Java: Re-factor provenance related predicates for summarized callable.

michaelnebel · michaelnebel · commit 6a047d691642 · 2023-01-11T16:20:55.000+01:00
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -66,13 +66,6 @@ DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) {
   result instanceof TypeObject
 }
 
-bindingset[provenance]
-private boolean isGenerated(string provenance) {
-  provenance = "generated" and result = true
-  or
-  provenance != "generated" and result = false
-}
-
 private predicate relatedArgSpec(Callable c, string spec) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
@@ -138,19 +131,17 @@ private predicate correspondingKotlinParameterDefaultsArgSpec(
 
 /**
  * Holds if an external flow summary exists for `c` with input specification
- * `input`, output specification `output`, kind `kind`, and a flag `generated`
- * stating whether the summary is autogenerated.
+ * `input`, output specification `output`, kind `kind`, and provenance `provenance`.
  */
 predicate summaryElement(
-  SummarizedCallableBase c, string input, string output, string kind, boolean generated
+  SummarizedCallableBase c, string input, string output, string kind, string provenance
 ) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string provenance, string originalInput, string originalOutput, Callable baseCallable
+    string originalInput, string originalOutput, Callable baseCallable
   |
     summaryModel(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput,
       kind, provenance) and
-    generated = isGenerated(provenance) and
     baseCallable = interpretElement(namespace, type, subtypes, name, signature, ext) and
     (
       c.asCallable() = baseCallable and input = originalInput and output = originalOutput
@@ -163,13 +154,12 @@ predicate summaryElement(
 }
 
 /**
- * Holds if a neutral model exists for `c`, which means that there is no
- * flow through `c`. The flag `generated` states whether the model is autogenerated.
+ * Holds if a neutral model exists for `c` with provenance `provenance`,
+ * which means that there is no flow through `c`.
  */
-predicate neutralElement(SummarizedCallableBase c, boolean generated) {
-  exists(string namespace, string type, string name, string signature, string provenance |
+predicate neutralElement(SummarizedCallableBase c, string provenance) {
+  exists(string namespace, string type, string name, string signature |
     neutralModel(namespace, type, name, signature, provenance) and
-    generated = isGenerated(provenance) and
     c.asCallable() = interpretElement(namespace, type, false, name, signature, "")
   )
 }
@@ -222,16 +212,14 @@ class SourceOrSinkElement = Top;
 
 /**
  * Holds if an external source specification exists for `e` with output specification
- * `output`, kind `kind`, and a flag `generated` stating whether the source specification is
- * autogenerated.
+ * `output`, kind `kind`, and provenance `provenance`.
  */
-predicate sourceElement(SourceOrSinkElement e, string output, string kind, boolean generated) {
+predicate sourceElement(SourceOrSinkElement e, string output, string kind, string provenance) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string provenance, SourceOrSinkElement baseSource, string originalOutput
+    SourceOrSinkElement baseSource, string originalOutput
   |
     sourceModel(namespace, type, subtypes, name, signature, ext, originalOutput, kind, provenance) and
-    generated = isGenerated(provenance) and
     baseSource = interpretElement(namespace, type, subtypes, name, signature, ext) and
     (
       e = baseSource and output = originalOutput
@@ -243,16 +231,14 @@ predicate sourceElement(SourceOrSinkElement e, string output, string kind, boole
 
 /**
  * Holds if an external sink specification exists for `e` with input specification
- * `input`, kind `kind` and a flag `generated` stating whether the sink specification is
- * autogenerated.
+ * `input`, kind `kind` and provenance `provenance`.
  */
-predicate sinkElement(SourceOrSinkElement e, string input, string kind, boolean generated) {
+predicate sinkElement(SourceOrSinkElement e, string input, string kind, string provenance) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string provenance, SourceOrSinkElement baseSink, string originalInput
+    SourceOrSinkElement baseSink, string originalInput
   |
     sinkModel(namespace, type, subtypes, name, signature, ext, originalInput, kind, provenance) and
-    generated = isGenerated(provenance) and
     baseSink = interpretElement(namespace, type, subtypes, name, signature, ext) and
     (
       e = baseSink and originalInput = input
diff --git a/java/ql/src/Metrics/Summaries/GeneratedVsManualCoverage.ql b/java/ql/src/Metrics/Summaries/GeneratedVsManualCoverage.ql
@@ -26,15 +26,16 @@ private int getNumMadModeledApis(string package, string provenance) {
         sc.isAutoGenerated() and
         provenance = "generated"
         or
-        // "manual-only"
-        sc.hasProvenance(false) and
-        not sc.hasProvenance(true) and
-        provenance = "manual"
-        or
-        // "both"
-        sc.hasProvenance(false) and
-        sc.hasProvenance(true) and
-        provenance = "both"
+        sc.isManual() and
+        (
+          if sc.hasProvenance("generated")
+          then
+            // "both"
+            provenance = "both"
+          else
+            // "manual-only"
+            provenance = "manual"
+        )
       )
     )
 }
