Capture model for defining interface

Instead of modeling individual implementations, take a more general approach of reuse dataflows for interfaces defined by a library. This allows tracking flows across all implementations and aligns better with how we manually model frameworks. This may have some FPs given all possible flows are modeled for a specific interface but also covers more scenarios where we don't know which implementation of an interface is used.
2025-12-20 18:56:32 +01:00 · 2021-10-20 13:30:25 +02:00
parent f36bb8baaf
commit 157f56f48a
3 changed files with 56 additions and 2 deletions
--- a/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll
+++ b/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll
@@ -69,14 +69,27 @@ string asSourceModel(Callable api, string output, string kind) {
 */
 private string asPartialModel(Callable api) {
  result =
-    api.getCompilationUnit().getPackage().getName() + ";" //
-      + api.getDeclaringType().nestedName() + ";" //
+    asModelName(api) + ";" //
      + isExtensible(api.getDeclaringType()).toString() + ";" //
      + api.getName() + ";" //
      + paramsString(api) + ";" //
      + /* ext + */ ";" //
 }

+/**
+ * Returns the appropriate type name for the model. Either the type
+ * declaring the method or the supertype introducing the method.
+ */
+private string asModelName(Callable api) {
+  if api.(Method).getASourceOverriddenMethod().fromSource()
+  then result = typeAsModel(api.(Method).getASourceOverriddenMethod().getDeclaringType())
+  else result = typeAsModel(api.getDeclaringType())
+}
+
+private string typeAsModel(RefType type) {
+  result = type.getCompilationUnit().getPackage().getName() + ";" + type.nestedName()
+}
+
 string parameterAccess(Parameter p) {
  if p.getType() instanceof Array
  then result = "ArrayElement of Argument[" + p.getPosition() + "]"