Replace branch with acceptingValue

Author: owen-mc

javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll

@@ -13,7 +13,7 @@
  * - Barriers:
  *   `type, path, kind`
  * - BarrierGuards:
- *   `type, path, branch, kind`
+ *   `type, path, acceptingValue, kind`
  * - Types:
  *   `type1, type2, path`
  *
@@ -46,7 +46,7 @@
  * 3. The `input` and `output` columns specify how data enters and leaves the element selected by the
  *    first `(type, path)` tuple. Both strings are `.`-separated access paths
  *    of the same syntax as the `path` column.
- * 4. The `branch` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
+ * 4. The `acceptingValue` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
  * 5. The `kind` column is a tag that can be referenced from QL to determine to
  *    which classes the interpreted elements should be added. For example, for
  *    sources `"remote"` indicates a default remote flow source, and for summaries
@@ -360,11 +360,11 @@ private predicate barrierModel(string type, string path, string kind, string mod
 
 /** Holds if a barrier guard model exists for the given parameters. */
 private predicate barrierGuardModel(
-  string type, string path, string branch, string kind, string model
+  string type, string path, string acceptingValue, string kind, string model
 ) {
   // No deprecation adapter for barrier models, they were not around back then.
   exists(QlBuiltins::ExtensionId madId |
-    Extensions::barrierGuardModel(type, path, branch, kind, madId) and
+    Extensions::barrierGuardModel(type, path, acceptingValue, kind, madId) and
     model = "MaD:" + madId.toString()
   )
 }
@@ -788,16 +788,16 @@ module ModelOutput {
     }
 
     /**
-     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `branch`.
+     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `acceptingValue`.
      */
     cached
-    API::Node getABarrierGuardNode(string kind, boolean branch, string model) {
-      exists(string type, string path, string branch_str |
-        branch = true and branch_str = "true"
+    API::Node getABarrierGuardNode(string kind, boolean acceptingValue, string model) {
+      exists(string type, string path, string acceptingValue_str |
+        acceptingValue = true and acceptingValue_str = "true"
         or
-        branch = false and branch_str = "false"
+        acceptingValue = false and acceptingValue_str = "false"
       |
-        barrierGuardModel(type, path, branch_str, kind, model) and
+        barrierGuardModel(type, path, acceptingValue_str, kind, model) and
         result = getNodeFromPath(type, path)
       )
     }
@@ -861,12 +861,12 @@ module ModelOutput {
   API::Node getABarrierNode(string kind) { result = getABarrierNode(kind, _) }
 
   /**
-   * Holds if an external model contributed `barrier-guard` with the given `kind` and `branch`.
+   * Holds if an external model contributed `barrier-guard` with the given `kind` and `acceptingValue`.
    *
    * INTERNAL: Do not use.
    */
-  API::Node getABarrierGuardNode(string kind, boolean branch) {
-    result = getABarrierGuardNode(kind, branch, _)
+  API::Node getABarrierGuardNode(string kind, boolean acceptingValue) {
+    result = getABarrierGuardNode(kind, acceptingValue, _)
   }
 
   /**

javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll

@@ -33,11 +33,11 @@ extensible predicate barrierModel(
  * of the given `kind` and `madId` is the data extension row number.
  * `path` is assumed to lead to a parameter of a call (possibly `self`), and
  * the call is guarding the parameter.
- * `branch` is either `true` or `false`, indicating which branch of the guard
- * is protecting the parameter.
+ * `acceptingValue` is either `true` or `false`, indicating which branch of
+ * the guard is protecting the parameter.
  */
 extensible predicate barrierGuardModel(
-  string type, string path, string branch, string kind, QlBuiltins::ExtensionId madId
+  string type, string path, string acceptingValue, string kind, QlBuiltins::ExtensionId madId
 );
 
