C#/Java: Address review comments.

Author: michaelnebel

csharp/ql/src/Telemetry/ExternalApi.qll

@@ -58,25 +58,26 @@ class ExternalApi extends DataFlowDispatch::DataFlowCallable {
    */
   string getInfo() { result = this.getInfoPrefix() + "#" + this.getSignature() }
 
-  /** Gets a node that is an input to a call to this API. */
-  private ArgumentNode getAnInput() {
-    exists(DispatchCall call |
-      result.getCall().(DataFlowDispatch::NonDelegateDataFlowCall).getDispatchCall() = call
-    |
-      this = call.getADynamicTarget().getUnboundDeclaration()
+  /** Gets a call to this API callable. */
+  DispatchCall getACall() {
+    exists(DataFlowDispatch::NonDelegateDataFlowCall call | call.getDispatchCall() = result |
+      this = result.getADynamicTarget().getUnboundDeclaration()
       or
-      this = call.getAStaticTarget().getUnboundDeclaration()
+      this = result.getAStaticTarget().getUnboundDeclaration()
     )
   }
 
+  /** Gets a node that is an input to a call to this API. */
+  private ArgumentNode getAnInput() {
+    result.getCall().(DataFlowDispatch::NonDelegateDataFlowCall).getDispatchCall() = this.getACall()
+  }
+
   /** Gets a node that is an output from a call to this API. */
   private DataFlow::Node getAnOutput() {
     exists(DataFlowDispatch::NonDelegateDataFlowCall call, DataFlowImplCommon::ReturnKindExt ret |
       result = ret.getAnOutNode(call)
     |
-      this = call.getDispatchCall().getADynamicTarget().getUnboundDeclaration()
-      or
-      this = call.getDispatchCall().getAStaticTarget().getUnboundDeclaration()
+      this.getACall() = call.getDispatchCall()
     )
   }
 

csharp/ql/src/Telemetry/ExternalLibraryUsage.ql

@@ -6,14 +6,15 @@
  * @id csharp/telemetry/external-libs
  */
 
-import csharp
-import ExternalApi
+private import csharp
+private import semmle.code.csharp.dispatch.Dispatch
+private import ExternalApi
 
 from int usages, string info
 where
   usages =
-    strictcount(Call c, ExternalApi api |
-      c.getTarget().getUnboundDeclaration() = api and
+    strictcount(DispatchCall c, ExternalApi api |
+      c = api.getACall() and
       api.getInfoPrefix() = info and
       not api.isUninteresting()
     )

csharp/ql/src/Telemetry/SupportedExternalSinks.ql

@@ -6,12 +6,13 @@
  * @id csharp/telemetry/supported-external-api-sinks
  */
 
-import csharp
-import ExternalApi
+private import csharp
+private import semmle.code.csharp.dispatch.Dispatch
+private import ExternalApi
 
 from ExternalApi api, int usages
 where
   not api.isUninteresting() and
   api.isSink() and
-  usages = strictcount(Call c | c.getTarget().getUnboundDeclaration() = api)
+  usages = strictcount(DispatchCall c | c = api.getACall())
 select api.getInfo() as info, usages order by usages desc

csharp/ql/src/Telemetry/SupportedExternalSources.ql

@@ -6,12 +6,13 @@
  * @id csharp/telemetry/supported-external-api-sources
  */
 
-import csharp
-import ExternalApi
+private import csharp
+private import semmle.code.csharp.dispatch.Dispatch
+private import ExternalApi
 
 from ExternalApi api, int usages
 where
   not api.isUninteresting() and
   api.isSource() and
-  usages = strictcount(Call c | c.getTarget().getUnboundDeclaration() = api)
+  usages = strictcount(DispatchCall c | c = api.getACall())
 select api.getInfo() as info, usages order by usages desc

csharp/ql/src/Telemetry/SupportedExternalTaint.ql

@@ -6,12 +6,13 @@
  * @id csharp/telemetry/supported-external-api-taint
  */
 
-import csharp
-import ExternalApi
+private import csharp
+private import semmle.code.csharp.dispatch.Dispatch
+private import ExternalApi
 
 from ExternalApi api, int usages
 where
   not api.isUninteresting() and
   api.hasSummary() and
-  usages = strictcount(Call c | c.getTarget().getUnboundDeclaration() = api)
+  usages = strictcount(DispatchCall c | c = api.getACall())
 select api.getInfo() as info, usages order by usages desc

csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql

@@ -6,12 +6,13 @@
  * @id csharp/telemetry/unsupported-external-api
  */
 
-import csharp
-import ExternalApi
+private import csharp
+private import semmle.code.csharp.dispatch.Dispatch
+private import ExternalApi
 
 from ExternalApi api, int usages
 where
   not api.isUninteresting() and
   not api.isSupported() and
-  usages = strictcount(Call c | c.getTarget().getUnboundDeclaration() = api)
+  usages = strictcount(DispatchCall c | c = api.getACall())
 select api.getInfo() as info, usages order by usages desc

java/ql/src/Telemetry/ExternalApi.qll

@@ -27,6 +27,10 @@ private class TestLibrary extends RefType {
   }
 }
 
+private string containerAsJar(Container container) {
+  if container instanceof JarFile then result = container.getBaseName() else result = "rt.jar"
+}
+
 /**
  * An external API from either the Standard Library or a 3rd party library.
  */
@@ -42,16 +46,10 @@ class ExternalApi extends Callable {
         "#" + this.getName() + paramsString(this)
   }
 
-  private string containerAsJar(Container container) {
-    if container instanceof JarFile then result = container.getBaseName() else result = "rt.jar"
-  }
-
   /**
    * Gets the jar file containing this API. Normalizes the Java Runtime to "rt.jar" despite the presence of modules.
    */
-  string jarContainer() {
-    result = this.containerAsJar(this.getCompilationUnit().getParentContainer*())
-  }
+  string jarContainer() { result = containerAsJar(this.getCompilationUnit().getParentContainer*()) }
 
   /** Gets a node that is an input to a call to this API. */
   private DataFlow::Node getAnInput() {
@@ -97,3 +95,6 @@ class ExternalApi extends Callable {
   /** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */
   predicate isSupported() { this.hasSummary() or this.isSource() or this.isSink() }
 }
+
+/** DEPRECATED: Alias for ExternalApi */
+deprecated class ExternalAPI = ExternalApi;