Merge pull request #9553 from michaelnebel/csharp/narrowtelemetry

michaelnebel · web-flow · commit 2b892bc000e3 · 2022-06-22T07:35:56.000+02:00
C#/Java: Only display 1k most relevant results for ExternalApi telemetry queries.
diff --git a/csharp/ql/src/Telemetry/ExternalApi.qll b/csharp/ql/src/Telemetry/ExternalApi.qll
@@ -107,3 +107,36 @@ class ExternalApi extends DotNet::Callable {
   /** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */
   predicate isSupported() { this.hasSummary() or this.isSource() or this.isSink() }
 }
+
+/**
+ * Gets the limit for the number of results produced by a telemetry query.
+ */
+int resultLimit() { result = 1000 }
+
+/**
+ * Holds if the relevant usage count of `api` is `usages`.
+ */
+signature predicate relevantUsagesSig(ExternalApi api, int usages);
+
+/**
+ * Given a predicate to count relevant API usages, this module provides a predicate
+ * for restricting the number or returned results based on a certain limit.
+ */
+module Results<relevantUsagesSig/2 getRelevantUsages> {
+  private int getOrder(ExternalApi api) {
+    api =
+      rank[result](ExternalApi a, int usages |
+        getRelevantUsages(a, usages)
+      |
+        a order by usages desc, a.getInfo()
+      )
+  }
+
+  /**
+   * Holds if `api` is being used `usages` times and if it is
+   * in the top results (guarded by resultLimit).
+   */
+  predicate restrict(ExternalApi api, int usages) {
+    getRelevantUsages(api, usages) and getOrder(api) <= resultLimit()
+  }
+}
diff --git a/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql b/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql
@@ -10,12 +10,23 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-from int usages, string info
-where
+private predicate getRelevantUsages(string info, int usages) {
   usages =
     strictcount(DispatchCall c, ExternalApi api |
       c = api.getACall() and
       api.getInfoPrefix() = info and
       not api.isUninteresting()
     )
+}
+
+private int getOrder(string info) {
+  info =
+    rank[result](string i, int usages | getRelevantUsages(i, usages) | i order by usages desc, i)
+}
+
+from ExternalApi api, string info, int usages
+where
+  info = api.getInfoPrefix() and
+  getRelevantUsages(info, usages) and
+  getOrder(info) <= resultLimit()
 select info, usages order by usages desc
diff --git a/csharp/ql/src/Telemetry/SupportedExternalSinks.ql b/csharp/ql/src/Telemetry/SupportedExternalSinks.ql
@@ -10,9 +10,12 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-from ExternalApi api, int usages
-where
+private predicate getRelevantUsages(ExternalApi api, int usages) {
   not api.isUninteresting() and
   api.isSink() and
   usages = strictcount(DispatchCall c | c = api.getACall())
+}
+
+from ExternalApi api, int usages
+where Results<getRelevantUsages/2>::restrict(api, usages)
 select api.getInfo() as info, usages order by usages desc
diff --git a/csharp/ql/src/Telemetry/SupportedExternalSources.ql b/csharp/ql/src/Telemetry/SupportedExternalSources.ql
@@ -10,9 +10,12 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-from ExternalApi api, int usages
-where
+private predicate getRelevantUsages(ExternalApi api, int usages) {
   not api.isUninteresting() and
   api.isSource() and
   usages = strictcount(DispatchCall c | c = api.getACall())
+}
+
+from ExternalApi api, int usages
+where Results<getRelevantUsages/2>::restrict(api, usages)
 select api.getInfo() as info, usages order by usages desc
diff --git a/csharp/ql/src/Telemetry/SupportedExternalTaint.ql b/csharp/ql/src/Telemetry/SupportedExternalTaint.ql
@@ -10,9 +10,12 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-from ExternalApi api, int usages
-where
+private predicate getRelevantUsages(ExternalApi api, int usages) {
   not api.isUninteresting() and
   api.hasSummary() and
   usages = strictcount(DispatchCall c | c = api.getACall())
+}
+
+from ExternalApi api, int usages
+where Results<getRelevantUsages/2>::restrict(api, usages)
 select api.getInfo() as info, usages order by usages desc
diff --git a/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql b/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
@@ -10,9 +10,12 @@ private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
 private import ExternalApi
 
-from ExternalApi api, int usages
-where
+private predicate getRelevantUsages(ExternalApi api, int usages) {
   not api.isUninteresting() and
   not api.isSupported() and
   usages = strictcount(DispatchCall c | c = api.getACall())
+}
+
+from ExternalApi api, int usages
+where Results<getRelevantUsages/2>::restrict(api, usages)
 select api.getInfo() as info, usages order by usages desc
diff --git a/java/ql/src/Telemetry/ExternalApi.qll b/java/ql/src/Telemetry/ExternalApi.qll
@@ -98,3 +98,36 @@ class ExternalApi extends Callable {
 