 /**

python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll

@@ -13,7 +13,7 @@
  * - Barriers:
  *   `type, path, kind`
  * - BarrierGuards:
- *   `type, path, branch, kind`
+ *   `type, path, acceptingValue, kind`
  * - Types:
  *   `type1, type2, path`
  *
@@ -46,7 +46,7 @@
  * 3. The `input` and `output` columns specify how data enters and leaves the element selected by the
  *    first `(type, path)` tuple. Both strings are `.`-separated access paths
  *    of the same syntax as the `path` column.
- * 4. The `branch` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
+ * 4. The `acceptingValue` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
  * 5. The `kind` column is a tag that can be referenced from QL to determine to
  *    which classes the interpreted elements should be added. For example, for
  *    sources `"remote"` indicates a default remote flow source, and for summaries
@@ -360,11 +360,11 @@ private predicate barrierModel(string type, string path, string kind, string mod
 
 /** Holds if a barrier guard model exists for the given parameters. */
 private predicate barrierGuardModel(
-  string type, string path, string branch, string kind, string model
+  string type, string path, string acceptingValue, string kind, string model
 ) {
   // No deprecation adapter for barrier models, they were not around back then.
   exists(QlBuiltins::ExtensionId madId |
-    Extensions::barrierGuardModel(type, path, branch, kind, madId) and
+    Extensions::barrierGuardModel(type, path, acceptingValue, kind, madId) and
     model = "MaD:" + madId.toString()
   )
 }
@@ -788,16 +788,16 @@ module ModelOutput {
     }
 
     /**
-     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `branch`.
+     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `acceptingValue`.
      */
     cached
-    API::Node getABarrierGuardNode(string kind, boolean branch, string model) {
-      exists(string type, string path, string branch_str |
-        branch = true and branch_str = "true"
+    API::Node getABarrierGuardNode(string kind, boolean acceptingValue, string model) {
+      exists(string type, string path, string acceptingValue_str |
+        acceptingValue = true and acceptingValue_str = "true"
         or
-        branch = false and branch_str = "false"
+        acceptingValue = false and acceptingValue_str = "false"
       |
-        barrierGuardModel(type, path, branch_str, kind, model) and
+        barrierGuardModel(type, path, acceptingValue_str, kind, model) and
         result = getNodeFromPath(type, path)
       )
     }
@@ -861,12 +861,12 @@ module ModelOutput {
   API::Node getABarrierNode(string kind) { result = getABarrierNode(kind, _) }
 
   /**
-   * Holds if an external model contributed `barrier-guard` with the given `kind` and `branch`.
+   * Holds if an external model contributed `barrier-guard` with the given `kind` and `acceptingValue`.
    *
    * INTERNAL: Do not use.
    */
-  API::Node getABarrierGuardNode(string kind, boolean branch) {
-    result = getABarrierGuardNode(kind, branch, _)
+  API::Node getABarrierGuardNode(string kind, boolean acceptingValue) {
+    result = getABarrierGuardNode(kind, acceptingValue, _)
   }
 
   /**

python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll

@@ -33,11 +33,11 @@ extensible predicate barrierModel(
  * of the given `kind` and `madId` is the data extension row number.
  * `path` is assumed to lead to a parameter of a call (possibly `self`), and
  * the call is guarding the parameter.
- * `branch` is either `true` or `false`, indicating which branch of the guard
- * is protecting the parameter.
+ * `acceptingValue` is either `true` or `false`, indicating which branch of
+ * the guard is protecting the parameter.
  */
 extensible predicate barrierGuardModel(
-  string type, string path, string branch, string kind, QlBuiltins::ExtensionId madId
+  string type, string path, string acceptingValue, string kind, QlBuiltins::ExtensionId madId
 );
 
