Java: Merge packages that likely belong to the same framework.

aschackmull · aschackmull · commit 234f62fd0554 · 2021-03-24T13:17:04.000+01:00
diff --git a/java/ql/src/meta/frameworks/Coverage.ql b/java/ql/src/meta/frameworks/Coverage.ql
@@ -2,13 +2,13 @@
  * @name Framework coverage
  * @description The number of API endpoints covered by CSV models sorted by
  *              package and source-, sink-, and summary-kind.
- * @kind metric
+ * @kind table
  * @id java/meta/framework-coverage
  */
 
 import java
 import semmle.code.java.dataflow.ExternalFlow
 
-from string package, string kind, string part, int n
-where modelCoverage(package, kind, part, n)
-select package, kind, part, n
+from string package, int pkgs, string kind, string part, int n
+where modelCoverage(package, pkgs, kind, part, n)
+select package, pkgs, kind, part, n
diff --git a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
@@ -204,27 +204,58 @@ private predicate summaryModel(
   )
 }
 
+private predicate relevantPackage(string package) {
+  sourceModel(package, _, _, _, _, _, _, _) or
+  sinkModel(package, _, _, _, _, _, _, _) or
+  summaryModel(package, _, _, _, _, _, _, _, _)
+}
+
+private predicate packageLink(string shortpkg, string longpkg) {
+  relevantPackage(shortpkg) and
+  relevantPackage(longpkg) and
+  longpkg.prefix(longpkg.indexOf(".")) = shortpkg
+}
+
+private predicate canonicalPackage(string package) {
+  relevantPackage(package) and not packageLink(_, package)
+}
+
+private predicate canonicalPkgLink(string package, string subpkg) {
+  canonicalPackage(package) and
+  (subpkg = package or packageLink(package, subpkg))
+}
+
 /**
  * Holds if CSV framework coverage of `package` is `n` api endpoints of the
  * kind `(kind, part)`.
  */
-predicate modelCoverage(string package, string kind, string part, int n) {
-  part = "source" and
-  n =
-    strictcount(string type, boolean subtypes, string name, string signature, string ext,
-      string output | sourceModel(package, type, subtypes, name, signature, ext, output, kind))
-  or
-  part = "sink" and
-  n =
-    strictcount(string type, boolean subtypes, string name, string signature, string ext,
-      string input | sinkModel(package, type, subtypes, name, signature, ext, input, kind))
-  or
-  part = "summary" and
-  n =
-    strictcount(string type, boolean subtypes, string name, string signature, string ext,
-      string input, string output |
-      summaryModel(package, type, subtypes, name, signature, ext, input, output, kind)
-    )
+predicate modelCoverage(string package, int pkgs, string kind, string part, int n) {
+  pkgs = strictcount(string subpkg | canonicalPkgLink(package, subpkg)) and
+  (
+    part = "source" and
+    n =
+      strictcount(string subpkg, string type, boolean subtypes, string name, string signature,
+        string ext, string output |
+        canonicalPkgLink(package, subpkg) and
+        sourceModel(subpkg, type, subtypes, name, signature, ext, output, kind)
+      )
+    or
+    part = "sink" and
+    n =
+      strictcount(string subpkg, string type, boolean subtypes, string name, string signature,
+        string ext, string input |
+        canonicalPkgLink(package, subpkg) and
+        sinkModel(subpkg, type, subtypes, name, signature, ext, input, kind)
+      )
+    or
+    part = "summary" and
+    n =
+      strictcount(string subpkg, string type, boolean subtypes, string name, string signature,
+        string ext, string input, string output |
+        canonicalPkgLink(package, subpkg) and
+        summaryModel(subpkg, type, subtypes, name, signature, ext, input, output, kind)
+      )
+  )
 }
 
 /** Provides a query predicate to check the CSV data for validation errors. */
