Merge branch 'main' into robertbrignull/data-modeled-method-signature

pick 2db42e3 Pull out createDataExtensionYamls into yaml.ts
pick 52f7cac Move saveModeledMethods to a separate file
pick ba27230 Move loadModeledMethods to a separate file
pick c512a11 Split out listModelFiles from loadModeledMethods
pick 752cf8a Add some tests of listModelFiles

Author: robertbrignull

extensions/ql-vscode/src/data-extensions-editor/bqrs.ts

@@ -1,5 +1,10 @@
 import { DecodedBqrsChunk } from "../common/bqrs-cli-types";
-import { Call, ExternalApiUsage } from "./external-api-usage";
+import {
+  Call,
+  CallClassification,
+  ExternalApiUsage,
+} from "./external-api-usage";
+import { ModeledMethodType } from "./modeled-method";
 
 export function decodeBqrsToExternalApiUsages(
   chunk: DecodedBqrsChunk,
@@ -11,6 +16,8 @@ export function decodeBqrsToExternalApiUsages(
     const signature = tuple[1] as string;
     const supported = (tuple[2] as string) === "true";
     const library = tuple[4] as string;
+    const type = tuple[6] as ModeledMethodType;
+    const classification = tuple[8] as CallClassification;
 
     const [packageWithType, methodDeclaration] = signature.split("#");
 
@@ -39,12 +46,16 @@ export function decodeBqrsToExternalApiUsages(
         methodName,
         methodParameters,
         supported,
+        supportedType: type,
         usages: [],
       });
     }
 
     const method = methodsByApiName.get(signature)!;
-    method.usages.push(usage);
+    method.usages.push({
+      ...usage,
+      classification,
+    });
   });
 
   return Array.from(methodsByApiName.values());

extensions/ql-vscode/src/data-extensions-editor/external-api-usage.ts

@@ -1,10 +1,22 @@
 import { ResolvableLocationValue } from "../common/bqrs-cli-types";
+import { ModeledMethodType } from "./modeled-method";
 
 export type Call = {
   label: string;
   url: ResolvableLocationValue;
 };
 
+export enum CallClassification {
+  Unknown = "unknown",
+  Source = "source",
+  Test = "test",
+  Generated = "generated",
+}
+
+export type Usage = Call & {
+  classification: CallClassification;
+};
+
 export interface MethodSignature {
   /**
    * A unique signature that can be used to identify this external API usage.
@@ -33,5 +45,6 @@ export interface ExternalApiUsage extends MethodSignature {
    * If so, there is no need for the user to model it themselves.
    */
   supported: boolean;
-  usages: Call[];
+  supportedType: ModeledMethodType;
+  usages: Usage[];
 }

extensions/ql-vscode/src/data-extensions-editor/queries/csharp.ts

@@ -22,12 +22,16 @@ class ExternalApi extends CallableMethod {
 
 private Call aUsage(ExternalApi api) { result.getTarget().getUnboundDeclaration() = api }
 
-from ExternalApi api, string apiName, boolean supported, Call usage
+from
+  ExternalApi api, string apiName, boolean supported, Call usage, string type, string classification
 where
   apiName = api.getApiName() and
   supported = isSupported(api) and
-  usage = aUsage(api)
-select usage, apiName, supported.toString(), "supported", api.getFile().getBaseName(), "library"
+  usage = aUsage(api) and
+  type = supportedType(api) and
+  classification = methodClassification(usage)
+select usage, apiName, supported.toString(), "supported", api.getFile().getBaseName(), "library",
+  type, "type", classification, "classification"
 `,
   frameworkModeQuery: `/**
  * @name Public methods
@@ -46,12 +50,13 @@ class PublicMethod extends CallableMethod {
   PublicMethod() { this.fromSource() and not this.getFile() instanceof TestFile }
 }
 
-from PublicMethod publicMethod, string apiName, boolean supported
+from PublicMethod publicMethod, string apiName, boolean supported, string type
 where
   apiName = publicMethod.getApiName() and
-  supported = isSupported(publicMethod)
+  supported = isSupported(publicMethod) and
+  type = supportedType(publicMethod)
 select publicMethod, apiName, supported.toString(), "supported",
-  publicMethod.getFile().getBaseName(), "library"
+  publicMethod.getFile().getBaseName(), "library", type, "type", "unknown", "classification"
 `,
   dependencies: {
     "AutomodelVsCode.qll": `/** Provides classes and predicates related to handling APIs for the VS Code extension. */
@@ -66,6 +71,7 @@ private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
 private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch
 private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
+private import semmle.code.csharp.frameworks.Test
 private import semmle.code.csharp.security.dataflow.flowsources.Remote
 
 pragma[nomagic]
@@ -180,6 +186,25 @@ boolean isSupported(CallableMethod callableMethod) {
   result = false
 }
 
