Merge pull request #2566 from github/koesie10/library-version

Add library versions to data extensions editor

Author: koesie10

extensions/ql-vscode/src/data-extensions-editor/bqrs.ts

@@ -5,6 +5,7 @@ import {
   ExternalApiUsage,
 } from "./external-api-usage";
 import { ModeledMethodType } from "./modeled-method";
+import { parseLibraryFilename } from "./library";
 
 export function decodeBqrsToExternalApiUsages(
   chunk: DecodedBqrsChunk,
@@ -15,7 +16,8 @@ export function decodeBqrsToExternalApiUsages(
     const usage = tuple[0] as Call;
     const signature = tuple[1] as string;
     const supported = (tuple[2] as string) === "true";
-    const library = tuple[4] as string;
+    let library = tuple[4] as string;
+    let libraryVersion: string | undefined = tuple[5] as string;
     const type = tuple[6] as ModeledMethodType;
     const classification = tuple[8] as CallClassification;
 
@@ -37,9 +39,25 @@ export function decodeBqrsToExternalApiUsages(
       methodDeclaration.indexOf("("),
     );
 
+    // For Java, we'll always get back a .jar file, and the library version may be bad because not all library authors
+    // properly specify the version. Therefore, we'll always try to parse the name and version from the library filename
+    // for Java.
+    if (library.endsWith(".jar") || libraryVersion === "") {
+      const { name, version } = parseLibraryFilename(library);
+      library = name;
+      if (version) {
+        libraryVersion = version;
+      }
+    }
+
+    if (libraryVersion === "") {
+      libraryVersion = undefined;
+    }
+
     if (!methodsByApiName.has(signature)) {
       methodsByApiName.set(signature, {
         library,
+        libraryVersion,
         signature,
         packageName,
         typeName,

extensions/ql-vscode/src/data-extensions-editor/external-api-usage.ts

@@ -18,6 +18,10 @@ export type Usage = Call & {
 };
 
 export interface MethodSignature {
+  /**
+   * Contains the version of the library if it can be determined by CodeQL, e.g. `4.2.2.2`
+   */
+  libraryVersion?: string;
   /**
    * A unique signature that can be used to identify this external API usage.
    *

extensions/ql-vscode/src/data-extensions-editor/library.ts

@@ -0,0 +1,58 @@
+import { basename, extname } from "../common/path";
+
+// From the semver package using
+// const { re, t } = require("semver/internal/re");
+// console.log(re[t.LOOSE]);
+// Modifications:
+// - Added version named group which does not capture the v prefix
+// - Removed the ^ and $ anchors
+// - Made the minor and patch versions optional
+// - Added a hyphen to the start of the version
+// - Added a dot as a valid separator between the version and the label
+// - Made the patch version optional even if a label is given
+// This will match any semver string at the end of a larger string
+const semverRegex =
+  /-[v=\s]*(?<version>([0-9]+)(\.([0-9]+)(?:(\.([0-9]+))?(?:[-.]?((?:[0-9]+|\d*[a-zA-Z-][a-zA-Z0-9-]*)(?:\.(?:[0-9]+|\d*[a-zA-Z-][a-zA-Z0-9-]*))*))?(?:\+([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?)?)?)/g;
+
+export interface Library {
+  name: string;
+  version?: string;
+}
+
+export function parseLibraryFilename(filename: string): Library {
+  let libraryName = basename(filename);
+  const extension = extname(libraryName);
+  libraryName = libraryName.slice(0, -extension.length);
+
+  let libraryVersion: string | undefined;
+
+  let match: RegExpMatchArray | null = null;
+
+  // Reset the regex
+  semverRegex.lastIndex = 0;
+
+  // Find the last occurence of the regex within the library name
+  // eslint-disable-next-line no-constant-condition
+  while (true) {
+    const currentMatch = semverRegex.exec(libraryName);
+    if (currentMatch === null) {
+      break;
+    }
+
+    match = currentMatch;
+  }
+
+  if (match?.groups) {
+    libraryVersion = match.groups?.version;
+    // Remove everything after the start of the match
+    libraryName = libraryName.slice(0, match.index);
+  }
+
+  // Remove any leading or trailing hyphens or dots
+  libraryName = libraryName.replaceAll(/^[.-]+|[.-]+$/g, "");
+
+  return {
+    name: libraryName,
+    version: libraryVersion,
+  };
+}

