden (otherwise false).
+   * Gets the string representation for the `i`th column in the MaD row for `api`.
    */
-  predicate partialModel(
-    Callable api, string container, string type, string extensible, string name, string parameters
-  );
+  string partialModelRow(Callable api, int i);
+
+  /**
+   * Gets the string representation for the `i`th column in the neutral MaD row for `api`.
+   */
+  string partialNeutralModelRow(Callable api, int i);
 }
 
 module ModelPrintingImpl<ModelPrintingLangSig Lang> {
@@ -33,33 +34,17 @@ module ModelPrintingImpl<ModelPrintingLangSig Lang> {
 
   module ModelPrinting<ModelPrintingSig Printing> {
     /**
-     * Computes the first 6 columns for MaD rows used for summaries, sources and sinks.
+     * Computes the first columns for MaD rows used for summaries, sources and sinks.
      */
     private string asPartialModel(Lang::Callable api) {
-      exists(string container, string type, string extensible, string name, string parameters |
-        Lang::partialModel(api, container, type, extensible, name, parameters) and
-        result =
-          container + ";" //
-            + type + ";" //
-            + extensible + ";" //
-            + name + ";" //
-            + parameters + ";" //
-            + /* ext + */ ";" //
-      )
+      result = concat(int i | | Lang::partialModelRow(api, i), ";" order by i) + ";"
     }
 
     /**
-     * Computes the first 4 columns for neutral MaD rows.
+     * Computes the first columns for neutral MaD rows.
      */
     private string asPartialNeutralModel(Printing::SummaryApi api) {
-      exists(string container, string type, string name, string parameters |
-        Lang::partialModel(api, container, type, _, name, parameters) and
-        result =
-          container + ";" //
-            + type + ";" //
-            + name + ";" //
-            + parameters + ";" //
-      )
+      result = concat(int i | | Lang::partialNeutralModelRow(api, i), ";" order by i) + ";"
     }
 
     /**