Split out queries showing supported APIs

Author: Benjamin Muskalla

java/ql/src/Telemetry/APIUsage.qll

@@ -31,6 +31,12 @@ private predicate sink(Callable api) {
 
 private predicate source(Callable api) {
   sourceModel(packageName(api), typeName(api), _, api.getName(), _, _, _, _)
+  or
+  exists(Call call, DataFlow::Node arg |
+    call.getCallee() = api and
+    [call.getAnArgument(), call.getQualifier()] = arg.asExpr() and
+    arg instanceof RemoteFlowSource
+  )
 }
 
 private string packageName(Callable api) {

java/ql/src/Telemetry/SupportedExternalSinks.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Supported sinks in external libraries
+ * @description A list of 3rd party APIs detected as sinks. Excludes test and generated code.
+ * @id java/telemetry/supported-external-api-sinks
+ * @kind metric
+ * @metricType callable
+ */
+
+import java
+import APIUsage
+import ExternalAPI
+import semmle.code.java.GeneratedFiles
+
+from ExternalAPI api
+where
+  not api.isTestLibrary() and
+  supportKind(api) = "sink"
+select api.asCSV(api) as csv,
+  strictcount(Call c |
+    c.getCallee() = api and
+    not c.getFile() instanceof GeneratedFile
+  ) as Usages order by Usages desc

java/ql/src/Telemetry/SupportedExternalSources.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Supported sources in external libraries
+ * @description A list of 3rd party APIs detected as sources. Excludes test and generated code.
+ * @id java/telemetry/supported-external-api-sources
+ * @kind metric
+ * @metricType callable
+ */
+
+import java
+import APIUsage
+import ExternalAPI
+import semmle.code.java.GeneratedFiles
+
+from ExternalAPI api
+where
+  not api.isTestLibrary() and
+  supportKind(api) = "source"
+select api.asCSV(api) as csv,
+  strictcount(Call c |
+    c.getCallee() = api and
+    not c.getFile() instanceof GeneratedFile
+  ) as Usages order by Usages desc

java/ql/src/Telemetry/SupportedExternalTaint.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Supported sinks in external libraries
+ * @description A list of 3rd party APIs detected as sinks. Excludes test and generated code.
+ * @id java/telemetry/supported-external-api-taint
+ * @kind metric
+ * @metricType callable
+ */
+
+import java
+import APIUsage
+import ExternalAPI
+import semmle.code.java.GeneratedFiles
+
+from ExternalAPI api
+where
+  not api.isTestLibrary() and
+  supportKind(api) = ["summary", "taint-preserving"]
+select api.asCSV(api) as csv,
+  strictcount(Call c |
+    c.getCallee() = api and
+    not c.getFile() instanceof GeneratedFile
+  ) as Usages order by Usages desc

java/ql/src/Telemetry/ExternalAPIUsages.ql renamed to java/ql/src/Telemetry/UnsupportedExternalAPIs.ql

@@ -1,7 +1,7 @@
 /**
  * @name Usage of APIs coming from external libraries
  * @description A list of 3rd party APIs used in the codebase. Excludes test and generated code.
- * @id java/telemetry/external-api
+ * @id java/telemetry/unsupported-external-api
  * @kind metric
  * @metricType callable
  */