extensions/ql-vscode/src/data-extensions-editor/queries/csharp.ts

@@ -30,8 +30,8 @@ where
   usage = aUsage(api) and
   type = supportedType(api) and
   classification = methodClassification(usage)
-select usage, apiName, supported.toString(), "supported", api.getFile().getBaseName(), "library",
-  type, "type", classification, "classification"
+select usage, apiName, supported.toString(), "supported", api.dllName(), api.dllVersion(), type,
+  "type", classification, "classification"
 `,
   frameworkModeQuery: `/**
  * @name Public methods
@@ -111,7 +111,7 @@ class CallableMethod extends DotNet::Declaration {
   bindingset[this]
   private string getSignature() {
     result =
-      nestedName(this.getDeclaringType().getUnboundDeclaration()) + "." + this.getName() + "(" +
+      nestedName(this.getDeclaringType().getUnboundDeclaration()) + "#" + this.getName() + "(" +
         parameterQualifiedTypeNamesToString(this) + ")"
   }
 
@@ -125,7 +125,23 @@ class CallableMethod extends DotNet::Declaration {
    * Gets the namespace and signature of this API.
    */
   bindingset[this]
-  string getApiName() { result = this.getNamespace() + "#" + this.getSignature() }
+  string getApiName() { result = this.getNamespace() + "." + this.getSignature() }
+
+  private string getDllName() { result = this.getLocation().(Assembly).getName() }
+
+  private string getDllVersion() { result = this.getLocation().(Assembly).getVersion().toString() }
+
+  string dllName() {
+    result = this.getDllName()
+    or
+    not exists(this.getDllName()) and result = this.getFile().getBaseName()
+  }
+
+  string dllVersion() {
+    result = this.getDllVersion()
+    or
+    not exists(this.getDllVersion()) and result = ""
+  }
 
   /** Gets a node that is an input to a call to this API. */
   private ArgumentNode getAnInput() {
@@ -195,7 +211,7 @@ string supportedType(CallableMethod method) {
   or
   method.isNeutral() and result = "neutral"
   or
-  not method.isSupported() and result = "none"
+  not method.isSupported() and result = ""
 }
 
 string methodClassification(Call method) {

extensions/ql-vscode/src/data-extensions-editor/queries/java.ts

@@ -27,8 +27,8 @@ where
   usage = aUsage(externalApi) and
   type = supportedType(externalApi) and
   classification = methodClassification(usage)
-select usage, apiName, supported.toString(), "supported", externalApi.jarContainer(), "library",
-  type, "type", classification, "classification"
+select usage, apiName, supported.toString(), "supported", externalApi.jarContainer(),
+  externalApi.jarVersion(), type, "type", classification, "classification"
 `,
   frameworkModeQuery: `/**
  * @name Public methods
@@ -75,7 +75,7 @@ private predicate isUninteresting(Callable c) {
 /**
  * A callable method from either the Standard Library, a 3rd party library or from the source.
  */
-class CallableMethod extends Method {
+class CallableMethod extends Callable {
   CallableMethod() { not isUninteresting(this) }
 
   /**
@@ -91,6 +91,10 @@ class CallableMethod extends Method {
     result = this.getCompilationUnit().getParentContainer*().(JarFile).getBaseName()
   }
 
+  private string getJarVersion() {
+    result = this.getCompilationUnit().getParentContainer*().(JarFile).getSpecificationVersion()
+  }
+
   /**
    * Gets the jar file containing this API. Normalizes the Java Runtime to "rt.jar" despite the presence of modules.
    */
@@ -100,6 +104,15 @@ class CallableMethod extends Method {
     not exists(this.getJarName()) and result = "rt.jar"
   }
 
