C#/Java: Reorder code in terms of dependency, rename ExternalAPI to ExternalApi and add some missing predicate qualifiers.

Author: michaelnebel

csharp/ql/src/Telemetry/ExternalAPI.qll renamed to csharp/ql/src/Telemetry/ExternalApi.qll

@@ -10,21 +10,21 @@ private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
 private import semmle.code.csharp.security.dataflow.flowsources.Remote
 
 /**
- * An external API from either the C# Standard Library or a 3rd party library.
+ * A test library.
  */
-class ExternalAPI extends Callable {
-  ExternalAPI() { this.fromLibrary() }
-
-  /** Holds if this API is not worth supporting */
-  predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
-
-  /** Holds if this API is is a constructor without parameters */
-  private predicate isParameterlessConstructor() {
-    this instanceof Constructor and this.getNumberOfParameters() = 0
+class TestLibrary extends RefType {
+  TestLibrary() {
+    this.getNamespace()
+        .getName()
+        .matches(["NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%"])
   }
+}
 
-  /** Holds if this API is part of a common testing library or framework */
-  private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
+/**
+ * An external API from either the C# Standard Library or a 3rd party library.
+ */
+class ExternalApi extends Callable {
+  ExternalApi() { this.fromLibrary() }
 
   /**
    * Gets the unbound type, name and parameter types of this API.
@@ -53,7 +53,7 @@ class ExternalAPI extends Callable {
   /**
    * Gets the assembly file name, namespace and signature of this API.
    */
-  string getInfo() { result = getInfoPrefix() + "#" + getSignature() }
+  string getInfo() { result = this.getInfoPrefix() + "#" + this.getSignature() }
 
   /** Gets a node that is an input to a call to this API. */
   private DataFlow::Node getAnInput() {
@@ -78,6 +78,17 @@ class ExternalAPI extends Callable {
     defaultAdditionalTaintStep(this.getAnInput(), _)
   }
 
+  /** Holds if this API is is a constructor without parameters */
+  private predicate isParameterlessConstructor() {
+    this instanceof Constructor and this.getNumberOfParameters() = 0
+  }
+
+  /** Holds if this API is part of a common testing library or framework */
+  private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
+
+  /** Holds if this API is not worth supporting */
+  predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
+
   /** Holds if this API is a known source. */
   predicate isSource() {
     this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)
@@ -89,11 +100,3 @@ class ExternalAPI extends Callable {
   /** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */
   predicate isSupported() { this.hasSummary() or this.isSource() or this.isSink() }
 }
-
-private class TestLibrary extends RefType {
-  TestLibrary() {
-    this.getNamespace()
-        .getName()
-        .matches(["NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%"])
-  }
-}

csharp/ql/src/Telemetry/ExternalLibraryUsage.ql

@@ -7,12 +7,12 @@
  */
 
 import csharp
-import ExternalAPI
+import ExternalApi
 
 from int usages, string info
 where
   usages =
-    strictcount(Call c, ExternalAPI api |
+    strictcount(Call c, ExternalApi api |
       c.getTarget() = api and
       api.getInfoPrefix() = info and
       not api.isUninteresting()

csharp/ql/src/Telemetry/SupportedExternalSinks.ql

@@ -7,9 +7,9 @@
  */
 
 import csharp
-import ExternalAPI
+import ExternalApi
 
-from ExternalAPI api, int usages
+from ExternalApi api, int usages
 where
   not api.isUninteresting() and
   api.isSink() and

csharp/ql/src/Telemetry/SupportedExternalSources.ql

@@ -7,9 +7,9 @@
  */
 
 import csharp
-import ExternalAPI
+import ExternalApi
 
-from ExternalAPI api, int usages
+from ExternalApi api, int usages
 where
   not api.isUninteresting() and
   api.isSource() and

csharp/ql/src/Telemetry/SupportedExternalTaint.ql

@@ -7,9 +7,9 @@
  */
 
 import csharp
-import ExternalAPI
+import ExternalApi
 
-from ExternalAPI api, int usages
+from ExternalApi api, int usages
 where
   not api.isUninteresting() and
   api.hasSummary() and

csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql

@@ -7,9 +7,9 @@
  */
 
 import csharp
-import ExternalAPI
+import ExternalApi
 
-from ExternalAPI api, int usages
+from ExternalApi api, int usages
 where
   not api.isUninteresting() and
   not api.isSupported() and

java/ql/src/Telemetry/ExternalAPI.qll renamed to java/ql/src/Telemetry/ExternalApi.qll

@@ -9,21 +9,29 @@ private import semmle.code.java.dataflow.internal.DataFlowPrivate
 private import semmle.code.java.dataflow.TaintTracking
 
