Add option to filter automodel queries by package.

github · Jul 31, 2023 · 0c11668 · 0c11668
1 parent 4656130
commit 0c11668
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 0 deletions.
diff --git a/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql
@@ -66,6 +66,7 @@ where
   // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it.
   not CharacteristicsImpl::isSink(endpoint, _, _) and
   meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input) and
+  automodelCandidateFilter(package) and
   // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be
   // a non-sink, and we surface only endpoints that have at least one such sink type.
   message =

diff --git a/java/ql/src/Telemetry/AutomodelCandidateFilter.yml b/java/ql/src/Telemetry/AutomodelCandidateFilter.yml
@@ -0,0 +1,5 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-queries
+      extensible: automodelCandidatePackageFilter
+    data: []
diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql
@@ -30,6 +30,7 @@ where
   // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it.
   not CharacteristicsImpl::isSink(endpoint, _, _) and
   meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input, parameterName) and
+  automodelCandidateFilter(package) and
   // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be
   // a non-sink, and we surface only endpoints that have at least one such sink type.
   message =

diff --git a/java/ql/src/Telemetry/AutomodelJavaUtil.qll b/java/ql/src/Telemetry/AutomodelJavaUtil.qll
@@ -66,3 +66,22 @@ boolean considerSubtypes(Callable callable) {
   then result = false
   else result = true
 }
+
+/**
+ * Holds if the given package is a candidate for automodeling.
+ *
+ * This predicate is extensible, so that different packages can be selected at runtime.
+ */
+extensible predicate automodelCandidatePackageFilter(string package);
+
+/**
+ * Holds if the given package is a candidate for automodeling.
+ *
+ * This relies on an extensible predicate, and if that is not supplied then
+ * all packages are considered candidates.
+ */
+bindingset[package]
+predicate automodelCandidateFilter(string package) {
+  not automodelCandidatePackageFilter(_) or
+  automodelCandidatePackageFilter(package)
+}
diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml
@@ -12,4 +12,5 @@ dependencies:
   codeql/util: ${workspace}
 dataExtensions:
   - Telemetry/ExtractorInformation.yml
+  - Telemetry/AutomodelCandidateFilter.yml
 warnOnImplicitThis: true