Merge pull request #20109 from github/copilot/fix-20108

geoffw0 · web-flow · commit 91ced7ea0cf2 · 2025-07-23T14:33:22.000+01:00
Rust: Remove sourceModelDeprecated, summaryModelDeprecated and sinkModelDeprecated
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -2,3 +2,10 @@ When reviewing code:
 * do not review changes in files with `.expected` extension (they are automatically ensured to be correct).
 * in `.ql` and `.qll` files, do not try to review the code itself as you don't understand the programming language
   well enough to make comments in these languages. You can still check for typos or comment improvements.
+
+When editing `.ql` and `.qll` files:
+* All edited `.ql` and `.qll` files should be autoformatted afterwards using the CodeQL CLI.
+* To install and use the CodeQL CLI autoformatter:
+  1. Download and extract CodeQL CLI: `cd /tmp && curl -L -o codeql-linux64.zip https://github.com/github/codeql-cli-binaries/releases/latest/download/codeql-linux64.zip && unzip -q codeql-linux64.zip`
+  2. Add to PATH: `export PATH="/tmp/codeql:$PATH"`
+  3. Run autoformatter: `codeql query format [file] --in-place`
diff --git a/rust/ql/lib/change-notes/2025-07-23-remove-deprecated-dataflow-predicates.md b/rust/ql/lib/change-notes/2025-07-23-remove-deprecated-dataflow-predicates.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Removed deprecated dataflow extensible predicates `sourceModelDeprecated`, `sinkModelDeprecated`, and `summaryModelDeprecated`, along with their associated classes.
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
@@ -49,23 +49,6 @@ private import codeql.rust.dataflow.FlowSource
 private import codeql.rust.dataflow.FlowSink
 private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
 
-/**
- * DEPRECATED: Do not use.
- *
- * Holds if in a call to the function with canonical path `path`, defined in the
- * crate `crate`, the value referred to by `output` is a flow source of the given
- * `kind`.
- *
- * `output = "ReturnValue"` simply means the result of the call itself.
- *
- * For more information on the `kind` parameter, see
- * https://github.com/github/codeql/blob/main/docs/codeql/reusables/threat-model-description.rst.
- */
-extensible predicate sourceModelDeprecated(
-  string crate, string path, string output, string kind, string provenance,
-  QlBuiltins::ExtensionId madId
-);
-
 /**
  * Holds if in a call to the function with canonical path `path`, the value referred
  * to by `output` is a flow source of the given `kind`.
@@ -79,24 +62,6 @@ extensible predicate sourceModel(
   string path, string output, string kind, string provenance, QlBuiltins::ExtensionId madId
 );
 
-/**
- * DEPRECATED: Do not use.
- *
- * Holds if in a call to the function with canonical path `path`, defined in the
- * crate `crate`, the value referred to by `input` is a flow sink of the given
- * `kind`.
- *
- * For example, `input = Argument[0]` means the first argument of the call.
- *
- * The following kinds are supported:
- *
- * - `sql-injection`: a flow sink for SQL injection.
- */
-extensible predicate sinkModelDeprecated(
-  string crate, string path, string input, string kind, string provenance,
-  QlBuiltins::ExtensionId madId
-);
-
 /**
  * Holds if in a call to the function with canonical path `path`, the value referred
  * to by `input` is a flow sink of the given `kind`.
@@ -111,21 +76,6 @@ extensible predicate sinkModel(
   string path, string input, string kind, string provenance, QlBuiltins::ExtensionId madId
 );
 
-/**
- * DEPRECATED: Do not use.
- *
- * Holds if in a call to the function with canonical path `path`, defined in the
- * crate `crate`, the value referred to by `input` can flow to the value referred
- * to by `output`.
- *
- * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving
- * steps, respectively.
- */
-extensible predicate summaryModelDeprecated(
-  string crate, string path, string input, string output, string kind, string provenance,
-  QlBuiltins::ExtensionId madId
-);
-
 /**
  * Holds if in a call to the function with canonical path `path`, the value referred
  * to by `input` can flow to the value referred to by `output`.
@@ -144,67 +94,22 @@ extensible predicate summaryModel(
  * This predicate should only be used in tests.
  */
 predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
-  exists(string crate, string path, string output, string kind |
-    sourceModelDeprecated(crate, path, output, kind, _, madId) and
-    model = "Source: " + crate + "; " + path + "; " + output + "; " + kind
-  )
-  or
   exists(string path, string output, string kind |
     sourceModel(path, output, kind, _, madId) and
     model = "Source: " + path + "; " + output + "; " + kind
   )
   or
-  exists(string crate, string path, string input, string kind |
-    sinkModelDeprecated(crate, path, input, kind, _, madId) and
-    model = "Sink: " + crate + "; " + path + "; " + input + "; " + kind
-  )
-  or
   exists(string path, string input, string kind |
     sinkModel(path, input, kind, _, madId) and
     model = "Sink: " + path + "; " + input + "; " + kind
   )
   or
-  exists(string type, string path, string input, string output, string kind |
-    summaryModelDeprecated(type, path, input, output, kind, _, madId) and
-    model = "Summary: " + type + "; " + path + "; " + input + "; " + output + "; " + kind
-  )
-  or
   exists(string path, string input, string output, string kind |
     summaryModel(path, input, output, kind, _, madId) and
     model = "Summary: " + path + "; " + input + "; " + output + "; " + kind
   )
 }
 
