Skip to content

Java: Exclude qualifier argument for existing models #13747

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 24, 2023
Merged

Java: Exclude qualifier argument for existing models #13747

merged 5 commits into from
Jul 24, 2023

Conversation

tausbn
Copy link
Contributor

@tausbn tausbn commented Jul 14, 2023
edited
Loading

Excludes candidates for Argument[this] where we already have a model that covers a different argument of the containing call.

@tausbn
Java: Exclude qualifier argument for existing models
6793bc6 
Excludes candadites for `Argument[this]` where we already have a model that covers a
different argument of the containing call.
@tausbn tausbn added the no-change-note-required This PR does not need a change note label Jul 14, 2023
@tausbn tausbn requested a review from a team as a code owner July 14, 2023 12:28
@github-actions github-actions bot added the Java label Jul 14, 2023
@tausbn
Java: Revert definition of isNeutral
6b425f1 
Reverts the change made in
daf2743

With the change in the aforementioned commit, we were extracting candidates for endpoints that
had a neutral _summary_ model. These are bad candidates, as they have already been triaged.
kaeluka
kaeluka previously approved these changes Jul 14, 2023
View reviewed changes
Copy link
Contributor

@kaeluka kaeluka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you :) <3 ✨ :shipit:

@jhelie
Copy link
Contributor

jhelie commented Jul 19, 2023

Should we merge this or do we need input from @github/codeql-java ?

@atorralba
Copy link
Contributor

atorralba commented Jul 19, 2023
edited
Loading

Does this exclusion require that the models are manual? Otherwise this could increasingly become a problem, as more and more AI-generated models come into play, because those don't guarantee any completeness regarding the rest of the parameters of the related callable.

@kaeluka
Copy link
Contributor

kaeluka commented Jul 21, 2023

This comment is 10/10, @atorralba — really well spotted ❤️! I'm taking this PR over, as Taus is 🌴, and just pushed a fix to this. Could you take a look?

atorralba
atorralba reviewed Jul 21, 2023
View reviewed changes
Copy link
Contributor

@atorralba atorralba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a small suggestion to further improve OtherArgumentToModeledMethodCharacteristic::appliesToEndpoint, but otherwise LGTM 👍

java/ql/src/Telemetry/AutomodelApplicationModeCharacteristics.qll Outdated
Comment on lines 335 to 336
c = otherSink.asExpr().(Argument).getCall() and
e.asExpr() in [c.getQualifier(), c.getAnArgument()] and
Copy link
Contributor

@atorralba atorralba Jul 21, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't going to always work if otherSink is an instance argument (this), or if either e or otherSink are variadic arguments. I think we could take advantage of ArgumentNode here:

Suggested change
c = otherSink.asExpr().(Argument).getCall() and
e.asExpr() in [c.getQualifier(), c.getAnArgument()] and
e.getCall() = otherSink.(ArgumentNode).getCall()

This implies that Call c isn't needed at the exists, and that we add a getCall predicate to ArgumentNode. If we also considered ImplicitVarargsArray as part of the definition of ArgumentNode it would be the cherry on top:

private class ArgumentNode extends DataFlow::Node {
  Call c;

  ArgumentNode() {
    exists(Argument arg | this.asExpr() = arg and not arg.isVararg() and c = arg.getCall())
    or
    this.(DataFlow::ImplicitVarargsArray).getCall() = c
    or
    this = DataFlow::getInstanceArgument(c)
  }

  Call getCall() { result = c }
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

13027a1 I think this commit implements your suggestion :) thank you :) :)

@kaeluka kaeluka self-assigned this Jul 24, 2023
@kaeluka kaeluka merged commit 2582b08 into main Jul 24, 2023
@kaeluka kaeluka deleted the tausbn/exclude-qualifier-argument-for-existing-models branch July 24, 2023 14:26
@kaeluka kaeluka mentioned this pull request Jul 24, 2023
Merged
kaeluka added a commit that referenced this pull request Jul 24, 2023
@kaeluka
Java: update extraction query tests after merging PR #13747
2ac951e
kaeluka added a commit that referenced this pull request Jul 26, 2023
@kaeluka
Java: update extraction query tests after merging PR #13747
aee4fa7
kaeluka added a commit that referenced this pull request Jul 26, 2023
@kaeluka
Java: update extraction query tests after merging PR #13747
63f216d
kaeluka added a commit that referenced this pull request Aug 1, 2023
@kaeluka
Java: update extraction query tests after merging PR #13747
37b6b46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaeluka kaeluka kaeluka left review comments

@atorralba atorralba atorralba approved these changes

Assignees

@kaeluka kaeluka

Labels
Java no-change-note-required This PR does not need a change note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tausbn @jhelie @atorralba @kaeluka