Merge pull request #11631 from jcogs33/jcogs33/update-externalapi-charpredicate

Java/C#: add `isUninteresting` to `ExternalApi` characteristic predicate

Author: jcogs33

csharp/ql/src/Telemetry/ExternalApi.qll

@@ -24,14 +24,21 @@ class TestLibrary extends RefType {
   }
 }
 
+/** Holds if the given callable is not worth supporting. */
+private predicate isUninteresting(DotNet::Callable c) {
+  c.getDeclaringType() instanceof TestLibrary or
+  c.(Constructor).isParameterless()
+}
+
 /**
  * An external API from either the C# Standard Library or a 3rd party library.
  */
 class ExternalApi extends DotNet::Callable {
   ExternalApi() {
     this.isUnboundDeclaration() and
     this.fromLibrary() and
-    this.(Modifiable).isEffectivelyPublic()
+    this.(Modifiable).isEffectivelyPublic() and
+    not isUninteresting(this)
   }
 
   /**
@@ -84,17 +91,6 @@ class ExternalApi extends DotNet::Callable {
     defaultAdditionalTaintStep(this.getAnInput(), _)
   }
 
-  /** Holds if this API is a constructor without parameters. */
-  private predicate isParameterlessConstructor() {
-    this instanceof Constructor and this.getNumberOfParameters() = 0
-  }
-
-  /** Holds if this API is part of a common testing library or framework. */
-  private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
-
-  /** Holds if this API is not worth supporting. */
-  predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
-
   /** Holds if this API is a known source. */
   predicate isSource() {
     this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)

csharp/ql/src/Telemetry/ExternalLibraryUsage.ql

@@ -14,8 +14,7 @@ private predicate getRelevantUsages(string namespace, int usages) {
   usages =
     strictcount(Call c, ExternalApi api |
       c.getTarget().getUnboundDeclaration() = api and
-      api.getNamespace() = namespace and
-      not api.isUninteresting()
+      api.getNamespace() = namespace
     )
 }
 

csharp/ql/src/Telemetry/SupportedExternalApis.ql

@@ -12,11 +12,8 @@ private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSumma
 private import ExternalApi
 
 private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
-  (
-    api.isSupported() or
-    api instanceof FlowSummaryImpl::Public::NeutralCallable
-  )
+  api.isSupported() or
+  api instanceof FlowSummaryImpl::Public::NeutralCallable
 }
 
 from string info, int usages

csharp/ql/src/Telemetry/SupportedExternalSinks.ql

@@ -10,10 +10,7 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
-  api.isSink()
-}
+private predicate relevant(ExternalApi api) { api.isSink() }
 
 from string info, int usages
 where Results<relevant/1>::restrict(info, usages)

csharp/ql/src/Telemetry/SupportedExternalSources.ql

@@ -10,10 +10,7 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
-  api.isSource()
-}
+private predicate relevant(ExternalApi api) { api.isSource() }
 
 from string info, int usages
 where Results<relevant/1>::restrict(info, usages)

csharp/ql/src/Telemetry/SupportedExternalTaint.ql

@@ -10,10 +10,7 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
-  api.hasSummary()
-}
+private predicate relevant(ExternalApi api) { api.hasSummary() }
 
 from string info, int usages
 where Results<relevant/1>::restrict(info, usages)

csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql

@@ -12,7 +12,6 @@ private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSumma
 private import ExternalApi
 
 private predicate relevant(ExternalApi api) {
-  not api.isUninteresting() and
   not api.isSupported() and
   not api instanceof FlowSummaryImpl::Public::NeutralCallable
 }

csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql

@@ -16,7 +16,6 @@ private import Telemetry.ExternalApi
 from Call c, ExternalApi api
 where
   c.getTarget().getUnboundDeclaration() = api and
-  not api.isUninteresting() and
   not api.isSupported() and
   not api instanceof FlowSummaryImpl::Public::NeutralCallable
 select c, "Call to unsupported external API $@.", api, api.toString()

java/ql/src/Telemetry/ExternalApi.qll

@@ -31,11 +31,17 @@ private string containerAsJar(Container container) {
   if container instanceof JarFile then result = container.getBaseName() else result = "rt.jar"
 }
 
+/** Holds if the given callable is not worth supporting. */
+private predicate isUninteresting(Callable c) {
+  c.getDeclaringType() instanceof TestLibrary or
+  c.(Constructor).isParameterless()
+}
+
 /**
  * An external API from either the Standard Library or a 3rd party library.
  */
 class ExternalApi extends Callable {
-  ExternalApi() { not this.fromSource() }
+  ExternalApi() { not this.fromSource() and not isUninteresting(this) }
 
   /**
    * Gets information about the external API in the form expected by the CSV modeling framework.
@@ -73,18 +79,6 @@ class ExternalApi extends Callable {
     TaintTracking::localAdditionalTaintStep(this.getAnInput(), _)
   }
 
-  /** Holds if this API is a constructor without parameters. */
-  private predicate isParameterlessConstructor() {
-    this instanceof Constructor and this.getNumberOfParameters() = 0
-  }
-
-  /** Holds if this API is part of a common testing library or framework. */
-  private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
-
-  /** Holds if this API is not worth supporting. */
-  predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
-
-  /** Holds if this API is a known source. */
   predicate isSource() {
     this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)
   }

java/ql/src/Telemetry/ExternalLibraryUsage.ql

@@ -14,8 +14,7 @@ private predicate getRelevantUsages(string jarname, int usages) {
     strictcount(Call c, ExternalApi a |
       c.getCallee().getSourceDeclaration() = a and
       not c.getFile() instanceof GeneratedFile and
-      a.jarContainer() = jarname and
-      not a.isUninteresting()
+      a.jarContainer() = jarname
     )
 }