hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add QLDoc for all shared libraries

Browse Source
This commit is contained in:
Benjamin Muskalla
2021-08-11 16:07:24 +02:00
parent 26ffe6c03d
commit 8aba0b04bc
2 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/src/Telemetry/APIUsage.qll
View File

@@ -1,6 +1,11 @@
/** Provides classes and predicates related to support coverage of external libraries. */
import java
private import semmle.code.java.dataflow.FlowSources
/**
* Gets the coverage support for the given `Callable`. If the `Callable` is not supported, returns "?".
*/
string supportKind(Callable api) {
if api instanceof TaintPreservingCallable
then result = "taint-preserving"
@@ -16,15 +21,15 @@ string supportKind(Callable api) {
else result = "?"
}
predicate summaryCall(Callable api) {
private predicate summaryCall(Callable api) {
summaryModel(packageName(api), typeName(api), _, api.getName(), _, _, _, _, _)
}
predicate sink(Callable api) {
private predicate sink(Callable api) {
sinkModel(packageName(api), typeName(api), _, api.getName(), _, _, _, _)
}
predicate source(Callable api) {
private predicate source(Callable api) {
sourceModel(packageName(api), typeName(api), _, api.getName(), _, _, _, _)
}

14
java/ql/src/Telemetry/ExternalAPI.qll
View File

@@ -1,12 +1,19 @@
/** Provides classes and predicates related to handling APIs from external libraries. */
private import java
private import APIUsage
private import semmle.code.java.dataflow.ExternalFlow
/**
* An external API from either the Java Standard Library or a 3rd party library.
*/
class ExternalAPI extends Callable {
ExternalAPI() { not this.fromSource() }
/** Holds true if this API is part of a common testing library or framework */
predicate isTestLibrary() { getDeclaringType() instanceof TestLibrary }
/** Holds true if this API has inputs or outputs that are interesting to support by CodeQL. */
predicate isInteresting() {
getNumberOfParameters() > 0 and
exists(Type retType | retType = getReturnType() |
@@ -16,14 +23,21 @@ class ExternalAPI extends Callable {
)
}
/**
* Gets information about the external API in the form expected by the CSV modeling framework.
*/
string asCSV(ExternalAPI api) {
result =
api.getDeclaringType().getPackage() + ";?;" + api.getDeclaringType().getSourceDeclaration() +
";" + api.getName() + ";" + paramsString(api)
}
/** Holds true if this API is not yet supported by existing CodeQL libraries */
predicate isSupported() { not supportKind(this) = "?" }
/**
* Gets the jar file containing this API. Normalizes the Java Runtime to "rt.jar" despite the presence of modules.
*/
string jarContainer() {
result = containerAsJar(any(ExternalAPI api).getCompilationUnit().getParentContainer*())
}