Skip to content

Shared: Provenance-based filtering of flow summaries #21051

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
hvitved wants to merge 10 commits into
base: main
Choose a base branch
from
Draft

Shared: Provenance-based filtering of flow summaries #21051

hvitved wants to merge 10 commits into from

Conversation

@hvitved
Copy link
Contributor

@hvitved hvitved commented Dec 16, 2025

No description provided.

@hvitved hvitved force-pushed the shared/flow-summary-provenance-filtering branch 3 times, most recently from a3e585d to eb48820 Compare December 17, 2025 19:45
@github-actions github-actions bot added the JS label Dec 18, 2025
@hvitved hvitved force-pushed the shared/flow-summary-provenance-filtering branch from 1e946f8 to 30a0791 Compare December 18, 2025 10:06
This was referenced Jan 5, 2026
Closed
Merged
@hvitved hvitved force-pushed the shared/flow-summary-provenance-filtering branch 3 times, most recently from 0fbea88 to 5a2881d Compare January 13, 2026 10:08
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 13, 2026
View reviewed changes
@hvitved hvitved force-pushed the shared/flow-summary-provenance-filtering branch from 5a2881d to a941f4a Compare January 13, 2026 10:59
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 13, 2026
View reviewed changes
@hvitved hvitved force-pushed the shared/flow-summary-provenance-filtering branch 2 times, most recently from bf632b3 to c6383ff Compare January 13, 2026 13:36
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 13, 2026
View reviewed changes
@hvitved hvitved force-pushed the shared/flow-summary-provenance-filtering branch 2 times, most recently from 9f81377 to 0057ae3 Compare January 13, 2026 14:43
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 13, 2026
View reviewed changes
@hvitved hvitved force-pushed the shared/flow-summary-provenance-filtering branch 2 times, most recently from 1933d1c to 72dfe9c Compare January 14, 2026 08:30
@hvitved hvitved force-pushed the shared/flow-summary-provenance-filtering branch from 72dfe9c to 5642898 Compare January 14, 2026 10:21
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 14, 2026
View reviewed changes
javascript/ql/lib/semmle/javascript/internal/flow_summaries/UrlSearchParams.qll
}

class URLConstructor extends DataFlow::SummarizedCallable {
class URLConstructor extends DataFlow::SummarizedCallable::Range {

Check warning

Code scanning / CodeQL

Acronyms should be PascalCase/camelCase Warning

Acronyms in URLConstructor should be PascalCase/camelCase.
shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
* callable, (b) there is no manual (neutral) model, and (c) the model is inexact
* and there is no generated exact (neutral) model.
*/
final class RelevantSummarizedCallable extends SummarizedCallableFinal {

Check warning

Code scanning / CodeQL

Suggest using non-extending subtype relationships Warning

Consider defining this class as non-extending subtype of
SummarizedCallableImpl
Loading
.
@hvitved hvitved force-pushed the shared/flow-summary-provenance-filtering branch from 5642898 to 7e2be3c Compare January 14, 2026 10:54
@hvitved hvitved force-pushed the shared/flow-summary-provenance-filtering branch from 7e2be3c to 2d63aaa Compare January 14, 2026 12:18
@hvitved
Ruby: Adapt to changes in FlowSummaryImpl
044ebc3
@hvitved
Java: Adapt to changes in FlowSummaryImpl
6561b62 
Missing manual models were added using the following code added to `FlowSummaryImpl.qll`:

```ql
    private predicate testsummaryElement(
      Input::SummarizedCallableBase c, string namespace, string type, boolean subtypes, string name,
      string signature, string ext, string originalInput, string originalOutput, string kind,
      string provenance, string model, boolean isExact
    ) {
      exists(string input, string output, Callable baseCallable |
        summaryModel(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput,
          kind, provenance, model) and
        baseCallable = interpretElement(namespace, type, subtypes, name, signature, ext, isExact) and
        (
          c.asCallable() = baseCallable and input = originalInput and output = originalOutput
          or
          correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalInput,
            input) and
          correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalOutput,
            output)
        )
      )
    }

    private predicate testsummaryElement2(
      string namespace, string type, boolean subtypes, string name, string signature, string ext,
      string originalInput, string originalOutput, string kind, string provenance, string model
    ) {
      exists(Input::SummarizedCallableBase c |
        testsummaryElement(c, _, _, _, _, _, _, originalInput, originalOutput, kind, provenance,
          model, false) and
        testsummaryElement(c, namespace, type, subtypes, name, signature, ext, _, _, _, provenance,
          _, true) and
        not testsummaryElement(c, _, _, _, _, _, _, originalInput, originalOutput, kind, provenance,
          _, true)
      )
    }

    private string getAMissingManualModel() {
      exists(
        string namespace, string type, boolean subtypes, string name, string signature, string ext,
        string originalInput, string originalOutput, string kind, string provenance, string model
      |
        testsummaryElement2(namespace, type, subtypes, name, signature, ext, originalInput,
          originalOutput, kind, provenance, model) and
        result =
          "- [\"" + namespace + "\", \"" + type + "\", True, \"" + name + "\", \"" + signature +
            "\", \"\", \"" + originalInput + "\", \"" + originalOutput + "\", \"" + kind + "\", \"" +
            provenance + "\"]"
      )
    }
```
@hvitved
Swift: Adapt to changes in FlowSummaryImpl
1bf12e6
@hvitved
Go: Adapt to changes in FlowSummaryImpl
e8e044d
@hvitved
Python: Adapt to changes in FlowSummaryImpl
62bd36f
@hvitved
C++: Adapt to changes in FlowSummaryImpl
13e9bc2
@hvitved
JS: Adapt to changes in FlowSummaryImpl
4060c02
@hvitved hvitved force-pushed the shared/flow-summary-provenance-filtering branch from 2d63aaa to 4060c02 Compare January 15, 2026 08:37
@github-actions
Copy link
Contributor

github-actions bot commented Jan 15, 2026

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

java

Generated file changes for java

  • Changes to framework-coverage-java.rst:
-    `Apache Commons Collections <https://commons.apache.org/proper/commons-collections/>`_,"``org.apache.commons.collections``, ``org.apache.commons.collections4``",,1600,,,,,,,
+    `Apache Commons Collections <https://commons.apache.org/proper/commons-collections/>`_,"``org.apache.commons.collections``, ``org.apache.commons.collections4``",,1615,,,,,,,
-    Java Standard Library,``java.*``,10,4628,260,99,,9,,,26
+    Java Standard Library,``java.*``,10,4629,260,99,,9,,,26
-    `Spring <https://spring.io/>`_,``org.springframework.*``,46,492,143,26,,28,14,,35
+    `Spring <https://spring.io/>`_,``org.springframework.*``,46,494,143,26,,28,14,,35
-    Totals,,363,26372,2681,404,16,134,33,1,409
+    Totals,,363,26390,2681,404,16,134,33,1,409
  • Changes to framework-coverage-java.csv:
- java.util,48,2,1339,,,,,,,,,1,,,,,,,,,,,34,,,,3,,,,5,2,,1,2,,,,,,,,,,,,,,2,,,558,781
+ java.util,48,2,1340,,,,,,,,,1,,,,,,,,,,,34,,,,3,,,,5,2,,1,2,,,,,,,,,,,,,,2,,,558,782
- org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
+ org.apache.commons.collections4,,,815,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,798
- org.springframework.web.util,,9,157,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,132,25
+ org.springframework.web.util,,9,159,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,134,25

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

C# C++ DataFlow Library documentation Go Java JS Python Ruby Rust Pull requests that update Rust code Swift

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hvitved