C++: Add cpp/extraction-information query

[paldepind]

This PR adds a cpp/telemetry/extraction-information query similar to the $LANG/telemetry/extraction-information query for Rust, Java, and C#.

The implementation is consistent with the other languages. For now the query only includes metrics for resolved calls. The difference between this metric and the "Calls with explicit target" in cpp/telemetry/extraction-metrics is that only call in the source are considered.

This distinction is important for evaluating BMN with dependency installation. In the table below the first row shows the existing metric and the remaining rows show the new metric for the project nmap.

We believe that dependency installation has a detrimental effect on this project, but the existing metric looks like an improvement. This is because a lot of additional calls are added in dependencies which causes the number to increase. We the new metric the degradation in the database is clear.

The new metric also shows clearly the quality difference between traced and BMN (irrespective of dependency installation).

	traced	BMN	BMN + deps inst
Existing call with explicit target	41,261	43,192	51,688
Percentage of calls with call target	100	79.18	71.709
Number of calls with call target	25,218	28,983	22,729
Number of calls with missing call target	0	7,621	8,967

In DCA this should populate the "Missing call targets, per source" that's produced for every language. In my DCA run it looks a bit weird (maybe because only one side had the query?). To get the other metrics as well we'll have to add new summaries to DCA.

Note that I didn't modify the existing cpp/telemetry/extraction-metrics for two reasons:

• Going forward I think we should use cpp/telemetry/extraction-information for consistency with other languages.
• I didn't want to break anything existing. Maybe cpp/telemetry/extraction-metrics is hooked up to some telemetry and dashboards?

[Copilot]

Pull request overview

Adds a C/C++ “extractor information” telemetry metric query to align C++ with other languages’ $LANG/telemetry/extraction-information reporting, focused initially on call-target resolution in source files.

Changes:

• Add cpp/telemetry/extraction-information metric query (ExtractorInformation.ql) based on CallTargetStatsReport.
• Introduce a new Telemetry/DatabaseQuality.qll library module that defines call-target quality stats restricted to source files.
• Update C++ query-suite .expected manifests to include the new telemetry query.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
cpp/ql/src/Telemetry/ExtractorInformation.ql	New C++ extractor-information metric query exporting call-target quality stats.
cpp/ql/src/Telemetry/DatabaseQuality.qll	New stats module feeding extractor-information with call-target quality metrics.
cpp/ql/integration-tests/query-suite/cpp-security-extended.qls.expected	Adds the new telemetry query to the expected suite contents.
cpp/ql/integration-tests/query-suite/cpp-security-and-quality.qls.expected	Adds the new telemetry query to the expected suite contents.
cpp/ql/integration-tests/query-suite/cpp-code-scanning.qls.expected	Adds the new telemetry query to the expected suite contents.

[jketema]

Note that I didn't modify the existing cpp/telemetry/extraction-metrics for two reasons:

Are we using it in DCA to get extraction stats out, or was that done differently?

[paldepind]

Note that I didn't modify the existing cpp/telemetry/extraction-metrics for two reasons:

Are we using it in DCA to get extraction stats out, or was that done differently?

Yes, we use cpp/telemetry/extraction-metrics to in DCA to create this table.

If we keep expanding on cpp/telemetry/extraction-information (like in other languages) then I'd think that we could eventually remove cpp/telemetry/extraction-metrics.

[jketema]

LGTM