Merge pull request github#11516 from michaelnebel/java/externalflowcleanup

Java: Cleanup imports of `ExternalFlow`

Author: michaelnebel

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

@@ -80,53 +80,6 @@ private import internal.FlowSummaryImplSpecific as FlowSummaryImplSpecific
 private import internal.AccessPathSyntax
 private import FlowSummary
 
-/**
- * A module importing the frameworks that provide external flow data,
- * ensuring that they are visible to the taint tracking / data flow library.
- */
-private module Frameworks {
-  private import internal.ContainerFlow
-  private import semmle.code.java.frameworks.android.Android
-  private import semmle.code.java.frameworks.android.ContentProviders
-  private import semmle.code.java.frameworks.android.ExternalStorage
-  private import semmle.code.java.frameworks.android.Intent
-  private import semmle.code.java.frameworks.android.SharedPreferences
-  private import semmle.code.java.frameworks.android.Slice
-  private import semmle.code.java.frameworks.android.SQLite
-  private import semmle.code.java.frameworks.android.Widget
-  private import semmle.code.java.frameworks.ApacheHttp
-  private import semmle.code.java.frameworks.apache.Collections
-  private import semmle.code.java.frameworks.apache.Lang
-  private import semmle.code.java.frameworks.Flexjson
-  private import semmle.code.java.frameworks.guava.Guava
-  private import semmle.code.java.frameworks.jackson.JacksonSerializability
-  private import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
-  private import semmle.code.java.frameworks.JaxWS
-  private import semmle.code.java.frameworks.JoddJson
-  private import semmle.code.java.frameworks.Stream
-  private import semmle.code.java.frameworks.ratpack.RatpackExec
-  private import semmle.code.java.frameworks.spring.SpringHttp
-  private import semmle.code.java.frameworks.spring.SpringWebClient
-  private import semmle.code.java.security.AndroidIntentRedirection
-  private import semmle.code.java.security.ResponseSplitting
-  private import semmle.code.java.security.InformationLeak
-  private import semmle.code.java.security.FragmentInjection
-  private import semmle.code.java.security.GroovyInjection
-  private import semmle.code.java.security.ImplicitPendingIntents
-  private import semmle.code.java.security.JndiInjection
-  private import semmle.code.java.security.LdapInjection
-  private import semmle.code.java.security.MvelInjection
-  private import semmle.code.java.security.OgnlInjection
-  private import semmle.code.java.security.TemplateInjection
-  private import semmle.code.java.security.XPath
-  private import semmle.code.java.security.XsltInjection
-  private import semmle.code.java.frameworks.Jdbc
-  private import semmle.code.java.frameworks.SpringJdbc
-  private import semmle.code.java.frameworks.MyBatis
-  private import semmle.code.java.frameworks.Hibernate
-  private import semmle.code.java.frameworks.jOOQ
-}
-
 /**
  * DEPRECATED: Define source models as data extensions instead.
  *

java/ql/lib/semmle/code/java/dataflow/FlowSources.qll

@@ -36,6 +36,13 @@ abstract class RemoteFlowSource extends DataFlow::Node {
   abstract string getSourceType();
 }
 
+/**
+ * A module for importing frameworks that define remote flow sources.
+ */
+private module RemoteFlowSources {
+  private import semmle.code.java.frameworks.android.Widget
+}
+
 private class ExternalRemoteFlowSource extends RemoteFlowSource {
   ExternalRemoteFlowSource() { sourceNode(this, "remote") }
 

