Rust: Make current MaD predicates deprecated #19502
Conversation
In preparation for a transition period where we will allow for MaD definitions using extractor-provided canonical paths as well as the future QL-provided canonical paths.
hvitved
force-pushed
the
rust/deprecate-mad-predicates
branch
from
d5e2958 to
7c986d8
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR marks existing MaD (Model as Data) predicates as deprecated by renaming all sourceModel, sinkModel, and summaryModel extensionals to *Deprecated, and updates the QLL logic to consume only the deprecated predicates.
- Rename all YAML
extensibleentries to<modelType>Deprecated - Update
ModelsAsData.qllto reference the new deprecated predicate names
Reviewed Changes
Copilot reviewed 26 out of 26 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.ext.yml | Updated sinkModel to sinkModelDeprecated |
| rust/ql/test/library-tests/dataflow/models/models.ext.yml | Renamed sourceModel, sinkModel, summaryModel entries to deprecated variants |
| rust/ql/lib/codeql/rust/frameworks/**/*.model.yml | Renamed all framework models (sourceModel, sinkModel, summaryModel) to deprecated variants |
| rust/ql/lib/codeql/rust/dataflow/internal/empty.model.yml | Added deprecated suffix to all internal extensionals |
| rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll | Updated predicate definitions and consumer logic to use the deprecated predicate names |
Comments suppressed due to low confidence (1)
rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.ext.yml:4
- Add or update a test to ensure that
sinkModelDeprecatedentries are correctly interpreted by the parser, mirroring existing coverage for the non-deprecatedsinkModel.
extensible: sinkModelDeprecated
| @@ -58,7 +58,7 @@ private import codeql.rust.dataflow.FlowSink | |||
| * For more information on the `kind` parameter, see | |||
| * https://github.com/github/codeql/blob/main/docs/codeql/reusables/threat-model-description.rst. | |||
| */ | |||
| extensible predicate sourceModel( | |||
| extensible predicate sourceModelDeprecated( | |||
There was a problem hiding this comment.
To preserve backward compatibility during the transition, consider leaving the original sourceModel (and its sink/summary counterparts) as wrapper predicates that forward to sourceModelDeprecated, so existing models won’t break immediately.
Copilot uses AI. Check for mistakes.
| @@ -2,6 +2,6 @@ | |||
| extensions: | |||
| - addsTo: | |||
| pack: codeql/rust-all | |||
There was a problem hiding this comment.
[nitpick] Add a comment above this line (e.g. # Deprecated in favor of extractor-provided canonical paths) to clearly document that this model entry is deprecated and will be replaced in a future release.
| pack: codeql/rust-all | |
| pack: codeql/rust-all | |
| # Deprecated in favor of extractor-provided canonical paths |
Copilot uses AI. Check for mistakes.
|
Unless I'm missing something this will break the generated models the next time we run the model generator as it still outputs rows for predicates with the names The predicate names are specified in a shared script so it's not trivial to just rename them. Perhaps the absolutely easiest thing we could do is just to keep the current predicates as aliases for those with the |
| @@ -74,7 +74,7 @@ extensible predicate sourceModel( | |||
| * | |||
| * - `sql-injection`: a flow sink for SQL injection. | |||
| */ | |||
| extensible predicate sinkModel( | |||
| extensible predicate sinkModelDeprecated( | |||
There was a problem hiding this comment.
We should probably explain what's going on in the qldoc here, i.e. that a new format is coming soon but is not available yet (usually we would link to replacing predicate, but I understand these don't yet exist).
In preparation for a transition period where we will allow for MaD definitions using extractor-provided canonical paths as well as the future QL-provided canonical paths.