Python: No longer use models-as-data CSV interface

github · Apr 11, 2024 · 53a1b6c · 53a1b6c
1 parent 0e277d0
commit 53a1b6c
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 54 deletions.
diff --git a/python/ql/lib/semmle/python/frameworks/Asyncpg.model.yml b/python/ql/lib/semmle/python/frameworks/Asyncpg.model.yml
@@ -0,0 +1,29 @@
+extensions:
+  - addsTo:
+      pack: codeql/python-all
+      extensible: sinkModel
+    data:
+      # `Connection`s and `ConnectionPool`s provide some methods that execute SQL.
+      - ['asyncpg.~Connection', 'Member[copy_from_query,execute,fetch,fetchrow,fetchval].Argument[0,query:]', 'sql-injection']
+      - ['asyncpg.~Connection', 'Member[executemany].Argument[0,command:]', 'sql-injection']
+      # A model of `Connection` and `ConnectionPool`, which provide some methods that access the file system.
+      - ['asyncpg.~Connection', 'Member[copy_from_query,copy_from_table].Argument[output:]', 'path-injection']
+      - ['asyncpg.~Connection', 'Member[copy_to_table].Argument[source:]', 'path-injection']
+      # the `PreparedStatement` class in `asyncpg`.
+      - ['asyncpg.Connection', 'Member[prepare].Argument[0,query:]', 'sql-injection']
+
+  - addsTo:
+      pack: codeql/python-all
+      extensible: typeModel
+    data:
+      # a `ConnectionPool` that is created when the result of `asyncpg.create_pool()` is awaited.
+      - ['asyncpg.Connection', 'asyncpg.ConnectionPool', 'Member[acquire].ReturnValue.Awaited']
+      # a `Connection` that is created when
+      # * - the result of `asyncpg.connect()` is awaited.
+      # * - the result of calling `acquire` on a `ConnectionPool` is awaited.
+      - ['asyncpg.Connection', 'asyncpg', 'Member[connect].ReturnValue.Awaited']
+      - ['asyncpg.Connection', 'asyncpg', 'Member[connection].Member[connect].ReturnValue.Awaited']
+      - ['asyncpg.ConnectionPool', 'asyncpg', 'Member[create_pool].ReturnValue.Awaited']
+      # Creating an internal `~Connection` type that contains both `Connection` and `ConnectionPool`.
+      - ['asyncpg.~Connection', 'asyncpg.Connection', '']
+      - ['asyncpg.~Connection', 'asyncpg.ConnectionPool', '']
diff --git a/python/ql/lib/semmle/python/frameworks/Asyncpg.qll b/python/ql/lib/semmle/python/frameworks/Asyncpg.qll
@@ -11,43 +11,6 @@ private import semmle.python.frameworks.data.ModelsAsData
 
 /** Provides models for the `asyncpg` PyPI package. */
 private module Asyncpg {
-  class AsyncpgModel extends ModelInput::TypeModelCsv {
-    override predicate row(string row) {
-      // type1;type2;path
-      row =
-        [
-          // a `ConnectionPool` that is created when the result of `asyncpg.create_pool()` is awaited.
-          "asyncpg.ConnectionPool;asyncpg;Member[create_pool].ReturnValue.Awaited",
-          // a `Connection` that is created when
-          // * - the result of `asyncpg.connect()` is awaited.
-          // * - the result of calling `acquire` on a `ConnectionPool` is awaited.
-          "asyncpg.Connection;asyncpg;Member[connect].ReturnValue.Awaited",
-          "asyncpg.Connection;asyncpg;Member[connection].Member[connect].ReturnValue.Awaited",
-          "asyncpg.Connection;asyncpg.ConnectionPool;Member[acquire].ReturnValue.Awaited",
-          // Creating an internal `~Connection` type that contains both `Connection` and `ConnectionPool`.
-          "asyncpg.~Connection;asyncpg.Connection;", //
-          "asyncpg.~Connection;asyncpg.ConnectionPool;"
-        ]
-    }
-  }
-
-  class AsyncpgSink extends ModelInput::SinkModelCsv {
-    // type;path;kind
-    override predicate row(string row) {
-      row =
-        [
-          // `Connection`s and `ConnectionPool`s provide some methods that execute SQL.
-          "asyncpg.~Connection;Member[copy_from_query,execute,fetch,fetchrow,fetchval].Argument[0,query:];sql-injection",
-          "asyncpg.~Connection;Member[executemany].Argument[0,command:];sql-injection",
-          // A model of `Connection` and `ConnectionPool`, which provide some methods that access the file system.
-          "asyncpg.~Connection;Member[copy_from_query,copy_from_table].Argument[output:];path-injection",
-          "asyncpg.~Connection;Member[copy_to_table].Argument[source:];path-injection",
-          // the `PreparedStatement` class in `asyncpg`.
-          "asyncpg.Connection;Member[prepare].Argument[0,query:];sql-injection",
-        ]
-    }
-  }
-
   /**
    * Provides models of the `Cursor` class in `asyncpg`.
    * `Cursor`s are created

diff --git a/python/ql/test/library-tests/frameworks/data/warnings.expected b/python/ql/test/library-tests/frameworks/data/warnings.expected
@@ -1,5 +1,3 @@
-| CSV type row should have 3 columns but has 1: test.TooFewColumns |
-| CSV type row should have 3 columns but has 6: test.TooManyColumns;;Member[Foo].Instance;too;many;columns |
 | Invalid argument '0-1' in token 'Argument[0-1]' in access path: Method[foo].Argument[0-1] |
 | Invalid argument '*' in token 'Argument[*]' in access path: Method[foo].Argument[*] |
 | Invalid token 'Argument' is missing its arguments, in access path: Method[foo].Argument |

diff --git a/python/ql/test/library-tests/frameworks/data/warnings.ql b/python/ql/test/library-tests/frameworks/data/warnings.ql
@@ -2,21 +2,6 @@ import python
 import semmle.python.frameworks.data.internal.ApiGraphModels as ApiGraphModels
 import semmle.python.frameworks.data.ModelsAsData
 
-private class InvalidTypeModel extends ModelInput::TypeModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "test.TooManyColumns;;Member[Foo].Instance;too;many;columns", //
-        "test.TooFewColumns", //
-        "test.X;test.Y;Method[foo].Arg[0]", //
-        "test.X;test.Y;Method[foo].Argument[0-1]", //
-        "test.X;test.Y;Method[foo].Argument[*]", //
-        "test.X;test.Y;Method[foo].Argument", //
-        "test.X;test.Y;Method[foo].Member", //
-      ]
-  }
-}
-
 class IsTesting extends ApiGraphModels::TestAllModels {
   IsTesting() { this = this }
 }