java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll

@@ -10,17 +10,19 @@ private import semmle.code.java.dataflow.DataFlow
  * ensuring that they are visible to the taint tracking library.
  */
 private module Frameworks {
-  private import semmle.code.java.JDK
-  private import semmle.code.java.frameworks.jackson.JacksonSerializability
   private import semmle.code.java.frameworks.android.AsyncTask
   private import semmle.code.java.frameworks.android.Intent
+  private import semmle.code.java.frameworks.android.Slice
   private import semmle.code.java.frameworks.android.SQLite
+  private import semmle.code.java.frameworks.apache.Lang
+  private import semmle.code.java.frameworks.ApacheHttp
+  private import semmle.code.java.frameworks.guava.Guava
   private import semmle.code.java.frameworks.Guice
+  private import semmle.code.java.frameworks.jackson.JacksonSerializability
   private import semmle.code.java.frameworks.Properties
   private import semmle.code.java.frameworks.Protobuf
-  private import semmle.code.java.frameworks.guava.Guava
-  private import semmle.code.java.frameworks.apache.Lang
-  private import semmle.code.java.frameworks.ApacheHttp
+  private import semmle.code.java.frameworks.ratpack.RatpackExec
+  private import semmle.code.java.JDK
 }
 
 /**

java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll

@@ -6,11 +6,6 @@ import java
 private import internal.FlowSummaryImpl as Impl
 private import internal.DataFlowUtil
 
-// import all instances of SummarizedCallable below
-private module Summaries {
-  private import semmle.code.java.dataflow.ExternalFlow
-}
-
 class SummaryComponent = Impl::Public::SummaryComponent;
 
 /** Provides predicates for constructing summary components. */
@@ -102,6 +97,14 @@ abstract class SyntheticCallable extends string {
   Type getReturnType() { none() }
 }
 
+/**
+ * A module for importing frameworks that define synthetic callables.
+ */
+private module SyntheticCallables {
+  private import semmle.code.java.frameworks.android.Intent
+  private import semmle.code.java.frameworks.Stream
+}
+
 private newtype TSummarizedCallableBase =
   TSimpleCallable(Callable c) { c.isSourceDeclaration() } or
   TSyntheticCallable(SyntheticCallable c)

java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll

@@ -3,7 +3,6 @@ import semmle.code.java.Collections
 import semmle.code.java.Maps
 private import semmle.code.java.dataflow.SSA
 private import DataFlowUtil
-private import semmle.code.java.dataflow.ExternalFlow
 
 private class EntryType extends RefType {
   EntryType() {

java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll

@@ -14,6 +14,13 @@ private import semmle.code.java.dataflow.internal.AccessPathSyntax as AccessPath
 
 class SummarizedCallableBase = FlowSummary::SummarizedCallableBase;
 
+/**
+ * A module for importing frameworks that define synthetic globals.
+ */
+private module SyntheticGlobals {
+  private import semmle.code.java.frameworks.android.Intent
+}
+
 DataFlowCallable inject(SummarizedCallable c) { result.asSummarizedCallable() = c }
 
 /** Gets the parameter position of the instance parameter. */

java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll

@@ -10,7 +10,6 @@ private import semmle.code.java.dataflow.internal.ContainerFlow
 private import semmle.code.java.frameworks.spring.SpringController
 private import semmle.code.java.frameworks.spring.SpringHttp
 private import semmle.code.java.frameworks.Networking
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
 private import semmle.code.java.dataflow.internal.DataFlowPrivate
 import semmle.code.java.dataflow.FlowSteps

java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll

@@ -4,7 +4,6 @@
 
 import java
 private import semmle.code.java.dataflow.FlowSteps
-private import semmle.code.java.dataflow.ExternalFlow
 
 class ApacheHttpGetParams extends Method {
   ApacheHttpGetParams() {

java/ql/lib/semmle/code/java/frameworks/Flexjson.qll

@@ -3,7 +3,6 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 
 /** The class `flexjson.JSONDeserializer`. */
 class FlexjsonDeserializer extends RefType {

java/ql/lib/semmle/code/java/frameworks/Hibernate.qll

@@ -3,7 +3,6 @@
  */
 
 import java
-private import semmle.code.java.dataflow.ExternalFlow
 
 /** The interface `org.hibernate.query.QueryProducer`. */
 class HibernateQueryProducer extends RefType {