+string supportedType(CallableMethod method) {
+  method.isSink() and result = "sink"
+  or
+  method.isSource() and result = "source"
+  or
+  method.hasSummary() and result = "summary"
+  or
+  method.isNeutral() and result = "neutral"
+  or
+  not method.isSupported() and result = "none"
+}
+
+string methodClassification(Call method) {
+  method.getFile() instanceof TestFile and result = "test"
+  or
+  not method.getFile() instanceof TestFile and
+  result = "source"
+}
+
 /**
  * Gets the nested name of the declaration.
  *

extensions/ql-vscode/src/data-extensions-editor/queries/java.ts

@@ -16,17 +16,19 @@ class ExternalApi extends CallableMethod {
   ExternalApi() { not this.fromSource() }
 }
 
-private Call aUsage(ExternalApi api) {
-  result.getCallee().getSourceDeclaration() = api and
-  not result.getFile() instanceof GeneratedFile
-}
+private Call aUsage(ExternalApi api) { result.getCallee().getSourceDeclaration() = api }
 
-from ExternalApi externalApi, string apiName, boolean supported, Call usage
+from
+  ExternalApi externalApi, string apiName, boolean supported, Call usage, string type,
+  string classification
 where
   apiName = externalApi.getApiName() and
   supported = isSupported(externalApi) and
-  usage = aUsage(externalApi)
-select usage, apiName, supported.toString(), "supported", externalApi.jarContainer(), "library"
+  usage = aUsage(externalApi) and
+  type = supportedType(externalApi) and
+  classification = methodClassification(usage)
+select usage, apiName, supported.toString(), "supported", externalApi.jarContainer(), "library",
+  type, "type", classification, "classification"
 `,
   frameworkModeQuery: `/**
  * @name Public methods
@@ -41,12 +43,14 @@ import AutomodelVsCode
 
 class PublicMethodFromSource extends CallableMethod, ModelApi { }
 
-from PublicMethodFromSource publicMethod, string apiName, boolean supported
+from PublicMethodFromSource publicMethod, string apiName, boolean supported, string type
 where
   apiName = publicMethod.getApiName() and
-  supported = isSupported(publicMethod)
+  supported = isSupported(publicMethod) and
+  type = supportedType(publicMethod)
 select publicMethod, apiName, supported.toString(), "supported",
-  publicMethod.getCompilationUnit().getParentContainer().getBaseName(), "library"
+  publicMethod.getCompilationUnit().getParentContainer().getBaseName(), "library", type, "type",
+  "unknown", "classification"
 `,
   dependencies: {
     "AutomodelVsCode.qll": `/** Provides classes and predicates related to handling APIs for the VS Code extension. */
@@ -147,6 +151,28 @@ boolean isSupported(CallableMethod method) {
   not method.isSupported() and result = false
 }
 
+string supportedType(CallableMethod method) {
+  method.isSink() and result = "sink"
+  or
+  method.isSource() and result = "source"
+  or
+  method.hasSummary() and result = "summary"
+  or
+  method.isNeutral() and result = "neutral"
+  or
+  not method.isSupported() and result = "none"
+}
+
+string methodClassification(Call method) {
+  isInTestFile(method.getLocation().getFile()) and result = "test"
+  or
+  method.getFile() instanceof GeneratedFile and result = "generated"
+  or
+  not isInTestFile(method.getLocation().getFile()) and
+  not method.getFile() instanceof GeneratedFile and
+  result = "source"
+}
+
 // The below is a copy of https://github.com/github/codeql/blob/249f9f863db1e94e3c46ca85b49fb0ec32f8ca92/java/ql/lib/semmle/code/java/dataflow/internal/ModelExclusions.qll
 // to avoid the use of internal modules.
 /** Holds if the given package \`p\` is a test package. */

extensions/ql-vscode/src/data-extensions-editor/queries/query.ts

@@ -9,6 +9,10 @@ export type Query = {
    * - "supported": a string literal. This is required to make the query a valid problem query.
    * - libraryName: the name of the library that contains the external API. This is a string and usually the basename of a file.
    * - "library": a string literal. This is required to make the query a valid problem query.
+   * - type: the modeled kind of the method, either "sink", "source", "summary", or "neutral"
+   * - "type": a string literal. This is required to make the query a valid problem query.
+   * - classification: the classification of the use of the method, either "source", "test", "generated", or "unknown"
+   * - "classification: a string literal. This is required to make the query a valid problem query.
    */
   applicationModeQuery: string;
   /**
@@ -22,6 +26,10 @@ export type Query = {
    * - "supported": a string literal. This is required to make the query a valid problem query.
    * - libraryName: an arbitrary string. This is required to make it match the structure of the application query.
    * - "library": a string literal. This is required to make the query a valid problem query.
+   * - type: the modeled kind of the method, either "sink", "source", "summary", or "neutral"
+   * - "type": a string literal. This is required to make the query a valid problem query.
+   * - "unknown": a string literal. This is required to make it match the structure of the application query.
+   * - "classification: a string literal. This is required to make the query a valid problem query.
    */
   frameworkModeQuery: string;
   dependencies?: {

extensions/ql-vscode/src/stories/data-extensions-editor/DataExtensionsEditor.stories.tsx

