Merge branch 'main' into sabrowning1/clarify-codeql-installation-vscode

Author: sabrowning1

csharp/ql/src/Telemetry/ExternalApi.qll

@@ -17,8 +17,10 @@ private import semmle.code.csharp.security.dataflow.flowsources.Remote
 class TestLibrary extends RefType {
   TestLibrary() {
     this.getNamespace()
-        .getName()
-        .matches(["NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%"])
+        .getQualifiedName()
+        .matches([
+            "NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%", "Moq%"
+          ])
   }
 }
 
@@ -114,29 +116,39 @@ class ExternalApi extends DotNet::Callable {
 int resultLimit() { result = 1000 }
 
 /**
- * Holds if the relevant usage count of `api` is `usages`.
+ * Holds if it is relevant to count usages of `api`.
  */
-signature predicate relevantUsagesSig(ExternalApi api, int usages);
+signature predicate relevantApi(ExternalApi api);
 
 /**
  * Given a predicate to count relevant API usages, this module provides a predicate
  * for restricting the number or returned results based on a certain limit.
  */
-module Results<relevantUsagesSig/2 getRelevantUsages> {
-  private int getOrder(ExternalApi api) {
-    api =
-      rank[result](ExternalApi a, int usages |
-        getRelevantUsages(a, usages)
+module Results<relevantApi/1 getRelevantUsages> {
+  private int getUsages(string apiInfo) {
+    result =
+      strictcount(DispatchCall c, ExternalApi api |
+        c = api.getACall() and
+        apiInfo = api.getInfo() and
+        getRelevantUsages(api)
+      )
+  }
+
+  private int getOrder(string apiInfo) {
+    apiInfo =
+      rank[result](string info, int usages |
+        usages = getUsages(info)
       |
-        a order by usages desc, a.getInfo()
+        info order by usages desc, info
       )
   }
 
   /**
-   * Holds if `api` is being used `usages` times and if it is
-   * in the top results (guarded by resultLimit).
+   * Holds if there exists an API with `apiInfo` that is being used `usages` times
+   * and if it is in the top results (guarded by resultLimit).
    */
-  predicate restrict(ExternalApi api, int usages) {
-    getRelevantUsages(api, usages) and getOrder(api) <= resultLimit()
+  predicate restrict(string apiInfo, int usages) {
+    usages = getUsages(apiInfo) and
+    getOrder(apiInfo) <= resultLimit()
   }
 }

csharp/ql/src/Telemetry/SupportedExternalSinks.ql

@@ -10,12 +10,11 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-private predicate getRelevantUsages(ExternalApi api, int usages) {
+private predicate relevant(ExternalApi api) {
   not api.isUninteresting() and
-  api.isSink() and
-  usages = strictcount(DispatchCall c | c = api.getACall())
+  api.isSink()
 }
 
-from ExternalApi api, int usages
-where Results<getRelevantUsages/2>::restrict(api, usages)
-select api.getInfo() as info, usages order by usages desc
+from string info, int usages
+where Results<relevant/1>::restrict(info, usages)
+select info, usages order by usages desc

csharp/ql/src/Telemetry/SupportedExternalSources.ql

@@ -10,12 +10,11 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-private predicate getRelevantUsages(ExternalApi api, int usages) {
+private predicate relevant(ExternalApi api) {
   not api.isUninteresting() and
-  api.isSource() and
-  usages = strictcount(DispatchCall c | c = api.getACall())
+  api.isSource()
 }
 
-from ExternalApi api, int usages
-where Results<getRelevantUsages/2>::restrict(api, usages)
-select api.getInfo() as info, usages order by usages desc
+from string info, int usages
+where Results<relevant/1>::restrict(info, usages)
+select info, usages order by usages desc

csharp/ql/src/Telemetry/SupportedExternalTaint.ql

@@ -10,12 +10,11 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-private predicate getRelevantUsages(ExternalApi api, int usages) {
+private predicate relevant(ExternalApi api) {
   not api.isUninteresting() and
-  api.hasSummary() and
-  usages = strictcount(DispatchCall c | c = api.getACall())
+  api.hasSummary()
 }
 
-from ExternalApi api, int usages
-where Results<getRelevantUsages/2>::restrict(api, usages)
-select api.getInfo() as info, usages order by usages desc
+from string info, int usages
+where Results<relevant/1>::restrict(info, usages)
+select info, usages order by usages desc

csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql

@@ -12,13 +12,12 @@ private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSumma
 private import semmle.code.csharp.dataflow.internal.NegativeSummary
 private import ExternalApi
 
-private predicate getRelevantUsages(ExternalApi api, int usages) {
+private predicate relevant(ExternalApi api) {
   not api.isUninteresting() and
   not api.isSupported() and
-  not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable and
-  usages = strictcount(DispatchCall c | c = api.getACall())
+  not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable
 }
 
-from ExternalApi api, int usages
-where Results<getRelevantUsages/2>::restrict(api, usages)
-select api.getInfo() as info, usages order by usages desc
+from string info, int usages
+where Results<relevant/1>::restrict(info, usages)
+select info, usages order by usages desc

java/ql/src/Telemetry/ExternalApi.qll

@@ -105,29 +105,40 @@ deprecated class ExternalAPI = ExternalApi;
 int resultLimit() { result = 1000 }
 
