Merge pull request #12261 from michaelnebel/csharpjava/refactorissupported

C#/Java: Re-factor the `isSupported` predicate.
2025-12-17 01:03:14 +01:00 · 2023-02-23 10:06:11 +01:00
parent ca94e02107 47c69d924b
commit cf659f9a5e
7 changed files with 29 additions and 29 deletions
--- a/csharp/ql/src/Telemetry/ExternalApi.qll
+++ b/csharp/ql/src/Telemetry/ExternalApi.qll
@@ -8,6 +8,7 @@ private import semmle.code.csharp.dataflow.FlowSummary
 private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
 private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch
 private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
 private import semmle.code.csharp.security.dataflow.flowsources.Remote
@@ -104,8 +105,17 @@ class ExternalApi extends DotNet::Callable {
  pragma[nomagic]
  predicate isSink() { sinkNode(this.getAnInput(), _) }
-  /** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */
+  /** Holds if this API is a known neutral. */
-  predicate isSupported() { this.hasSummary() or this.isSource() or this.isSink() }
+  pragma[nomagic]
  predicate isNeutral() { this instanceof FlowSummaryImpl::Public::NeutralCallable }
  /**
   * Holds if this API is supported by existing CodeQL libraries, that is, it is either a
   * recognized source, sink or neutral or it has a flow summary.
   */
  predicate isSupported() {
    this.hasSummary() or this.isSource() or this.isSink() or this.isNeutral()
  }
 }
 /**
--- a/csharp/ql/src/Telemetry/SupportedExternalApis.ql
+++ b/csharp/ql/src/Telemetry/SupportedExternalApis.ql
@@ -8,13 +8,9 @@
 private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 private import ExternalApi
-private predicate relevant(ExternalApi api) {
+private predicate relevant(ExternalApi api) { api.isSupported() }
  api.isSupported() or
  api instanceof FlowSummaryImpl::Public::NeutralCallable
 }
 from string info, int usages
 where Results<relevant/1>::restrict(info, usages)
--- a/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
+++ b/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
@@ -7,14 +7,9 @@
 */
 private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 private import ExternalApi
-private predicate relevant(ExternalApi api) {
+private predicate relevant(ExternalApi api) { not api.isSupported() }
  not api.isSupported() and
  not api instanceof FlowSummaryImpl::Public::NeutralCallable
 }
 from string info, int usages
 where Results<relevant/1>::restrict(info, usages)
--- a/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql
+++ b/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql
@@ -9,13 +9,10 @@
 */
 private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 private import Telemetry.ExternalApi
 from Call c, ExternalApi api
 where
  c.getTarget().getUnboundDeclaration() = api and
-  not api.isSupported() and
+  not api.isSupported()
  not api instanceof FlowSummaryImpl::Public::NeutralCallable
 select c, "Call to unsupported external API $@.", api, api.toString()
--- a/java/ql/src/Telemetry/ExternalApi.qll
+++ b/java/ql/src/Telemetry/ExternalApi.qll
@@ -6,6 +6,7 @@ private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
 private import semmle.code.java.dataflow.FlowSummary
 private import semmle.code.java.dataflow.internal.DataFlowPrivate
 private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 private import semmle.code.java.dataflow.TaintTracking
 pragma[nomagic]
@@ -91,8 +92,17 @@ class ExternalApi extends Callable {
  pragma[nomagic]
  predicate isSink() { sinkNode(this.getAnInput(), _) }
-  /** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */
+  /** Holds if this API is a known neutral. */
-  predicate isSupported() { this.hasSummary() or this.isSource() or this.isSink() }
+  pragma[nomagic]
  predicate isNeutral() { this = any(FlowSummaryImpl::Public::NeutralCallable nsc).asCallable() }
  /**
   * Holds if this API is supported by existing CodeQL libraries, that is, it is either a
   * recognized source, sink or neutral or it has a flow summary.
   */
  predicate isSupported() {
    this.hasSummary() or this.isSource() or this.isSink() or this.isNeutral()
  }
 }
 /** DEPRECATED: Alias for ExternalApi */
--- a/java/ql/src/Telemetry/SupportedExternalApis.ql
+++ b/java/ql/src/Telemetry/SupportedExternalApis.ql
@@ -7,13 +7,9 @@
 */
 import java
 import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 import ExternalApi
-private predicate relevant(ExternalApi api) {
+private predicate relevant(ExternalApi api) { api.isSupported() }
  api.isSupported() or
  api = any(FlowSummaryImpl::Public::NeutralCallable nsc).asCallable()
 }
 from string apiName, int usages
 where Results<relevant/1>::restrict(apiName, usages)
--- a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
+++ b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
@@ -7,13 +7,9 @@
 */
 import java
 import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 import ExternalApi
-private predicate relevant(ExternalApi api) {
+private predicate relevant(ExternalApi api) { not api.isSupported() }
  not api.isSupported() and
  not api = any(FlowSummaryImpl::Public::NeutralCallable nsc).asCallable()
 }
 from string apiName, int usages
 where Results<relevant/1>::restrict(apiName, usages)