Description
The data flows described by the YAML files in https://github.com/github/codeql/tree/main/java/ql/lib/ext optionally contain method signatures, when the data only applies to specific overloads of the method by the given name. Typically these signatures have been specified using unqualified type references, as in the following examples:
codeql/java/ql/lib/ext/javax.json.model.yml
Lines 6 to 7 in 748387a
There are however also many cases, where qualified type names are used. Here are a few examples of this kind:
codeql/java/ql/lib/ext/org.springframework.util.model.yml
Lines 95 to 97 in 748387a
For the generated data the type references appear to consistently be unqualified.
While I don't know how CodeQL currently consumes these models, I would have expected it to be an advantage to always have fully qualified type references, to be able to unambiguously resolve the type references and in the end the method. Theoretically it would for instance be possible that a given library adds a new overload, where a parameter has the same unqualified name as another overload and that the CodeQL model could then not be resolved unambiguously anymore.
While all these models could probably be processed in an automated manner to consistently use qualified type names, it would probably make sense to introduce checks to ensure that no future models start using unqualified type names again.