C++: Use model interfaces in SafeExternalAPIFunction and make the three previosuly-used implementation models private.

Author: MathiasVP

cpp/ql/src/Security/CWE/CWE-020/SafeExternalAPIFunction.qll

@@ -13,9 +13,7 @@ abstract class SafeExternalAPIFunction extends Function { }
 /** The default set of "safe" external APIs. */
 private class DefaultSafeExternalAPIFunction extends SafeExternalAPIFunction {
   DefaultSafeExternalAPIFunction() {
-    // implementation note: this should be based on the properties of public interfaces, rather than accessing implementation classes directly.  When we've done that, the three classes referenced here should be made fully private.
-    this instanceof PureStrFunction or
-    this instanceof StrLenFunction or
-    this instanceof PureMemFunction
+    this instanceof ArrayFunction and
+    not this.(ArrayFunction).hasArrayOutput(_)
   }
 }

cpp/ql/src/Security/CWE/CWE-020/ir/SafeExternalAPIFunction.qll

@@ -13,9 +13,7 @@ abstract class SafeExternalAPIFunction extends Function { }
 /** The default set of "safe" external APIs. */
 private class DefaultSafeExternalAPIFunction extends SafeExternalAPIFunction {
   DefaultSafeExternalAPIFunction() {
-    // implementation note: this should be based on the properties of public interfaces, rather than accessing implementation classes directly.  When we've done that, the three classes referenced here should be made fully private.
-    this instanceof PureStrFunction or
-    this instanceof StrLenFunction or
-    this instanceof PureMemFunction
+    this instanceof ArrayFunction and
+    not this.(ArrayFunction).hasArrayOutput(_)
   }
 }

cpp/ql/src/semmle/code/cpp/models/implementations/Pure.qll

@@ -8,7 +8,8 @@ import semmle.code.cpp.models.interfaces.SideEffect
  *
  * INTERNAL: do not use.
  */
-class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, SideEffectFunction {
+private class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction,
+  SideEffectFunction {
   PureStrFunction() {
     hasGlobalOrStdName([
         "atof", "atoi", "atol", "atoll", "strcasestr", "strchnul", "strchr", "strchrnul", "strstr",
@@ -68,7 +69,7 @@ class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, SideE
  *
  * INTERNAL: do not use.
  */
-class StrLenFunction extends AliasFunction, ArrayFunction, SideEffectFunction {
+private class StrLenFunction extends AliasFunction, ArrayFunction, SideEffectFunction {
   StrLenFunction() {
     hasGlobalOrStdName(["strlen", "strnlen", "wcslen"])
     or
@@ -123,7 +124,8 @@ private class PureFunction extends TaintFunction, SideEffectFunction {
  *
  * INTERNAL: do not use.
  */
-class PureMemFunction extends AliasFunction, ArrayFunction, TaintFunction, SideEffectFunction {
+private class PureMemFunction extends AliasFunction, ArrayFunction, TaintFunction,
+  SideEffectFunction {
   PureMemFunction() { hasGlobalOrStdName(["memchr", "memrchr", "rawmemchr", "memcmp", "memmem"]) }
 
   override predicate hasArrayInput(int bufParam) {