Java: Automodel Framework Mode Extraction Queries

[kaeluka]

For extraction of automodel candidates from method declarations in "framework mode".

This PR contributes three new queries that extract a) candidates, b) positive prompt samples, c) negative prompt samples.

What's new here is: in framework mode, the 'endpoints' we consider are no longer the arguments passed to method calls. Instead, the endpoints we consider are parameter declarations in methods.

Notes:

• I built this code in a fairly modular way — the AutomodelSharedCharacteristics module is language agnostic (it might be moved to a different location later on).
  • The idea is that, by implementing a AutomodelSharedCharacteristics::CandidateSig, you can derive a bunch of characteristics 'for free'. Enough, I expect, to have useful behaviour straight out of the gate. The AutomodelSharedCharacteristics::CandidateSig interface is very generic — it should be possible to implement this for a very wide range of use cases. If you can think of important use cases where we'd not be able to implement AutomodelSharedCharacteristics::CandidateSig, that'd be useful feedback.
  • Even though you get characteristics for free, it's easy as ever to implement your own, language specific ones in addition by extending the abstract characteristics classes exported from your instantiation of AutomodelSharedCharacteristics::SharedCharacteristics. Examples of how to do this are all characteristics in AutomodelEndpointCharacteristics.qll.
• The modular approach would be useful, should we decide to move the other mode (where endpoints are arguments) here as well. AFAICT, this transition should be rather easy.
• The most recent DCA experiment running the three queries on nightly.yml is here: https://github.com/github/codeql-dca-main/issues/12741 A Java Team reviewer might want to use this to a) download a sarif file and b) confirm, for an arbitrary class or two, that the whole public interface is exported as candidates (unless things that are already modeled, those should be exported as positive or negative samples).
• All the Java-specific imports in java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll are private imports — this means that the queries will be as language agnostic as possible and we should be able to very quickly port the query files to other modes or even languages later on :) There's other ways to achieve easy portability, but for the time being I chose to go with the simple route.
• The most noteworthy feature I couldn't port over from the 'application mode' branch (tiferet/codex) is to mark known sanitizers as non-sinks. This is because sanitizers are not implemented in MaD, and the manually-implemented QL predicates are surfacing arguments, not parameters. When testing this, we should see how much of a problem this is in practice. If it is a problem, we should discuss either how much work it would be to have sanitizer MaD models, or use an approximate solution that'd work for many cases, but not all. I'm optimistic it won't come to that, though 🤞

[github-advanced-security]

CodeQL found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.

[kaeluka]

https://github.com/github/codeql-dca-main/issues/12666 DCA experiment containing some data to use

[kaeluka]

https://github.com/github/codeql-dca-main/issues/12694 <- DCA experiment that will hopefully also contain positive training data once finished :-)

[kaeluka]

Jean, I've renamed the query files

[kaeluka]

I ran a DCA experiment, and the metadata is passed correctly! See backref.

@atorralba, I think this is now ready to merge.. could I get an approve? 👍

[atorralba]

Do you mind if I merge my outstanding QLDoc suggestions first?

[kaeluka]

Which ones do you mean, @atorralba? Have I missed any? Sure, go ahead 👍

[kaeluka]

@atorralba sorry to be a bother, but ql-for-ql complained; tests were green otherwise. Could you re-approve?

[jhelie]

🚀