Java: Generic Class Methods not connected when type parameter is unknown (build-mode=none)

[odipar]

The introduction of build-mode=none has been very helpful for us. This allows us to create (partial) CodeQL databases, without being forced to fully resolve (maven) dependencies. Sometimes this is convenient because some dependencies might not be easily resolvable.

That said, we also see many examples of Generic Classes and Methods in our codebases. Unfortunately, we cannot analyse (calls to) Generic Methods that are instantiated with type parameters that are unknown.

Note that, while the code of the type parameter T is unavailable, the code of the GenericClass<T> is available.

Example pseudo code

 class GenericClass<T>{
 public method(){... };
 };

 GenericClass<UnknownType> i1 = new GenericClass<>();
 i1.method(); // not connected
 GenericClass<Boolean> i2 = new GenericClass<>();
 i2.method(); // connected

See attached codeql_issue.zip zip file for a more thorough analysis of the issue.

[jketema]

Hi @odipar,

Thanks for your observation. I've asked the responsible team to have a closer look.

[jketema]

To follow up: we had a look, and this seems not completely trivial to fix. This mean I cannot really provide a timeline for when a fix might appear.

[kevinvandervlist]

Hi @jketema,

Thanks for the update. Please let us know if there is something we can do to help. For example, I also saw the ref to the internal CodeQL repo so if you want us to verify some things on more complicated codebase(s) that caused the problems we are happy to put in some work :)

[odipar]

hi @jketema,

Thanks for the follow up, much appreciated.