 /**
- * Holds if the relevant usage count of `api` is `usages`.
+ * Holds if it is relevant to count usages of `api`.
  */
-signature predicate relevantUsagesSig(ExternalApi api, int usages);
+signature predicate relevantApi(ExternalApi api);
 
 /**
  * Given a predicate to count relevant API usages, this module provides a predicate
  * for restricting the number or returned results based on a certain limit.
  */
-module Results<relevantUsagesSig/2 getRelevantUsages> {
-  private int getOrder(ExternalApi api) {
-    api =
-      rank[result](ExternalApi a, int usages |
-        getRelevantUsages(a, usages)
+module Results<relevantApi/1 getRelevantUsages> {
+  private int getUsages(string apiName) {
+    result =
+      strictcount(Call c, ExternalApi api |
+        c.getCallee().getSourceDeclaration() = api and
+        not c.getFile() instanceof GeneratedFile and
+        apiName = api.getApiName() and
+        getRelevantUsages(api)
+      )
+  }
+
+  private int getOrder(string apiInfo) {
+    apiInfo =
+      rank[result](string info, int usages |
+        usages = getUsages(info)
       |
-        a order by usages desc, a.getApiName()
+        info order by usages desc, info
       )
   }
 
   /**
-   * Holds if `api` is being used `usages` times and if it is
-   * in the top results (guarded by resultLimit).
+   * Holds if there exists an API with `apiName` that is being used `usages` times
+   * and if it is in the top results (guarded by resultLimit).
    */
-  predicate restrict(ExternalApi api, int usages) {
-    getRelevantUsages(api, usages) and getOrder(api) <= resultLimit()
+  predicate restrict(string apiName, int usages) {
+    usages = getUsages(apiName) and
+    getOrder(apiName) <= resultLimit()
   }
 }

java/ql/src/Telemetry/SupportedExternalSinks.ql

@@ -9,16 +9,11 @@
 import java
 import ExternalApi
 
-private predicate getRelevantUsages(ExternalApi api, int usages) {
+private predicate relevant(ExternalApi api) {
   not api.isUninteresting() and
-  api.isSink() and
-  usages =
-    strictcount(Call c |
-      c.getCallee().getSourceDeclaration() = api and
-      not c.getFile() instanceof GeneratedFile
-    )
+  api.isSink()
 }
 
-from ExternalApi api, int usages
-where Results<getRelevantUsages/2>::restrict(api, usages)
-select api.getApiName() as apiname, usages order by usages desc
+from string apiName, int usages
+where Results<relevant/1>::restrict(apiName, usages)
+select apiName, usages order by usages desc

java/ql/src/Telemetry/SupportedExternalSources.ql

@@ -9,16 +9,11 @@
 import java
 import ExternalApi
 
-private predicate getRelevantUsages(ExternalApi api, int usages) {
+private predicate relevant(ExternalApi api) {
   not api.isUninteresting() and
-  api.isSource() and
-  usages =
-    strictcount(Call c |
-      c.getCallee().getSourceDeclaration() = api and
-      not c.getFile() instanceof GeneratedFile
-    )
+  api.isSource()
 }
 
-from ExternalApi api, int usages
-where Results<getRelevantUsages/2>::restrict(api, usages)
-select api.getApiName() as apiname, usages order by usages desc
+from string apiName, int usages
+where Results<relevant/1>::restrict(apiName, usages)
+select apiName, usages order by usages desc

java/ql/src/Telemetry/SupportedExternalTaint.ql

@@ -9,16 +9,11 @@
 import java
 import ExternalApi
 
-private predicate getRelevantUsages(ExternalApi api, int usages) {
+private predicate relevant(ExternalApi api) {
   not api.isUninteresting() and
-  api.hasSummary() and
-  usages =
-    strictcount(Call c |
-      c.getCallee().getSourceDeclaration() = api and
-      not c.getFile() instanceof GeneratedFile
-    )
+  api.hasSummary()
 }
 
-from ExternalApi api, int usages
-where Results<getRelevantUsages/2>::restrict(api, usages)
-select api.getApiName() as apiname, usages order by usages desc
+from string apiName, int usages
+where Results<relevant/1>::restrict(apiName, usages)
+select apiName, usages order by usages desc

java/ql/src/Telemetry/UnsupportedExternalAPIs.ql

@@ -11,17 +11,12 @@ import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 import semmle.code.java.dataflow.internal.NegativeSummary
 import ExternalApi
 
-private predicate getRelevantUsages(ExternalApi api, int usages) {
+private predicate relevant(ExternalApi api) {
   not api.isUninteresting() and
   not api.isSupported() and
-  not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable and
-  usages =
-    strictcount(Call c |
-      c.getCallee().getSourceDeclaration() = api and
-      not c.getFile() instanceof GeneratedFile
-    )
+  not api instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable
 }
 
-from ExternalApi api, int usages
-where Results<getRelevantUsages/2>::restrict(api, usages)
-select api.getApiName() as apiname, usages order by usages desc
+from string apiName, int usages
+where Results<relevant/1>::restrict(apiName, usages)
+select apiName, usages order by usages desc