Skip to content

Commit e1d4c1b

Browse files
michaelnebelmichaelnebel
committed
C#/Java: Reorder code in terms of dependency, rename ExternalAPI to ExternalApi and add some missing predicate qualifiers.
1 parent 4f00666 commit e1d4c1b

12 files changed

+74
-71
lines changed

csharp/ql/src/Telemetry/ExternalAPI.qll renamed to csharp/ql/src/Telemetry/ExternalApi.qll

Lines changed: 24 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -10,21 +10,21 @@ private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
1010
private import semmle.code.csharp.security.dataflow.flowsources.Remote
1111

1212
/**
13-
* An external API from either the C# Standard Library or a 3rd party library.
13+
* A test library.
1414
*/
15-
class ExternalAPI extends Callable {
16-
ExternalAPI() { this.fromLibrary() }
17-
18-
/** Holds if this API is not worth supporting */
19-
predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
20-
21-
/** Holds if this API is is a constructor without parameters */
22-
private predicate isParameterlessConstructor() {
23-
this instanceof Constructor and this.getNumberOfParameters() = 0
15+
class TestLibrary extends RefType {
16+
TestLibrary() {
17+
this.getNamespace()
18+
.getName()
19+
.matches(["NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%"])
2420
}
21+
}
2522

26-
/** Holds if this API is part of a common testing library or framework */
27-
private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
23+
/**
24+
* An external API from either the C# Standard Library or a 3rd party library.
25+
*/
26+
class ExternalApi extends Callable {
27+
ExternalApi() { this.fromLibrary() }
2828

2929
/**
3030
* Gets the unbound type, name and parameter types of this API.
@@ -53,7 +53,7 @@ class ExternalAPI extends Callable {
5353
/**
5454
* Gets the assembly file name, namespace and signature of this API.
5555
*/
56-
string getInfo() { result = getInfoPrefix() + "#" + getSignature() }
56+
string getInfo() { result = this.getInfoPrefix() + "#" + this.getSignature() }
5757

5858
/** Gets a node that is an input to a call to this API. */
5959
private DataFlow::Node getAnInput() {
@@ -78,6 +78,17 @@ class ExternalAPI extends Callable {
7878
defaultAdditionalTaintStep(this.getAnInput(), _)
7979
}
8080

81+
/** Holds if this API is is a constructor without parameters */
82+
private predicate isParameterlessConstructor() {
83+
this instanceof Constructor and this.getNumberOfParameters() = 0
84+
}
85+
86+
/** Holds if this API is part of a common testing library or framework */
87+
private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
88+
89+
/** Holds if this API is not worth supporting */
90+
predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
91+
8192
/** Holds if this API is a known source. */
8293
predicate isSource() {
8394
this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)
@@ -89,11 +100,3 @@ class ExternalAPI extends Callable {
89100
/** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */
90101
predicate isSupported() { this.hasSummary() or this.isSource() or this.isSink() }
91102
}
92-
93-
private class TestLibrary extends RefType {
94-
TestLibrary() {
95-
this.getNamespace()
96-
.getName()
97-
.matches(["NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%"])
98-
}
99-
}

csharp/ql/src/Telemetry/ExternalLibraryUsage.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,12 +7,12 @@
77
*/
88

99
import csharp
10-
import ExternalAPI
10+
import ExternalApi
1111

1212
from int usages, string info
1313
where
1414
usages =
15-
strictcount(Call c, ExternalAPI api |
15+
strictcount(Call c, ExternalApi api |
1616
c.getTarget() = api and
1717
api.getInfoPrefix() = info and
1818
not api.isUninteresting()

csharp/ql/src/Telemetry/SupportedExternalSinks.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,9 @@
77
*/
88

99
import csharp
10-
import ExternalAPI
10+
import ExternalApi
1111

12-
from ExternalAPI api, int usages
12+
from ExternalApi api, int usages
1313
where
1414
not api.isUninteresting() and
1515
api.isSink() and

csharp/ql/src/Telemetry/SupportedExternalSources.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,9 @@
77
*/
88

99
import csharp
10-
import ExternalAPI
10+
import ExternalApi
1111

12-
from ExternalAPI api, int usages
12+
from ExternalApi api, int usages
1313
where
1414
not api.isUninteresting() and
1515
api.isSource() and

csharp/ql/src/Telemetry/SupportedExternalTaint.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,9 @@
77
*/
88

99
import csharp
10-
import ExternalAPI
10+
import ExternalApi
1111

12-
from ExternalAPI api, int usages
12+
from ExternalApi api, int usages
1313
where
1414
not api.isUninteresting() and
1515
api.hasSummary() and

csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,9 @@
77
*/
88

99
import csharp
10-
import ExternalAPI
10+
import ExternalApi
1111

12-
from ExternalAPI api, int usages
12+
from ExternalApi api, int usages
1313
where
1414
not api.isUninteresting() and
1515
not api.isSupported() and

java/ql/src/Telemetry/ExternalAPI.qll renamed to java/ql/src/Telemetry/ExternalApi.qll

Lines changed: 35 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -9,21 +9,29 @@ private import semmle.code.java.dataflow.internal.DataFlowPrivate
99
private import semmle.code.java.dataflow.TaintTracking
1010

