New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Java: Tests for Automodel Extraction Queries #13788
base: main
Are you sure you want to change the base?
Conversation
c78c031
to
bee43b0
Compare
|
After merging #13747, this needed minor updates |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Glad to see tests! Some high level comments on structure before I get into checking the test cases themselves.
java/ql/test/query-tests/Telemetry/AutomodelApplicationModeExtractCandidates/Test.java
Outdated
Show resolved
Hide resolved
.../test/query-tests/Telemetry/AutomodelFrameworkModeExtractCandidates/java/nio/file/Files.java
Outdated
Show resolved
Hide resolved
|
following @adityasharad's comments, this has been restructured significantly. Before merging this, I'd like to squash these commits a bit. |
2a00bec
to
64d38ef
Compare
64d38ef
to
9c51f4d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good stuff. A few minor comments.
| @@ -0,0 +1,2 @@ | |||
| | Test.java:16:3:16:11 | reference | command-injection, path-injection, request-forgery, sql-injection\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:16:3:16:24 | set(...) | CallContext | file://java.util.concurrent.atomic:1:1:1:1 | java.util.concurrent.atomic | package | file://AtomicReference:1:1:1:1 | AtomicReference | type | file://false:1:1:1:1 | false | subtypes | file://set:1:1:1:1 | set | name | file://(String):1:1:1:1 | (String) | signature | file://Argument[this]:1:1:1:1 | Argument[this] | input | | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The path components of these file:// URIs are interesting. I see they are a string representation of the code element. This is coming from our custom getURL / hasLocationInfo implementation for metadata right?
(I would like to clean this up but that's not in scope for this PR. Just want to understand what they are.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, that's exactly right :)
...-tests/Telemetry/AutomodelFrameworkModeExtraction/com/github/codeql/test/NonPublicClass.java
Show resolved
Hide resolved
...ery-tests/Telemetry/AutomodelFrameworkModeExtraction/com/github/codeql/test/PublicClass.java
Show resolved
Hide resolved
In PR #13823, we had rewritten the endpoints that are being considered for framework mode. We used to use `DataFlow::ParameterNode` as endpoints. However, `ParameterNode`s do not exist for the implicit `this` parameter; they also do not exist for bodiless interface-methods. In PR #13823, we forgot to model that `this` only exists for non-static methods and to only consider parameters that we have source code for.
…rface-method parameter extraction
This PR adds some tests for the automodel extraction queries.
@adityasharadwill review this, but other reviewers are always welcome.java.io.Fileimplemented in the test suite. I find this much easier than the suggested implementation. I was hoping this would work, and I'm glad it does.How to review/Questions for the reviewers:
The reason why this only tests some of our queries (only the extraction queries; the queries share most of the implementations behind the scenes) is to manage the maintenance overhead of the test suites. LMK if you disagree with that and would like to see more test suites.