Advanced SAST performance degrades on large Java projects with wildcard imports

Description

Advanced SAST experiences significant performance degradation on large Java codebases when projects make extensive use of wildcard imports combined with qualified method calls.

The Challenge

When Java code uses wildcard imports and then makes method calls on imported classes, the analyzer must resolve where each class is defined. With wildcard imports, a class reference could originate from any class in the imported package, requiring broader search operations across the codebase.

At scale, this pattern creates a multiplicative effect: files × wildcard imports × method calls.

Example Pattern

import com.example.validation.*;
import com.example.forms.*;
import com.example.utils.*;

public class OrderProcessor {
    public void process(Order order) {
        ValidationResult result = Validator.validate(order);
        FormData data = FormBuilder.build(result);
        WebUtils.sendResponse(data);
    }
}

When this pattern repeats across thousands of files, each method call on an imported class (like Validator.validate(), FormBuilder.build(), WebUtils.sendResponse()) requires resolving where these classes are defined across the wildcard import space.