1111
/**
12-
* An external API from either the Java Standard Library or a 3rd party library.
12+
* A test library.
1313
*/
14-
class ExternalApi extends Callable {
15-
ExternalApi() { not this.fromSource() }
16-
17-
/** Holds if this API is not worth supporting */
18-
predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
19-
20-
/** Holds if this API is is a constructor without parameters */
21-
predicate isParameterlessConstructor() {
22-
this instanceof Constructor and this.getNumberOfParameters() = 0
14+
private class TestLibrary extends RefType {
15+
TestLibrary() {
16+
this.getPackage()
17+
.getName()
18+
.matches([
19+
"org.junit%", "junit.%", "org.mockito%", "org.assertj%",
20+
"com.github.tomakehurst.wiremock%", "org.hamcrest%", "org.springframework.test.%",
21+
"org.springframework.mock.%", "org.springframework.boot.test.%", "reactor.test%",
22+
"org.xmlunit%", "org.testcontainers.%", "org.opentest4j%", "org.mockserver%",
23+
"org.powermock%", "org.skyscreamer.jsonassert%", "org.rnorth.visibleassertions",
24+
"org.openqa.selenium%", "com.gargoylesoftware.htmlunit%",
25+
"org.jboss.arquillian.testng%", "org.testng%"
26+
])
2327
}
28+
}
2429

25-
/** Holds if this API is part of a common testing library or framework */
26-
private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
30+
/**
31+
* An external API from either the Standard Library or a 3rd party library.
32+
*/
33+
class ExternalApi extends Callable {
34+
ExternalApi() { not this.fromSource() }
2735

2836
/**
2937
* Gets information about the external API in the form expected by the CSV modeling framework.
@@ -34,17 +42,17 @@ class ExternalApi extends Callable {
3442
"#" + this.getName() + paramsString(this)
3543
}
3644

45+
private string containerAsJar(Container container) {
46+
if container instanceof JarFile then result = container.getBaseName() else result = "rt.jar"
47+
}
48+
3749
/**
3850
* Gets the jar file containing this API. Normalizes the Java Runtime to "rt.jar" despite the presence of modules.
3951
*/
4052
string jarContainer() {
4153
result = this.containerAsJar(this.getCompilationUnit().getParentContainer*())
4254
}
4355

44-
private string containerAsJar(Container container) {
45-
if container instanceof JarFile then result = container.getBaseName() else result = "rt.jar"
46-
}
47-
4856
/** Gets a node that is an input to a call to this API. */
4957
private DataFlow::Node getAnInput() {
5058
exists(Call call | call.getCallee().getSourceDeclaration() = this |
@@ -67,6 +75,17 @@ class ExternalApi extends Callable {
6775
TaintTracking::localAdditionalTaintStep(this.getAnInput(), _)
6876
}
6977

78+
/** Holds if this API is is a constructor without parameters */
79+
private predicate isParameterlessConstructor() {
80+
this instanceof Constructor and this.getNumberOfParameters() = 0
81+
}
82+
83+
/** Holds if this API is part of a common testing library or framework */
84+
private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
85+
86+
/** Holds if this API is not worth supporting */
87+
predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
88+
7089
/** Holds if this API is a known source. */
7190
predicate isSource() {
7291
this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)
@@ -78,22 +97,3 @@ class ExternalApi extends Callable {
7897
/** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */
7998
predicate isSupported() { this.hasSummary() or this.isSource() or this.isSink() }
8099
}
81-
82-
/** DEPRECATED: Alias for ExternalApi */
83-
deprecated class ExternalAPI = ExternalApi;
84-
85-
private class TestLibrary extends RefType {
86-
TestLibrary() {
87-
this.getPackage()
88-
.getName()
89-
.matches([
90-
"org.junit%", "junit.%", "org.mockito%", "org.assertj%",
91-
"com.github.tomakehurst.wiremock%", "org.hamcrest%", "org.springframework.test.%",
92-
"org.springframework.mock.%", "org.springframework.boot.test.%", "reactor.test%",
93-
"org.xmlunit%", "org.testcontainers.%", "org.opentest4j%", "org.mockserver%",
94-
"org.powermock%", "org.skyscreamer.jsonassert%", "org.rnorth.visibleassertions",
95-
"org.openqa.selenium%", "com.gargoylesoftware.htmlunit%",
96-
"org.jboss.arquillian.testng%", "org.testng%"
97-
])
98-
}
99-
}

java/ql/src/Telemetry/ExternalLibraryUsage.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*/
88

99
import java
10-
import ExternalAPI
10+
import ExternalApi
1111

1212
from int usages, string jarname
1313
where

java/ql/src/Telemetry/SupportedExternalSinks.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*/
88

99
import java
10-
import ExternalAPI
10+
import ExternalApi
1111
import semmle.code.java.GeneratedFiles
1212

1313
from ExternalApi api, int usages

java/ql/src/Telemetry/SupportedExternalSources.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*/
88

99
import java
10-
import ExternalAPI
10+
import ExternalApi
1111
import semmle.code.java.GeneratedFiles
1212

1313
from ExternalApi api, int usages

0 commit comments

Comments
 (0)