Help: Query for Java methods with and without bodies using CodeQL and chaining queries

[oriana19993926782]

Hello CodeQL community,

I am trying to extract all the method names from a Java project using CodeQL. My objective is to list down all the methods, and if the method has a body, I would like to retrieve the method body as well. But the trouble is to achieve this goal with one query.

I tried the following query:

import java

from Method m
select m, m.getBody()

However, I realized that this query only retrieves methods that have bodies and it omits methods without bodies. I have prompted GPT-4 dozens of times, but it kept giving me syntax errors and used grammar that doesn't exist in CodeQL.

In addition to the above, I have another question: Is it possible in CodeQL to first write and run a query, save its results, and then write another query that builds upon the results of the first query?

For instance, in the example I provided above, can I first query all method(names), save the results in a CSV file, and then write another query that reads from the CSV file to select the body of each method if any?

Could someone guide me on how to modify the initial query to include methods without bodies as well? And provide insights on my second question about chaining queries?

Any help or guidance would be greatly appreciated!

Thank you!

[smowton]

Method bodies: these aren't stored in the CodeQL database, but the file and lines where the method can be found are. Try using m.getLocation().getFile().getAbsolutePath(), m.getLocation().getStartLine(), EndLine, StartColumn and EndColumn.

Storing data and then importing it into a subsequent query run can be done using an external predicate and the --external command-line option to codeql query run and related commands, or using extensible predicates which are defined in YAML files as part of a qlpack, is is currently done for the predicates in https://codeql.github.com/codeql-standard-libraries/go/semmle/go/dataflow/ExternalFlowExtensions.qll/module.ExternalFlowExtensions.html . However, both of these mechanisms are very unusual use-cases and it is much more normal to simply re-derive the intermediate result (e.g., the list of methods you're interested in) and calculate your ultimate desired result based on that, relying on CodeQL's caches to avoid needlessly repeated work.

[aibaars]

With CodeQL you cannot select things that do not exist, and CodeQL does not have a NULL value like SQL does. You could run two queries, one selecting all methods that have a body and another selecting all methods that do not have a body where not exists(m.getBody()).

Alternatively, you could select a dummy value for methods that do not have a body (for example an empty Location):

import java

class EmptyLocation extends Location {
  EmptyLocation() { this.hasLocationInfo("", 0, 0, 0, 0) }
}

from Method m, Location body
where
  body = m.getBody().getLocation()
  or
  not exists(m.getBody()) and body instanceof EmptyLocation and m.fromSource()
select m, body

Note that I used m.fromSource() to only select methods defined in source code. If you want to include all methods found in .jar and .class files too, then simply remove that restriction.

If you like a result that is formatted as if they were CodeScanning alerts, then the following should work. Here the trick is to use a format string that contains either one $@ or none. If the format string has no $@ then the dummy body and text columns are ignored when interpreting the result as an "alert" message.

/**
 * @id methods
 * @kind problem
 * @severity info
 */

import java

from Method m, Top body, string format, string text
where
  body = m.getBody() and format = "body: $@" and text = body.toString()
  or
  not exists(m.getBody()) and body = m and format = "no body" and text = "" and m.fromSource()
select m, format, body, text

[alibrahimzada]

Hi @aibaars,

Suppose I have the following method that I want to extract (declaration + body):

111    public static <V, WE, G extends Graph<V, WE>>
112            SpanningWeightedEdgeMapperBuilder<V, WE> minimumSpanningTree(G graph) {
113        graph = checkNotNull(graph, "Minimum spanning tree can not be calculated on null graph");
114        return new DefaultSpanningWeightedEdgeMapperBuilder<V, WE>(graph);
115    }

I don't know how to write a query to return the location between 111 - 115. My current query returns two locations:

1. m.getLocation(): this returns the location of minimumSpanningTree in line 112 (I consider this as my start line).
2. m.getBody().getLocation(): this returns the location of the method body. I then consider the end line here as the end of method.

this assumption is mostly correct because the method name is rarely written in the second line of the method. thats why it fails for the example above because the start line misses public static <V, WE, G extends Graph<V, WE>>. Any solutions?