codeql icon indicating copy to clipboard operation
codeql copied to clipboard
verified publisher icon github

Java: Generic Class Methods not connected when type parameter is unknown (build-mode=none)

Open odipar opened this issue 7 months ago • 4 comments

The introduction of build-mode=none has been very helpful for us. This allows us to create (partial) CodeQL databases, without being forced to fully resolve (maven) dependencies. Sometimes this is convenient because some dependencies might not be easily resolvable.

That said, we also see many examples of Generic Classes and Methods in our codebases. Unfortunately, we cannot analyse (calls to) Generic Methods that are instantiated with type parameters that are unknown.

Note that, while the code of the type parameter T is unavailable, the code of the GenericClass<T> is available.

Example pseudo code

 class GenericClass<T> { 
      public method() { ...  };
  };

  GenericClass<UnknownType> i1 = new GenericClass<>();
  i1.method(); // not connected
  GenericClass<Boolean> i2 = new GenericClass<>();
  i2.method(); // connected

See attached codeql_issue.zip zip file for a more thorough analysis of the issue.

odipar avatar May 20 '25 12:05 odipar

Hi @odipar,

Thanks for your observation. I've asked the responsible team to have a closer look.

jketema avatar May 20 '25 12:05 jketema

To follow up: we had a look, and this seems not completely trivial to fix. This mean I cannot really provide a timeline for when a fix might appear.

jketema avatar May 21 '25 13:05 jketema

Hi @jketema,

Thanks for the update. Please let us know if there is something we can do to help. For example, I also saw the ref to the internal CodeQL repo so if you want us to verify some things on more complicated codebase(s) that caused the problems we are happy to put in some work :)

kevinvandervlist avatar May 22 '25 06:05 kevinvandervlist

hi @jketema,

Thanks for the follow up, much appreciated.

odipar avatar May 27 '25 13:05 odipar