Python: Adapt to changes in FlowSummaryImpl

hvitved · hvitved · commit 62148a3ec59b · 2025-12-17T20:25:33.000+01:00
diff --git a/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll b/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll
@@ -22,6 +22,8 @@ deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack;
 
 deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack;
 
+class Provenance = Impl::Public::Provenance;
+
 /** A callable with a flow summary, identified by a unique string. */
 abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable {
   bindingset[this]
@@ -31,13 +33,16 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari
    * DEPRECATED: Use `propagatesFlow` instead.
    */
   deprecated predicate propagatesFlowExt(string input, string output, boolean preservesValue) {
-    this.propagatesFlow(input, output, preservesValue, _)
+    this.propagatesFlow(input, output, preservesValue, _, _, _)
   }
 
   override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
+    string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
   ) {
-    this.propagatesFlow(input, output, preservesValue) and model = this
+    this.propagatesFlow(input, output, preservesValue) and
+    p = "manual" and
+    isExact = true and
+    model = this
   }
 
   /**
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
@@ -30,7 +30,7 @@ private module SummaryTypeTrackerInput implements SummaryTypeTracker::Input {
     predicate propagatesFlow(
       SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
     ) {
-      super.propagatesFlow(input, output, preservesValue, _)
+      super.propagatesFlow(input, output, preservesValue, _, _, _)
     }
   }
 
diff --git a/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll b/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll
@@ -36,9 +36,13 @@ private class ThreatModelSourceFromDataExtension extends ThreatModelSource::Rang
 private class SummarizedCallableFromModel extends SummarizedCallable {
   string type;
   string path;
+  string input_;
+  string output_;
+  string kind;
+  string model_;
 
   SummarizedCallableFromModel() {
-    ModelOutput::relevantSummaryModel(type, path, _, _, _, _) and
+    ModelOutput::relevantSummaryModel(type, path, input_, output_, kind, model_) and
     this = type + ";" + path
   }
 
@@ -52,14 +56,13 @@ private class SummarizedCallableFromModel extends SummarizedCallable {
   }
 
   override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
+    string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
   ) {
-    exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind, model) |
-      kind = "value" and
-      preservesValue = true
-      or
-      kind = "taint" and
-      preservesValue = false
-    )
+    input = input_ and
+    output = output_ and
+    (if kind = "value" then preservesValue = true else preservesValue = false) and
+    p = "manual" and
+    isExact = true and
+    model = model_
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ private module SummaryTypeTrackerInput implements SummaryTypeTracker::Input {`
`30`	`30`	`predicate propagatesFlow(`
`31`	`31`	`SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue`
`32`	`32`	`) {`
`33`		`- super.propagatesFlow(input, output, preservesValue, _)`
	`33`	`+ super.propagatesFlow(input, output, preservesValue, _, _, _)`
`34`	`34`	`}`
`35`	`35`	`}`
`36`	`36`