 /**
- * An external API from either the Java Standard Library or a 3rd party library.
+ * A test library.
  */
-class ExternalApi extends Callable {
-  ExternalApi() { not this.fromSource() }
-
-  /** Holds if this API is not worth supporting */
-  predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
-
-  /** Holds if this API is is a constructor without parameters */
-  predicate isParameterlessConstructor() {
-    this instanceof Constructor and this.getNumberOfParameters() = 0
+private class TestLibrary extends RefType {
+  TestLibrary() {
+    this.getPackage()
+        .getName()
+        .matches([
+            "org.junit%", "junit.%", "org.mockito%", "org.assertj%",
+            "com.github.tomakehurst.wiremock%", "org.hamcrest%", "org.springframework.test.%",
+            "org.springframework.mock.%", "org.springframework.boot.test.%", "reactor.test%",
+            "org.xmlunit%", "org.testcontainers.%", "org.opentest4j%", "org.mockserver%",
+            "org.powermock%", "org.skyscreamer.jsonassert%", "org.rnorth.visibleassertions",
+            "org.openqa.selenium%", "com.gargoylesoftware.htmlunit%",
+            "org.jboss.arquillian.testng%", "org.testng%"
+          ])
   }
+}
 
-  /** Holds if this API is part of a common testing library or framework */
-  private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
+/**
+ * An external API from either the Standard Library or a 3rd party library.
+ */
+class ExternalApi extends Callable {
+  ExternalApi() { not this.fromSource() }
 
   /**
    * Gets information about the external API in the form expected by the CSV modeling framework.
@@ -34,17 +42,17 @@ class ExternalApi extends Callable {
         "#" + this.getName() + paramsString(this)
   }
 
+  private string containerAsJar(Container container) {
+    if container instanceof JarFile then result = container.getBaseName() else result = "rt.jar"
+  }
+
   /**
    * Gets the jar file containing this API. Normalizes the Java Runtime to "rt.jar" despite the presence of modules.
    */
   string jarContainer() {
     result = this.containerAsJar(this.getCompilationUnit().getParentContainer*())
   }
 
-  private string containerAsJar(Container container) {
-    if container instanceof JarFile then result = container.getBaseName() else result = "rt.jar"
-  }
-
   /** Gets a node that is an input to a call to this API. */
   private DataFlow::Node getAnInput() {
     exists(Call call | call.getCallee().getSourceDeclaration() = this |
@@ -67,6 +75,17 @@ class ExternalApi extends Callable {
     TaintTracking::localAdditionalTaintStep(this.getAnInput(), _)
   }
 
+  /** Holds if this API is is a constructor without parameters */
+  private predicate isParameterlessConstructor() {
+    this instanceof Constructor and this.getNumberOfParameters() = 0
+  }
+
+  /** Holds if this API is part of a common testing library or framework */
+  private predicate isTestLibrary() { this.getDeclaringType() instanceof TestLibrary }
+
+  /** Holds if this API is not worth supporting */
+  predicate isUninteresting() { this.isTestLibrary() or this.isParameterlessConstructor() }
+
   /** Holds if this API is a known source. */
   predicate isSource() {
     this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)
@@ -78,22 +97,3 @@ class ExternalApi extends Callable {
   /** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */
   predicate isSupported() { this.hasSummary() or this.isSource() or this.isSink() }
 }
-
-/** DEPRECATED: Alias for ExternalApi */
-deprecated class ExternalAPI = ExternalApi;
-
-private class TestLibrary extends RefType {
-  TestLibrary() {
-    this.getPackage()
-        .getName()
-        .matches([
-            "org.junit%", "junit.%", "org.mockito%", "org.assertj%",
-            "com.github.tomakehurst.wiremock%", "org.hamcrest%", "org.springframework.test.%",
-            "org.springframework.mock.%", "org.springframework.boot.test.%", "reactor.test%",
-            "org.xmlunit%", "org.testcontainers.%", "org.opentest4j%", "org.mockserver%",
-            "org.powermock%", "org.skyscreamer.jsonassert%", "org.rnorth.visibleassertions",
-            "org.openqa.selenium%", "com.gargoylesoftware.htmlunit%",
-            "org.jboss.arquillian.testng%", "org.testng%"
-          ])
-  }
-}

java/ql/src/Telemetry/ExternalLibraryUsage.ql

@@ -7,7 +7,7 @@
  */
 
 import java
-import ExternalAPI
+import ExternalApi
 
 from int usages, string jarname
 where

java/ql/src/Telemetry/SupportedExternalSinks.ql

@@ -7,7 +7,7 @@
  */
 
 import java
-import ExternalAPI
+import ExternalApi
 import semmle.code.java.GeneratedFiles
 
 from ExternalApi api, int usages

java/ql/src/Telemetry/SupportedExternalSources.ql

@@ -7,7 +7,7 @@
  */
 
 import java
-import ExternalAPI
+import ExternalApi
 import semmle.code.java.GeneratedFiles
 
 from ExternalApi api, int usages