 /**

ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll

@@ -13,7 +13,7 @@
  * - Barriers:
  *   `type, path, kind`
  * - BarrierGuards:
- *   `type, path, branch, kind`
+ *   `type, path, acceptingValue, kind`
  * - Types:
  *   `type1, type2, path`
  *
@@ -46,7 +46,7 @@
  * 3. The `input` and `output` columns specify how data enters and leaves the element selected by the
  *    first `(type, path)` tuple. Both strings are `.`-separated access paths
  *    of the same syntax as the `path` column.
- * 4. The `branch` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
+ * 4. The `acceptingValue` column of barrier guard models specifies which branch of the guard is blocking flow. It can be "true" or "false".
  * 5. The `kind` column is a tag that can be referenced from QL to determine to
  *    which classes the interpreted elements should be added. For example, for
  *    sources `"remote"` indicates a default remote flow source, and for summaries
@@ -360,11 +360,11 @@ private predicate barrierModel(string type, string path, string kind, string mod
 
 /** Holds if a barrier guard model exists for the given parameters. */
 private predicate barrierGuardModel(
-  string type, string path, string branch, string kind, string model
+  string type, string path, string acceptingValue, string kind, string model
 ) {
   // No deprecation adapter for barrier models, they were not around back then.
   exists(QlBuiltins::ExtensionId madId |
-    Extensions::barrierGuardModel(type, path, branch, kind, madId) and
+    Extensions::barrierGuardModel(type, path, acceptingValue, kind, madId) and
     model = "MaD:" + madId.toString()
   )
 }
@@ -788,16 +788,16 @@ module ModelOutput {
     }
 
     /**
-     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `branch`.
+     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `acceptingValue`.
      */
     cached
-    API::Node getABarrierGuardNode(string kind, boolean branch, string model) {
-      exists(string type, string path, string branch_str |
-        branch = true and branch_str = "true"
+    API::Node getABarrierGuardNode(string kind, boolean acceptingValue, string model) {
+      exists(string type, string path, string acceptingValue_str |
+        acceptingValue = true and acceptingValue_str = "true"
         or
-        branch = false and branch_str = "false"
+        acceptingValue = false and acceptingValue_str = "false"
       |
-        barrierGuardModel(type, path, branch_str, kind, model) and
+        barrierGuardModel(type, path, acceptingValue_str, kind, model) and
         result = getNodeFromPath(type, path)
       )
     }
@@ -861,12 +861,12 @@ module ModelOutput {
   API::Node getABarrierNode(string kind) { result = getABarrierNode(kind, _) }
 
   /**
-   * Holds if an external model contributed `barrier-guard` with the given `kind` and `branch`.
+   * Holds if an external model contributed `barrier-guard` with the given `kind` and `acceptingValue`.
    *
    * INTERNAL: Do not use.
    */
-  API::Node getABarrierGuardNode(string kind, boolean branch) {
-    result = getABarrierGuardNode(kind, branch, _)
+  API::Node getABarrierGuardNode(string kind, boolean acceptingValue) {
+    result = getABarrierGuardNode(kind, acceptingValue, _)
   }
 
   /**

ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll

@@ -33,11 +33,11 @@ extensible predicate barrierModel(
  * of the given `kind` and `madId` is the data extension row number.
  * `path` is assumed to lead to a parameter of a call (possibly `self`), and
  * the call is guarding the parameter.
- * `branch` is either `true` or `false`, indicating which branch of the guard
- * is protecting the parameter.
+ * `acceptingValue` is either `true` or `false`, indicating which branch of
+ * the guard is protecting the parameter.
  */
 extensible predicate barrierGuardModel(
-  string type, string path, string branch, string kind, QlBuiltins::ExtensionId madId
+  string type, string path, string acceptingValue, string kind, QlBuiltins::ExtensionId madId
 );
 