+  /**
+   * Gets the version of the JAR file containing this API. Empty if no version is found in the JAR.
+   */
+  string jarVersion() {
+    result = this.getJarVersion()
+    or
+    not exists(this.getJarVersion()) and result = ""
+  }
+
   /** Gets a node that is an input to a call to this API. */
   private DataFlow::Node getAnInput() {
     exists(Call call | call.getCallee().getSourceDeclaration() = this |
@@ -160,7 +173,7 @@ string supportedType(CallableMethod method) {
   or
   method.isNeutral() and result = "neutral"
   or
-  not method.isSupported() and result = "none"
+  not method.isSupported() and result = ""
 }
 
 string methodClassification(Call method) {

extensions/ql-vscode/src/data-extensions-editor/queries/query.ts

@@ -8,7 +8,7 @@ export type Query = {
    * - supported: whether the external API is modeled. This should be a string representation of a boolean to satify the result pattern for a problem query.
    * - "supported": a string literal. This is required to make the query a valid problem query.
    * - libraryName: the name of the library that contains the external API. This is a string and usually the basename of a file.
-   * - "library": a string literal. This is required to make the query a valid problem query.
+   * - libraryVersion: the version of the library that contains the external API. This is a string and can be empty if the version cannot be determined.
    * - type: the modeled kind of the method, either "sink", "source", "summary", or "neutral"
    * - "type": a string literal. This is required to make the query a valid problem query.
    * - classification: the classification of the use of the method, either "source", "test", "generated", or "unknown"
@@ -25,7 +25,7 @@ export type Query = {
    * - supported: whether this method is modeled. This should be a string representation of a boolean to satify the result pattern for a problem query.
    * - "supported": a string literal. This is required to make the query a valid problem query.
    * - libraryName: an arbitrary string. This is required to make it match the structure of the application query.
-   * - "library": a string literal. This is required to make the query a valid problem query.
+   * - libraryVersion: an arbitrary string. This is required to make it match the structure of the application query.
    * - type: the modeled kind of the method, either "sink", "source", "summary", or "neutral"
    * - "type": a string literal. This is required to make the query a valid problem query.
    * - "unknown": a string literal. This is required to make it match the structure of the application query.

extensions/ql-vscode/src/data-extensions-editor/yaml.ts

@@ -1,6 +1,5 @@
 import Ajv from "ajv";
 
-import { basename, extname } from "../common/path";
 import { ExternalApiUsage } from "./external-api-usage";
 import { ModeledMethod, ModeledMethodType } from "./modeled-method";
 import {
@@ -122,29 +121,12 @@ export function createDataExtensionYamlsForFrameworkMode(
   };
 }
 
-// From the semver package using
-// const { re, t } = require("semver/internal/re");
-// console.log(re[t.LOOSE]);
-// Modified to remove the ^ and $ anchors
-// This will match any semver string at the end of a larger string
-const semverRegex =
-  /[v=\s]*([0-9]+)\.([0-9]+)\.([0-9]+)(?:-?((?:[0-9]+|\d*[a-zA-Z-][a-zA-Z0-9-]*)(?:\.(?:[0-9]+|\d*[a-zA-Z-][a-zA-Z0-9-]*))*))?(?:\+([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?/;
-
 export function createFilenameForLibrary(
   library: string,
   prefix = "models/",
   suffix = ".model",
 ) {
-  let libraryName = basename(library);
-  const extension = extname(libraryName);
-  libraryName = libraryName.slice(0, -extension.length);
-
-  const match = semverRegex.exec(libraryName);
-
-  if (match !== null) {
-    // Remove everything after the start of the match
-    libraryName = libraryName.slice(0, match.index);
-  }
+  let libraryName = library;
 
   // Lowercase everything
   libraryName = libraryName.toLowerCase();

extensions/ql-vscode/src/stories/data-extensions-editor/DataExtensionsEditor.stories.tsx

