Merge pull request github#5371 from aschackmull/java/framework-coverage

yo-h · web-flow · commit 72ae902e0d60 · 2021-03-24T17:36:13.000-04:00
Java: Add query for CSV framework coverage.
diff --git a/java/ql/src/meta/frameworks/Coverage.ql b/java/ql/src/meta/frameworks/Coverage.ql
@@ -0,0 +1,14 @@
+/**
+ * @name Framework coverage
+ * @description The number of API endpoints covered by CSV models sorted by
+ *              package and source-, sink-, and summary-kind.
+ * @kind table
+ * @id java/meta/framework-coverage
+ */
+
+import java
+import semmle.code.java.dataflow.ExternalFlow
+
+from string package, int pkgs, string kind, string part, int n
+where modelCoverage(package, pkgs, kind, part, n)
+select package, pkgs, kind, part, n
diff --git a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
@@ -372,6 +372,60 @@ private predicate summaryModel(
   )
 }
 
+private predicate relevantPackage(string package) {
+  sourceModel(package, _, _, _, _, _, _, _) or
+  sinkModel(package, _, _, _, _, _, _, _) or
+  summaryModel(package, _, _, _, _, _, _, _, _)
+}
+
+private predicate packageLink(string shortpkg, string longpkg) {
+  relevantPackage(shortpkg) and
+  relevantPackage(longpkg) and
+  longpkg.prefix(longpkg.indexOf(".")) = shortpkg
+}
+
+private predicate canonicalPackage(string package) {
+  relevantPackage(package) and not packageLink(_, package)
+}
+
+private predicate canonicalPkgLink(string package, string subpkg) {
+  canonicalPackage(package) and
+  (subpkg = package or packageLink(package, subpkg))
+}
+
+/**
+ * Holds if CSV framework coverage of `package` is `n` api endpoints of the
+ * kind `(kind, part)`.
+ */
+predicate modelCoverage(string package, int pkgs, string kind, string part, int n) {
+  pkgs = strictcount(string subpkg | canonicalPkgLink(package, subpkg)) and
+  (
+    part = "source" and
+    n =
+      strictcount(string subpkg, string type, boolean subtypes, string name, string signature,
+        string ext, string output |
+        canonicalPkgLink(package, subpkg) and
+        sourceModel(subpkg, type, subtypes, name, signature, ext, output, kind)
+      )
+    or
+    part = "sink" and
+    n =
+      strictcount(string subpkg, string type, boolean subtypes, string name, string signature,
+        string ext, string input |
+        canonicalPkgLink(package, subpkg) and
+        sinkModel(subpkg, type, subtypes, name, signature, ext, input, kind)
+      )
+    or
+    part = "summary" and
+    n =
+      strictcount(string subpkg, string type, boolean subtypes, string name, string signature,
+        string ext, string input, string output |
+        canonicalPkgLink(package, subpkg) and
+        summaryModel(subpkg, type, subtypes, name, signature, ext, input, output, kind)
+      )
+  )
+}
+
 /** Provides a query predicate to check the CSV data for validation errors. */
 module CsvValidation {
   /** Holds if some row in a CSV-based flow model appears to contain typos. */