 /**

rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll

@@ -12,7 +12,7 @@
  * - Barriers:
  *   `path; output; kind; provenance`
  * - BarrierGuards:
- *   `path; input; branch; kind; provenance`
+ *   `path; input; acceptingValue; kind; provenance`
  * - Neutrals:
  *   `path; kind; provenance`
  *   A neutral is used to indicate that a callable is neutral with respect to flow (no summary), source (is not a source) or sink (is not a sink).
@@ -41,7 +41,7 @@
  *     - `Field[i]`: the `i`th element of a tuple.
  *     - `Reference`: the referenced value.
  *     - `Future`: the value being computed asynchronously.
- * 3. The `branch` column of barrier guard models specifies which branch of the
+ * 3. The `acceptingValue` column of barrier guard models specifies which branch of the
  *    guard is blocking flow. It can be "true" or "false". In the future
  *    "no-exception", "not-zero", "null", "not-null" may be supported.
  * 4. The `kind` column is a tag that can be referenced from QL to determine to
@@ -124,11 +124,12 @@ extensible predicate barrierModel(
  * extension row number.
  *
  * The value referred to by `input` is assumed to lead to an argument of a call
- * (possibly `self`), and the call is guarding the argument. `branch` is either `true`
- * or `false`, indicating which branch of the guard is protecting the argument.
+ * (possibly `self`), and the call is guarding the argument.
+ * `acceptingValue` is either `true` or `false`, indicating which branch of
+ * the guard is protecting the parameter.
  */
 extensible predicate barrierGuardModel(
-  string path, string input, string branch, string kind, string provenance,
+  string path, string input, string acceptingValue, string kind, string provenance,
   QlBuiltins::ExtensionId madId
 );
 
@@ -163,9 +164,9 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
     model = "Barrier: " + path + "; " + output + "; " + kind
   )
   or
-  exists(string path, string input, string branch, string kind |
-    barrierGuardModel(path, input, branch, kind, _, madId) and
-    model = "Barrier guard: " + path + "; " + input + "; " + branch + "; " + kind
+  exists(string path, string input, string acceptingValue, string kind |
+    barrierGuardModel(path, input, acceptingValue, kind, _, madId) and
+    model = "Barrier guard: " + path + "; " + input + "; " + acceptingValue + "; " + kind
   )
 }
 
@@ -275,10 +276,10 @@ private class FlowBarrierGuardFromModel extends FlowBarrierGuard::Range {
   }
 
   override predicate isBarrierGuard(
-    string input, string branch, string kind, Provenance provenance, string model
+    string input, string acceptingValue, string kind, Provenance provenance, string model
   ) {
     exists(QlBuiltins::ExtensionId madId |
-      barrierGuardModel(path, input, branch, kind, provenance, madId) and
+      barrierGuardModel(path, input, acceptingValue, kind, provenance, madId) and
       model = "MaD:" + madId.toString()
     )
   }

shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll

@@ -388,11 +388,11 @@ module Make<
 
       /**
        * Holds if this element is a flow barrier guard of kind `kind`, for data
-       * flowing in as described by `input`, when `this` evaluates to `branch`.
+       * flowing in as described by `input`, when `this` evaluates to `acceptingValue`.
        */
       pragma[nomagic]
       abstract predicate isBarrierGuard(
-        string input, string branch, string kind, Provenance provenance, string model
+        string input, string acceptingValue, string kind, Provenance provenance, string model
       );
     }
 
@@ -764,10 +764,10 @@ module Make<
     }
 
     private predicate isRelevantBarrierGuard(
-      BarrierGuardElement e, string input, string branch, string kind, Provenance provenance,
-      string model
+      BarrierGuardElement e, string input, string acceptingValue, string kind,
+      Provenance provenance, string model
     ) {
-      e.isBarrierGuard(input, branch, kind, provenance, model) and
+      e.isBarrierGuard(input, acceptingValue, kind, provenance, model) and
       (
         provenance.isManual()
         or
@@ -1588,11 +1588,11 @@ module Make<
      * Holds if `barrierGuard` is a relevant barrier guard element with input specification `inSpec`.
      */
     predicate barrierGuardSpec(
-      BarrierGuardElement barrierGuard, SummaryComponentStack inSpec, string branch, string kind,
-      string model
+      BarrierGuardElement barrierGuard, SummaryComponentStack inSpec, string acceptingValue,
+      string kind, string model
     ) {
       exists(string input |
-        isRelevantBarrierGuard(barrierGuard, input, branch, kind, _, model) and
+        isRelevantBarrierGuard(barrierGuard, input, acceptingValue, kind, _, model) and
         External::interpretSpec(input, inSpec)
       )
     }