Only generate models for local supertypes

Avoid generating models for classes
implementing external SPI (e.g. `FileFilter`).
Keep `toString` models intact as they're
commonly used as taint-propagation method
(e.g. see `Joiner`).

java/ql/src/utils/model-generator/CaptureSourceModels.ql

@@ -29,7 +29,7 @@ class FromSourceConfiguration extends TaintTracking::Configuration {
   }
 }
 
-// TODO: better way than rely on internals?
+// TODO: better way than rely on internals to capture kind?
 cached
 predicate specificSourceNode(DataFlow::Node node, string output, string kind) {
   exists(InterpretNode n | Private::External::isSourceNode(n, output, kind) and n.asNode() = node)

java/ql/src/utils/model-generator/CaptureSummaryModels.ql

@@ -130,10 +130,6 @@ predicate isRelevantType(Type t) {
   not t.(CollectionType).getElementType() instanceof BoxedType
 }
 
-// TODO: "com.google.common.base;Converter;true;convertAll;(Iterable);;Element of Argument[0];Element of ReturnValue;taint",
-// TODO: infer interface from multiple implementations? e.g. UriComponentsContributor
-// TODO: distinguish between taint and value flows. If we find a value flow, omit the taint flow
-// TODO: merge param->return value with param->parameter flow?
 from TargetAPI api, string flow
 where flow = captureFlow(api)
 select flow order by flow

java/ql/src/utils/model-generator/ModelGeneratorUtils.qll

@@ -69,7 +69,7 @@ string asSourceModel(Callable api, string output, string kind) {
  */
 private string asPartialModel(Callable api) {
   result =
-    asModelName(api) + ";" //
+    typeAsSummaryModel(api) + ";" //
       + isExtensible(api.getDeclaringType()).toString() + ";" //
       + api.getName() + ";" //
       + paramsString(api) + ";" //
@@ -80,12 +80,20 @@ private string asPartialModel(Callable api) {
  * Returns the appropriate type name for the model. Either the type
  * declaring the method or the supertype introducing the method.
  */
-private string asModelName(Callable api) {
-  if api.(Method).getASourceOverriddenMethod().fromSource()
-  then result = typeAsModel(api.(Method).getASourceOverriddenMethod().getDeclaringType())
+private string typeAsSummaryModel(Callable api) {
+  if exists(superImpl(api.(Method)))
+  then
+    superImpl(api.(Method)).fromSource() and
+    result = typeAsModel(superImpl(api.(Method)).getDeclaringType())
   else result = typeAsModel(api.getDeclaringType())
 }
 
+Method superImpl(Method m) {
+  result = m.getAnOverride() and
+  not exists(result.getAnOverride()) and
+  not m instanceof ToStringMethod
+}
+
 private string typeAsModel(RefType type) {
   result = type.getCompilationUnit().getPackage().getName() + ";" + type.nestedName()
 }