@@ -4,6 +4,7 @@ import { ComponentMeta, ComponentStory } from "@storybook/react";
 
 import { Mode } from "../../data-extensions-editor/shared/mode";
 import { DataExtensionsEditor as DataExtensionsEditorComponent } from "../../view/data-extensions-editor/DataExtensionsEditor";
+import { CallClassification } from "../../data-extensions-editor/external-api-usage";
 
 export default {
   title: "Data Extensions Editor/Data Extensions Editor",
@@ -39,6 +40,7 @@ DataExtensionsEditor.args = {
       methodName: "createQuery",
       methodParameters: "(String)",
       supported: true,
+      supportedType: "summary",
       usages: Array(10).fill({
         label: "createQuery(...)",
         url: {
@@ -48,6 +50,7 @@ DataExtensionsEditor.args = {
           endLine: 15,
           endColumn: 56,
         },
+        classification: CallClassification.Source,
       }),
     },
     {
@@ -58,6 +61,7 @@ DataExtensionsEditor.args = {
       methodName: "executeScalar",
       methodParameters: "(Class)",
       supported: true,
+      supportedType: "neutral",
       usages: Array(2).fill({
         label: "executeScalar(...)",
         url: {
@@ -67,6 +71,7 @@ DataExtensionsEditor.args = {
           endLine: 15,
           endColumn: 85,
         },
+        classification: CallClassification.Source,
       }),
     },
     {
@@ -77,6 +82,7 @@ DataExtensionsEditor.args = {
       methodName: "open",
       methodParameters: "()",
       supported: false,
+      supportedType: "none",
       usages: Array(28).fill({
         label: "open(...)",
         url: {
@@ -86,6 +92,7 @@ DataExtensionsEditor.args = {
           endLine: 14,
           endColumn: 35,
         },
+        classification: CallClassification.Source,
       }),
     },
     {
@@ -96,6 +103,7 @@ DataExtensionsEditor.args = {
       methodName: "println",
       methodParameters: "(String)",
       supported: true,
+      supportedType: "summary",
       usages: [
         {
           label: "println(...)",
@@ -106,6 +114,18 @@ DataExtensionsEditor.args = {
             endLine: 29,
             endColumn: 49,
           },
+          classification: CallClassification.Source,
+        },
+        {
+          label: "println(...)",
+          url: {
+            uri: "file:/home/runner/work/sql2o-example/sql2o-example/src/test/java/org/example/HelloControllerTest.java",
+            startLine: 29,
+            startColumn: 9,
+            endLine: 29,
+            endColumn: 49,
+          },
+          classification: CallClassification.Test,
         },
       ],
     },
@@ -118,6 +138,7 @@ DataExtensionsEditor.args = {
       methodName: "run",
       methodParameters: "(Class,String[])",
       supported: false,
+      supportedType: "none",
       usages: Array(7).fill({
         label: "run(...)",
         url: {
@@ -127,6 +148,7 @@ DataExtensionsEditor.args = {
           endLine: 9,
           endColumn: 66,
         },
+        classification: CallClassification.Source,
       }),
     },
     {
@@ -137,6 +159,7 @@ DataExtensionsEditor.args = {
       methodName: "Sql2o",
       methodParameters: "(String,String,String)",
       supported: false,
+      supportedType: "none",
       usages: Array(106).fill({
         label: "new Sql2o(...)",
         url: {
@@ -145,6 +168,7 @@ DataExtensionsEditor.args = {
           startColumn: 33,
           endLine: 10,
           endColumn: 88,
+          classification: CallClassification.Test,
         },
       }),
     },
@@ -156,16 +180,31 @@ DataExtensionsEditor.args = {
       methodName: "Sql2o",
       methodParameters: "(String)",
       supported: false,
-      usages: Array(4).fill({
-        label: "new Sql2o(...)",
-        url: {
-          uri: "file:/home/runner/work/sql2o-example/sql2o-example/src/main/java/org/example/HelloController.java",
-          startLine: 23,
-          startColumn: 23,
-          endLine: 23,
-          endColumn: 36,
+      supportedType: "none",
+      usages: [
+        ...Array(4).fill({
+          label: "new Sql2o(...)",
+          url: {
+            uri: "file:/home/runner/work/sql2o-example/sql2o-example/src/main/java/org/example/HelloController.java",
+            startLine: 23,
+            startColumn: 23,
+            endLine: 23,
+            endColumn: 36,
+          },
+          classification: CallClassification.Test,
+        }),
+        {
+          label: "new Sql2o(...)",
+          url: {
+            uri: "file:/home/runner/work/sql2o-example/sql2o-example/build/generated/java/org/example/HelloControllerGenerated.java",
+            startLine: 23,
+            startColumn: 23,
+            endLine: 23,
+            endColumn: 36,
+          },
+          classification: CallClassification.Generated,
         },
-      }),
+      ],
     },
   ],
   initialModeledMethods: {