From 9b8d7df3701dfea68702b92c64f80d5d5eb856b1 Mon Sep 17 00:00:00 2001 From: Anders Starcke Henriksen Date: Mon, 31 Jul 2023 09:58:54 +0200 Subject: [PATCH 1/3] Add option to filter automodel queries by package. --- ...tomodelApplicationModeExtractCandidates.ql | 1 + .../Telemetry/AutomodelCandidateFilter.yml | 5 +++++ ...AutomodelFrameworkModeExtractCandidates.ql | 1 + java/ql/src/Telemetry/AutomodelJavaUtil.qll | 19 +++++++++++++++++++ java/ql/src/qlpack.yml | 1 + 5 files changed, 27 insertions(+) create mode 100644 java/ql/src/Telemetry/AutomodelCandidateFilter.yml diff --git a/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql index 4940b4a741f..e8eed47dbd4 100644 --- a/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql @@ -66,6 +66,7 @@ where // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it. not CharacteristicsImpl::isSink(endpoint, _, _) and meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input) and + automodelCandidateFilter(package) and // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be // a non-sink, and we surface only endpoints that have at least one such sink type. message = diff --git a/java/ql/src/Telemetry/AutomodelCandidateFilter.yml b/java/ql/src/Telemetry/AutomodelCandidateFilter.yml new file mode 100644 index 00000000000..895f09fd9eb --- /dev/null +++ b/java/ql/src/Telemetry/AutomodelCandidateFilter.yml @@ -0,0 +1,5 @@ +extensions: + - addsTo: + pack: codeql/java-queries + extensible: automodelCandidatePackageFilter + data: [] diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql index e66af08707c..34c4fe711a3 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql @@ -30,6 +30,7 @@ where // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it. not CharacteristicsImpl::isSink(endpoint, _, _) and meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input, parameterName) and + automodelCandidateFilter(package) and // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be // a non-sink, and we surface only endpoints that have at least one such sink type. message = diff --git a/java/ql/src/Telemetry/AutomodelJavaUtil.qll b/java/ql/src/Telemetry/AutomodelJavaUtil.qll index 65be12ce1f9..0c51b27383d 100644 --- a/java/ql/src/Telemetry/AutomodelJavaUtil.qll +++ b/java/ql/src/Telemetry/AutomodelJavaUtil.qll @@ -66,3 +66,22 @@ boolean considerSubtypes(Callable callable) { then result = false else result = true } + +/** + * Holds if the given package is a candidate for automodeling. + * + * This predicate is extensible, so that different packages can be selected at runtime. + */ +extensible predicate automodelCandidatePackageFilter(string package); + +/** + * Holds if the given package is a candidate for automodeling. + * + * This relies on an extensible predicate, and if that is not supplied then + * all packages are considered candidates. + */ +bindingset[package] +predicate automodelCandidateFilter(string package) { + not automodelCandidatePackageFilter(_) or + automodelCandidatePackageFilter(package) +} diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 76f4fcc7797..0e7c892f469 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -12,4 +12,5 @@ dependencies: codeql/util: ${workspace} dataExtensions: - Telemetry/ExtractorInformation.yml + - Telemetry/AutomodelCandidateFilter.yml warnOnImplicitThis: true From 1c425a5602f074229789f8d871f766cca4c4271e Mon Sep 17 00:00:00 2001 From: Anders Starcke Henriksen Date: Tue, 1 Aug 2023 10:15:22 +0200 Subject: [PATCH 2/3] Change from package to endpoint. --- ...tomodelApplicationModeExtractCandidates.ql | 2 +- ...AutomodelFrameworkModeExtractCandidates.ql | 2 +- java/ql/src/Telemetry/AutomodelJavaUtil.qll | 20 ++++++++++--------- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql index e8eed47dbd4..49d594dfdef 100644 --- a/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql @@ -66,7 +66,7 @@ where // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it. not CharacteristicsImpl::isSink(endpoint, _, _) and meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input) and - automodelCandidateFilter(package) and + includeAutomodelCandidate(package, type, name, signature) and // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be // a non-sink, and we surface only endpoints that have at least one such sink type. message = diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql index 34c4fe711a3..028a27a9bdc 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql @@ -30,7 +30,7 @@ where // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it. not CharacteristicsImpl::isSink(endpoint, _, _) and meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input, parameterName) and - automodelCandidateFilter(package) and + includeAutomodelCandidate(package, type, name, signature) and // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be // a non-sink, and we surface only endpoints that have at least one such sink type. message = diff --git a/java/ql/src/Telemetry/AutomodelJavaUtil.qll b/java/ql/src/Telemetry/AutomodelJavaUtil.qll index 0c51b27383d..a224fc291a2 100644 --- a/java/ql/src/Telemetry/AutomodelJavaUtil.qll +++ b/java/ql/src/Telemetry/AutomodelJavaUtil.qll @@ -68,20 +68,22 @@ boolean considerSubtypes(Callable callable) { } /** - * Holds if the given package is a candidate for automodeling. + * Holds if the given package, type, name and signature is a candidate for automodeling. * - * This predicate is extensible, so that different packages can be selected at runtime. + * This predicate is extensible, so that different endpoints can be selected at runtime. */ -extensible predicate automodelCandidatePackageFilter(string package); +extensible predicate automodelCandidateFilter( + string package, string type, string name, string signature +); /** - * Holds if the given package is a candidate for automodeling. + * Holds if the given package, type, name and signature is a candidate for automodeling. * * This relies on an extensible predicate, and if that is not supplied then - * all packages are considered candidates. + * all endpoints are considered candidates. */ -bindingset[package] -predicate automodelCandidateFilter(string package) { - not automodelCandidatePackageFilter(_) or - automodelCandidatePackageFilter(package) +bindingset[package, type, name, signature] +predicate includeAutomodelCandidate(string package, string type, string name, string signature) { + not automodelCandidateFilter(_, _, _, _) or + automodelCandidateFilter(package, type, name, signature) } From 131ae1aae92ba1f7406a72c404ee19cdecd6831f Mon Sep 17 00:00:00 2001 From: Anders Starcke Henriksen Date: Thu, 3 Aug 2023 09:53:40 +0200 Subject: [PATCH 3/3] Fix name in predicate. --- java/ql/src/Telemetry/AutomodelCandidateFilter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelCandidateFilter.yml b/java/ql/src/Telemetry/AutomodelCandidateFilter.yml index 895f09fd9eb..52e64d54446 100644 --- a/java/ql/src/Telemetry/AutomodelCandidateFilter.yml +++ b/java/ql/src/Telemetry/AutomodelCandidateFilter.yml @@ -1,5 +1,5 @@ extensions: - addsTo: pack: codeql/java-queries - extensible: automodelCandidatePackageFilter + extensible: automodelCandidateFilter data: []