Merge pull request #13852 from github/starcke/automodel-package-filter

Add option to filter automodel queries
2025-12-24 12:46:34 +01:00 · 2023-08-08 14:59:00 +02:00
parent 28863f39b0 131ae1aae9
commit 7da6da1c93
5 changed files with 29 additions and 0 deletions
--- a/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql
+++ b/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql
@@ -66,6 +66,7 @@ where
  // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it.
  not CharacteristicsImpl::isSink(endpoint, _, _) and
  meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input) and
+  includeAutomodelCandidate(package, type, name, signature) and
  // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be
  // a non-sink, and we surface only endpoints that have at least one such sink type.
  message =
--- a/java/ql/src/Telemetry/AutomodelCandidateFilter.yml
+++ b/java/ql/src/Telemetry/AutomodelCandidateFilter.yml
@@ -0,0 +1,5 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-queries
+      extensible: automodelCandidateFilter
+    data: []
--- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql
+++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql
@@ -30,6 +30,7 @@ where
  // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it.
  not CharacteristicsImpl::isSink(endpoint, _, _) and
  meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input, parameterName) and
+  includeAutomodelCandidate(package, type, name, signature) and
  // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be
  // a non-sink, and we surface only endpoints that have at least one such sink type.
  message =
--- a/java/ql/src/Telemetry/AutomodelJavaUtil.qll
+++ b/java/ql/src/Telemetry/AutomodelJavaUtil.qll
@@ -66,3 +66,24 @@ boolean considerSubtypes(Callable callable) {
  then result = false
  else result = true
 }
+
+/**
+ * Holds if the given package, type, name and signature is a candidate for automodeling.
+ *
+ * This predicate is extensible, so that different endpoints can be selected at runtime.
+ */
+extensible predicate automodelCandidateFilter(
+  string package, string type, string name, string signature
+);
+
+/**
+ * Holds if the given package, type, name and signature is a candidate for automodeling.
+ *
+ * This relies on an extensible predicate, and if that is not supplied then
+ * all endpoints are considered candidates.
+ */
+bindingset[package, type, name, signature]
+predicate includeAutomodelCandidate(string package, string type, string name, string signature) {
+  not automodelCandidateFilter(_, _, _, _) or
+  automodelCandidateFilter(package, type, name, signature)
+}
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -12,4 +12,5 @@ dependencies:
  codeql/util: ${workspace}
 dataExtensions:
  - Telemetry/ExtractorInformation.yml
+  - Telemetry/AutomodelCandidateFilter.yml
 warnOnImplicitThis: true