mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
Java: Autoformat.
This commit is contained in:
Anders Schack-Mulligen
@@ -20,26 +20,24 @@ predicate whitelist(Dependency d) {
|
||||
|
||||
from PomDependency d, Pom source
|
||||
where
|
||||
source.getADependency() = d and
|
||||
// There is not a Pom file for the target of this dependency, so we assume that it was resolved by
|
||||
// a binary file in the local maven repository.
|
||||
not exists(Pom target | target = d.getPom()) and
|
||||
// In order to accurately identify whether this binary dependency is required, we must have identified
|
||||
// a Maven repository. If we have not found a repository, it's likely that it has a custom path of
|
||||
// which we are unaware, so do not report any problems.
|
||||
exists(MavenRepo mr) and
|
||||
// We either haven't indexed a relevant jar file, which suggests that nothing statically depended upon
|
||||
// it, or we have indexed the relevant jar file, but no source code in the project defined by the pom
|
||||
// depends on any code within the detected jar.
|
||||
not pomDependsOnContainer(source, d.getJar()) and
|
||||
// If something that depends on us depends on the jar represented by this dependency, and it doesn't
|
||||
// depend directly on the jar itself, we don't consider it to be "unused".
|
||||
not exists(Pom pomThatDependsOnSource |
|
||||
pomThatDependsOnSource.getAnExportedPom+() = source
|
||||
|
|
||||
pomDependsOnContainer(pomThatDependsOnSource, d.getJar()) and
|
||||
not exists(File f | f = pomThatDependsOnSource.getADependency().getJar() and f = d.getJar())) and
|
||||
// Filter out those dependencies on the whitelist
|
||||
not whitelist(d)
|
||||
source.getADependency() = d and
|
||||
// There is not a Pom file for the target of this dependency, so we assume that it was resolved by
|
||||
// a binary file in the local maven repository.
|
||||
not exists(Pom target | target = d.getPom()) and
|
||||
// In order to accurately identify whether this binary dependency is required, we must have identified
|
||||
// a Maven repository. If we have not found a repository, it's likely that it has a custom path of
|
||||
// which we are unaware, so do not report any problems.
|
||||
exists(MavenRepo mr) and
|
||||
// We either haven't indexed a relevant jar file, which suggests that nothing statically depended upon
|
||||
// it, or we have indexed the relevant jar file, but no source code in the project defined by the pom
|
||||
// depends on any code within the detected jar.
|
||||
not pomDependsOnContainer(source, d.getJar()) and
|
||||
// If something that depends on us depends on the jar represented by this dependency, and it doesn't
|
||||
// depend directly on the jar itself, we don't consider it to be "unused".
|
||||
not exists(Pom pomThatDependsOnSource | pomThatDependsOnSource.getAnExportedPom+() = source |
|
||||
pomDependsOnContainer(pomThatDependsOnSource, d.getJar()) and
|
||||
not exists(File f | f = pomThatDependsOnSource.getADependency().getJar() and f = d.getJar())
|
||||
) and
|
||||
// Filter out those dependencies on the whitelist
|
||||
not whitelist(d)
|
||||
select d, "Maven dependency on the binary package " + d.getShortCoordinate() + " is unused."
|
||||
|
||||
|
||||
@@ -13,18 +13,16 @@ import UnusedMavenDependencies
|
||||
|
||||
from PomDependency d, Pom source, Pom target
|
||||
where
|
||||
source.getADependency() = d and
|
||||
// We have a targetPom file, so this is a "source" dependency, rather than a binary dependency
|
||||
// from the Maven repository. Note, although .pom files exist in the local maven repository, they
|
||||
// are usually not indexed because they are outside the source directory. We assume that they have
|
||||
// not been indexed.
|
||||
target = d.getPom() and
|
||||
// If we have a pom for the target of this dependency, then it is unused iff neither it, nor any
|
||||
// of its transitive dependencies are required.
|
||||
not exists(Pom exported |
|
||||
exported = target.getAnExportedPom*()
|
||||
|
|
||||
pomDependsOnContainer(source, exported.getAnExportedDependency().getJar()) or
|
||||
pomDependsOnPom(source, exported)
|
||||
)
|
||||
source.getADependency() = d and
|
||||
// We have a targetPom file, so this is a "source" dependency, rather than a binary dependency
|
||||
// from the Maven repository. Note, although .pom files exist in the local maven repository, they
|
||||
// are usually not indexed because they are outside the source directory. We assume that they have
|
||||
// not been indexed.
|
||||
target = d.getPom() and
|
||||
// If we have a pom for the target of this dependency, then it is unused iff neither it, nor any
|
||||
// of its transitive dependencies are required.
|
||||
not exists(Pom exported | exported = target.getAnExportedPom*() |
|
||||
pomDependsOnContainer(source, exported.getAnExportedDependency().getJar()) or
|
||||
pomDependsOnPom(source, exported)
|
||||
)
|
||||
select d, "Maven dependency onto " + d.getShortCoordinate() + " is unused."
|
||||
|
||||
Reference in New Issue
Block a user