Add provenance support to data extensions editor

The data extensions editor was always setting the `provenance` field of
MaD to `manual`. This will change the `provenance` to be either
`editor-manual` (for models which were added by the user),
`df-generated` (for models generated by the dataflow generator), and
`df-manual` (for models generated and then edited). This makes it easier
to trace the origin of a model.

Author: koesie10

extensions/ql-vscode/src/data-extensions-editor/modeled-method.ts

@@ -5,11 +5,20 @@ export type ModeledMethodType =
   | "summary"
   | "neutral";
 
+export type Provenance =
+  // Generated by the dataflow model
+  | "df-generated"
+  // Generated by the dataflow model and manually edited
+  | "df-manual"
+  // Entered by the user in the editor manually
+  | "editor-manual";
+
 export type ModeledMethod = {
   type: ModeledMethodType;
   input: string;
   output: string;
   kind: string;
+  provenance: Provenance;
 };
 
 export type ModeledMethodWithSignature = {

extensions/ql-vscode/src/data-extensions-editor/predicates.ts

@@ -3,6 +3,7 @@ import {
   ModeledMethod,
   ModeledMethodType,
   ModeledMethodWithSignature,
+  Provenance,
 } from "./modeled-method";
 
 export type ExternalApiUsageByType = {
@@ -43,7 +44,7 @@ export const extensiblePredicateDefinitions: Record<
       "",
       method.modeledMethod.output,
       method.modeledMethod.kind,
-      "manual",
+      method.modeledMethod.provenance,
     ],
     readModeledMethod: (row) => ({
       signature: readRowToMethod(row),
@@ -52,6 +53,7 @@ export const extensiblePredicateDefinitions: Record<
         input: "",
         output: row[6] as string,
         kind: row[7] as string,
+        provenance: row[8] as Provenance,
       },
     }),
     supportedKinds: ["remote"],
@@ -71,7 +73,7 @@ export const extensiblePredicateDefinitions: Record<
       "",
       method.modeledMethod.input,
       method.modeledMethod.kind,
-      "manual",
+      method.modeledMethod.provenance,
     ],
     readModeledMethod: (row) => ({
       signature: readRowToMethod(row),
@@ -80,6 +82,7 @@ export const extensiblePredicateDefinitions: Record<
         input: row[6] as string,
         output: "",
         kind: row[7] as string,
+        provenance: row[8] as Provenance,
       },
     }),
     supportedKinds: ["sql", "xss", "logging"],
@@ -100,7 +103,7 @@ export const extensiblePredicateDefinitions: Record<
       method.modeledMethod.input,
       method.modeledMethod.output,
       method.modeledMethod.kind,
-      "manual",
+      method.modeledMethod.provenance,
     ],
     readModeledMethod: (row) => ({
       signature: readRowToMethod(row),
@@ -109,6 +112,7 @@ export const extensiblePredicateDefinitions: Record<
         input: row[6] as string,
         output: row[7] as string,
         kind: row[8] as string,
+        provenance: row[9] as Provenance,
       },
     }),
     supportedKinds: ["taint", "value"],
@@ -123,7 +127,7 @@ export const extensiblePredicateDefinitions: Record<
       method.externalApiUsage.typeName,
       method.externalApiUsage.methodName,
       method.externalApiUsage.methodParameters,
-      "manual",
+      method.modeledMethod.provenance,
     ],
     readModeledMethod: (row) => ({
       signature: `${row[0]}.${row[1]}#${row[2]}${row[3]}`,
@@ -132,6 +136,7 @@ export const extensiblePredicateDefinitions: Record<
         input: "",
         output: "",
         kind: "",
+        provenance: row[4] as Provenance,
       },
     }),
   },

extensions/ql-vscode/src/stories/data-extensions-editor/DataExtensionsEditor.stories.tsx

@@ -210,30 +210,35 @@ DataExtensionsEditor.args = {
       input: "Argument[0]",
       output: "",
       kind: "jndi-injection",
+      provenance: "df-generated",
     },
     "org.sql2o.Connection#createQuery(String)": {
       type: "summary",
       input: "Argument[this]",
       output: "ReturnValue",
       kind: "taint",
+      provenance: "df-manual",
     },
     "org.sql2o.Sql2o#open()": {
       type: "summary",
       input: "Argument[this]",
       output: "ReturnValue",
       kind: "taint",
+      provenance: "editor-manual",
     },
     "org.sql2o.Query#executeScalar(Class)": {
       type: "neutral",
       input: "",
       output: "",
       kind: "",
+      provenance: "df-generated",
     },
     "org.sql2o.Sql2o#Sql2o(String,String,String)": {
       type: "neutral",
       input: "",
       output: "",
       kind: "",
+      provenance: "df-generated",
     },
   },
 };

extensions/ql-vscode/src/stories/data-extensions-editor/MethodRow.stories.tsx

@@ -50,5 +50,6 @@ MethodRow.args = {
     input: "Argument[this]",
     output: "ReturnValue",
     kind: "taint",
+    provenance: "editor-manual",
   },
 };

extensions/ql-vscode/src/view/data-extensions-editor/MethodRow.tsx

@@ -70,6 +70,10 @@ export const MethodRow = ({
         kind: "value",
         ...modeledMethod,
         type: target.value as ModeledMethodType,
+        provenance:
+          modeledMethod?.provenance === "df-generated"
+            ? "df-manual"
+            : "editor-manual",
       });
     },
     [onChange, externalApiUsage, modeledMethod, argumentsList],

extensions/ql-vscode/test/unit-tests/data-extensions-editor/yaml.test.ts

@@ -75,6 +75,7 @@ describe("createDataExtensionYaml", () => {
           input: "Argument[0]",
           output: "",
           kind: "sql",
+          provenance: "df-generated",
         },
       },
     );
@@ -89,7 +90,7 @@ describe("createDataExtensionYaml", () => {
       pack: codeql/java-all
       extensible: sinkModel
     data:
-      - ["org.sql2o","Connection",true,"createQuery","(String)","","Argument[0]","sql","manual"]
+      - ["org.sql2o","Connection",true,"createQuery","(String)","","Argument[0]","sql","df-generated"]
 
   - addsTo:
       pack: codeql/java-all
@@ -171,6 +172,7 @@ describe("loadDataExtensionYaml", () => {
         kind: "sql",
         output: "",
         type: "sink",
+        provenance: "manual",
       },
     });
   });