Java: Date models as neutral

Author: Jami Cogswell

java/ql/lib/ext/java.text.model.yml

@@ -3,5 +3,7 @@ extensions:
       pack: codeql/java-all
       extensible: neutralModel
     data:
-      - ["java.text", "DateFormat", "format", "(Date)", "manual"]
-      - ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "manual"]
+      # The below APIs have numeric flow and are currently being stored as neutral models.
+      # These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
+      - ["java.text", "DateFormat", "format", "(Date)", "manual"]                   # taint-numeric
+      - ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "manual"] # taint-numeric

java/ql/lib/ext/java.time.model.yml

@@ -4,5 +4,8 @@ extensions:
       extensible: neutralModel
     data:
       - ["java.time", "Instant", "now", "()", "manual"]
-      - ["java.time", "LocalDate", "of", "(int,int,int)", "manual"]
       - ["java.time", "ZonedDateTime", "now", "()", "manual"]
+
+      # The below APIs have numeric flow and are currently being stored as neutral models.
+      # These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
+      - ["java.time", "LocalDate", "of", "(int,int,int)", "manual"] # taint-numeric

java/ql/src/Telemetry/ExternalApi.qll

@@ -47,7 +47,6 @@ class ExternalApi extends Callable {
    * Gets information about the external API in the form expected by the CSV modeling framework.
    */
   string getApiName() {
-    this.getName() = "append" and
     result =
       this.getDeclaringType().getPackage() + "." + this.getDeclaringType().getSourceDeclaration() +
         "#" + this.getName() + paramsString(this)