 /** DEPRECATED: Alias for ExternalApi */
 deprecated class ExternalAPI = ExternalApi;
+
+/**
+ * Gets the limit for the number of results produced by a telemetry query.
+ */
+int resultLimit() { result = 1000 }
+
+/**
+ * Holds if the relevant usage count of `api` is `usages`.
+ */
+signature predicate relevantUsagesSig(ExternalApi api, int usages);
+
+/**
+ * Given a predicate to count relevant API usages, this module provides a predicate
+ * for restricting the number or returned results based on a certain limit.
+ */
+module Results<relevantUsagesSig/2 getRelevantUsages> {
+  private int getOrder(ExternalApi api) {
+    api =
+      rank[result](ExternalApi a, int usages |
+        getRelevantUsages(a, usages)
+      |
+        a order by usages desc, a.getApiName()
+      )
+  }
+
+  /**
+   * Holds if `api` is being used `usages` times and if it is
+   * in the top results (guarded by resultLimit).
+   */
+  predicate restrict(ExternalApi api, int usages) {
+    getRelevantUsages(api, usages) and getOrder(api) <= resultLimit()
+  }
+}
diff --git a/java/ql/src/Telemetry/ExternalLibraryUsage.ql b/java/ql/src/Telemetry/ExternalLibraryUsage.ql
@@ -9,13 +9,28 @@
 import java
 import ExternalApi
 
-from int usages, string jarname
-where
+private predicate getRelevantUsages(string jarname, int usages) {
   usages =
     strictcount(Call c, ExternalApi a |
       c.getCallee().getSourceDeclaration() = a and
       not c.getFile() instanceof GeneratedFile and
       a.jarContainer() = jarname and
       not a.isUninteresting()
     )
+}
+
+private int getOrder(string jarname) {
+  jarname =
+    rank[result](string jar, int usages |
+      getRelevantUsages(jar, usages)
+    |
+      jar order by usages desc, jar
+    )
+}
+
+from ExternalApi api, string jarname, int usages
+where
+  jarname = api.jarContainer() and
+  getRelevantUsages(jarname, usages) and
+  getOrder(jarname) <= resultLimit()
 select jarname, usages order by usages desc
diff --git a/java/ql/src/Telemetry/SupportedExternalSinks.ql b/java/ql/src/Telemetry/SupportedExternalSinks.ql
@@ -8,15 +8,17 @@
 
 import java
 import ExternalApi
-import semmle.code.java.GeneratedFiles
 
-from ExternalApi api, int usages
-where
+private predicate getRelevantUsages(ExternalApi api, int usages) {
   not api.isUninteresting() and
   api.isSink() and
   usages =
     strictcount(Call c |
       c.getCallee().getSourceDeclaration() = api and
       not c.getFile() instanceof GeneratedFile
     )
+}
+
+from ExternalApi api, int usages
+where Results<getRelevantUsages/2>::restrict(api, usages)
 select api.getApiName() as apiname, usages order by usages desc
diff --git a/java/ql/src/Telemetry/SupportedExternalSources.ql b/java/ql/src/Telemetry/SupportedExternalSources.ql
@@ -8,15 +8,17 @@
 
 import java
 import ExternalApi
-import semmle.code.java.GeneratedFiles
 
-from ExternalApi api, int usages
-where
+private predicate getRelevantUsages(ExternalApi api, int usages) {
   not api.isUninteresting() and
   api.isSource() and
   usages =
     strictcount(Call c |
       c.getCallee().getSourceDeclaration() = api and
       not c.getFile() instanceof GeneratedFile
     )
+}
+
+from ExternalApi api, int usages
+where Results<getRelevantUsages/2>::restrict(api, usages)
 select api.getApiName() as apiname, usages order by usages desc
diff --git a/java/ql/src/Telemetry/SupportedExternalTaint.ql b/java/ql/src/Telemetry/SupportedExternalTaint.ql
@@ -8,15 +8,17 @@
 
 import java
 import ExternalApi
-import semmle.code.java.GeneratedFiles
 
-from ExternalApi api, int usages
-where
+private predicate getRelevantUsages(ExternalApi api, int usages) {
   not api.isUninteresting() and
   api.hasSummary() and
   usages =
     strictcount(Call c |
       c.getCallee().getSourceDeclaration() = api and
       not c.getFile() instanceof GeneratedFile
     )
+}
+
+from ExternalApi api, int usages
+where Results<getRelevantUsages/2>::restrict(api, usages)
 select api.getApiName() as apiname, usages order by usages desc
diff --git a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
@@ -8,15 +8,17 @@
 
 import java
 import ExternalApi
-import semmle.code.java.GeneratedFiles
 
-from ExternalApi api, int usages
-where
+private predicate getRelevantUsages(ExternalApi api, int usages) {
   not api.isUninteresting() and
   not api.isSupported() and
   usages =
     strictcount(Call c |
       c.getCallee().getSourceDeclaration() = api and
       not c.getFile() instanceof GeneratedFile
     )
+}
+
+from ExternalApi api, int usages
+where Results<getRelevantUsages/2>::restrict(api, usages)
 select api.getApiName() as apiname, usages order by usages desc
