Expose whether APIs are already supported

Benjamin Muskalla · Benjamin Muskalla · commit 18e3763f9098 · 2021-08-02T17:14:41.000+02:00
diff --git a/java/ql/src/Telemetry/APIUsage.qll b/java/ql/src/Telemetry/APIUsage.qll
@@ -1,4 +1,6 @@
 import java
+private import semmle.code.java.dataflow.FlowSteps
+private import semmle.code.java.dataflow.ExternalFlow
 
 private string jarName(CompilationUnit cu) {
   result = cu.getParentContainer().toString().regexpCapture(".*/(.*\\.jar)/?.*", 1)
@@ -18,3 +20,25 @@ predicate isInterestingAPI(Callable call) {
     call.getReturnType() instanceof BoxedType
   )
 }
+
+// TODO [bm] Fails to detect Collection flow yet (e.g. Map#put)
+string supportKind(Callable api) {
+  if api instanceof TaintPreservingCallable
+  then result = "taint-preserving"
+  else
+    if
+      summaryModel(api.getCompilationUnit().getPackage().toString(),
+        api.getDeclaringType().toString(), _, api.getName(), _, _, _, _, _)
+    then result = "summary"
+    else
+      if
+        sinkModel(api.getCompilationUnit().getPackage().toString(),
+          api.getDeclaringType().toString(), _, api.getName(), _, _, _, _)
+      then result = "sink"
+      else
+        if
+          sourceModel(api.getCompilationUnit().getPackage().toString(),
+            api.getDeclaringType().toString(), _, api.getName(), _, _, _, _)
+        then result = "source"
+        else result = "?"
+}
diff --git a/java/ql/src/Telemetry/JDKUsage.ql b/java/ql/src/Telemetry/JDKUsage.ql
@@ -12,4 +12,5 @@ where
   cu = call.getCompilationUnit() and
   isJavaRuntime(call) and
   isInterestingAPI(call)
-select cu, call as API, count(Call c | c.getCallee() = call) as calls order by calls desc
+select cu, call as API, supportKind(call) as Kind, count(Call c | c.getCallee() = call) as calls
+  order by calls desc