-private class SummarizedCallableFromModelDeprecated extends SummarizedCallable::Range {
-  private string crate;
-  private string path;
-
-  SummarizedCallableFromModelDeprecated() {
-    summaryModelDeprecated(crate, path, _, _, _, _, _) and
-    exists(CallExprBase call, Resolvable r |
-      call.getStaticTarget() = this and
-      r = CallExprBaseImpl::getCallResolvable(call) and
-      r.getResolvedPath() = path and
-      r.getResolvedCrateOrigin() = crate
-    )
-  }
-
-  override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
-  ) {
-    exists(string kind, QlBuiltins::ExtensionId madId |
-      summaryModelDeprecated(crate, path, input, output, kind, _, madId) and
-      model = "MaD:" + madId.toString()
-    |
-      kind = "value" and
-      preservesValue = true
-      or
-      kind = "taint" and
-      preservesValue = false
-    )
-  }
-}
-
 private class SummarizedCallableFromModel extends SummarizedCallable::Range {
   private string path;
 
@@ -233,23 +138,6 @@ private class SummarizedCallableFromModel extends SummarizedCallable::Range {
   }
 }
 
-private class FlowSourceFromModelDeprecated extends FlowSource::Range {
-  private string crate;
-  private string path;
-
-  FlowSourceFromModelDeprecated() {
-    sourceModelDeprecated(crate, path, _, _, _, _) and
-    this.callResolvesTo(crate, path)
-  }
-
-  override predicate isSource(string output, string kind, Provenance provenance, string model) {
-    exists(QlBuiltins::ExtensionId madId |
-      sourceModelDeprecated(crate, path, output, kind, provenance, madId) and
-      model = "MaD:" + madId.toString()
-    )
-  }
-}
-
 private class FlowSourceFromModel extends FlowSource::Range {
   private string path;
 
@@ -266,23 +154,6 @@ private class FlowSourceFromModel extends FlowSource::Range {
   }
 }
 
-private class FlowSinkFromModelDeprecated extends FlowSink::Range {
-  private string crate;
-  private string path;
-
-  FlowSinkFromModelDeprecated() {
-    sinkModelDeprecated(crate, path, _, _, _, _) and
-    this.callResolvesTo(crate, path)
-  }
-
-  override predicate isSink(string input, string kind, Provenance provenance, string model) {
-    exists(QlBuiltins::ExtensionId madId |
-      sinkModelDeprecated(crate, path, input, kind, provenance, madId) and
-      model = "MaD:" + madId.toString()
-    )
-  }
-}
-
 private class FlowSinkFromModel extends FlowSink::Range {
   private string path;
 
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/empty.model.yml b/rust/ql/lib/codeql/rust/dataflow/internal/empty.model.yml
@@ -1,28 +1,16 @@
 extensions:
   # Make sure that the extensible model predicates have at least one definition
   # to avoid errors about undefined extensionals.
-  - addsTo:
-      pack: codeql/rust-all
-      extensible: sourceModelDeprecated
-    data: []
   - addsTo:
       pack: codeql/rust-all
       extensible: sourceModel
     data: []
 
-  - addsTo:
-      pack: codeql/rust-all
-      extensible: sinkModelDeprecated
-    data: []
   - addsTo:
       pack: codeql/rust-all
       extensible: sinkModel
     data: []
 
-  - addsTo:
-      pack: codeql/rust-all
-      extensible: summaryModelDeprecated
-    data: []
   - addsTo:
       pack: codeql/rust-all
       extensible: summaryModel

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Removed deprecated dataflow extensible predicates `sourceModelDeprecated`, `sinkModelDeprecated`, and `summaryModelDeprecated`, along with their associated classes.