@@ -33,7 +33,8 @@ DataExtensionsEditor.args = {
   },
   initialExternalApiUsages: [
     {
-      library: "sql2o-1.6.0.jar",
+      library: "sql2o",
+      libraryVersion: "1.6.0",
       signature: "org.sql2o.Connection#createQuery(String)",
       packageName: "org.sql2o",
       typeName: "Connection",
@@ -54,7 +55,8 @@ DataExtensionsEditor.args = {
       }),
     },
     {
-      library: "sql2o-1.6.0.jar",
+      library: "sql2o",
+      libraryVersion: "1.6.0",
       signature: "org.sql2o.Query#executeScalar(Class)",
       packageName: "org.sql2o",
       typeName: "Query",
@@ -75,7 +77,8 @@ DataExtensionsEditor.args = {
       }),
     },
     {
-      library: "sql2o-1.6.0.jar",
+      library: "sql2o",
+      libraryVersion: "1.6.0",
       signature: "org.sql2o.Sql2o#open()",
       packageName: "org.sql2o",
       typeName: "Sql2o",
@@ -96,7 +99,7 @@ DataExtensionsEditor.args = {
       }),
     },
     {
-      library: "rt.jar",
+      library: "rt",
       signature: "java.io.PrintStream#println(String)",
       packageName: "java.io",
       typeName: "PrintStream",
@@ -130,7 +133,8 @@ DataExtensionsEditor.args = {
       ],
     },
     {
-      library: "spring-boot-3.0.2.jar",
+      library: "spring-boot",
+      libraryVersion: "3.0.2",
       signature:
         "org.springframework.boot.SpringApplication#run(Class,String[])",
       packageName: "org.springframework.boot",
@@ -152,7 +156,8 @@ DataExtensionsEditor.args = {
       }),
     },
     {
-      library: "sql2o-1.6.0.jar",
+      library: "sql2o",
+      libraryVersion: "1.6.0",
       signature: "org.sql2o.Sql2o#Sql2o(String,String,String)",
       packageName: "org.sql2o",
       typeName: "Sql2o",
@@ -173,7 +178,8 @@ DataExtensionsEditor.args = {
       }),
     },
     {
-      library: "sql2o-1.6.0.jar",
+      library: "sql2o",
+      libraryVersion: "1.6.0",
       signature: "org.sql2o.Sql2o#Sql2o(String)",
       packageName: "org.sql2o",
       typeName: "Sql2o",

extensions/ql-vscode/src/view/data-extensions-editor/LibraryRow.tsx

@@ -68,6 +68,7 @@ const ButtonsContainer = styled.div`
 
 type Props = {
   title: string;
+  libraryVersion?: string;
   externalApiUsages: ExternalApiUsage[];
   modeledMethods: Record<string, ModeledMethod>;
   viewState: DataExtensionEditorViewState;
@@ -91,6 +92,7 @@ type Props = {
 
 export const LibraryRow = ({
   title,
+  libraryVersion,
   externalApiUsages,
   modeledMethods,
   viewState,
@@ -158,7 +160,10 @@ export const LibraryRow = ({
           <Codicon name="chevron-right" label="Expand" />
         )}
         <NameContainer>
-          <DependencyName>{title}</DependencyName>
+          <DependencyName>
+            {title}
+            {libraryVersion && <>@{libraryVersion}</>}
+          </DependencyName>
           <ModeledPercentage>
             {percentFormatter.format(modeledPercentage / 100)} modeled
           </ModeledPercentage>

extensions/ql-vscode/src/view/data-extensions-editor/MethodRow.tsx

@@ -271,8 +271,10 @@ function UnmodelableMethodRow(props: Props) {
 function ExternalApiUsageName(props: { externalApiUsage: ExternalApiUsage }) {
   return (
     <span>
-      {props.externalApiUsage.packageName}.{props.externalApiUsage.typeName}.
-      {props.externalApiUsage.methodName}
+      {props.externalApiUsage.packageName && (
+        <>{props.externalApiUsage.packageName}.</>
+      )}
+      {props.externalApiUsage.typeName}.{props.externalApiUsage.methodName}
       {props.externalApiUsage.methodParameters}
     </span>
   );