Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Java: Tests for Automodel Extraction Queries #13788

Open
wants to merge 18 commits into
base: main
Choose a base branch
from

Conversation

kaeluka
Copy link
Contributor

@kaeluka kaeluka commented Jul 21, 2023

This PR adds some tests for the automodel extraction queries. @adityasharad will review this, but other reviewers are always welcome.

  • The tests come with hand-written Java code, so that they can also serve as documentation of intent (see the comments in the java files).
  • This does only add tests, not change the queries themselves (edit: an exception: fixed a badly named query).
  • Taus suggested, in the (backref'd) issue to add some models just for testing. I've found this to not be necessary, as we can easily test modeled classes by 're-implementing' them. Eg., there's a class java.io.File implemented in the test suite. I find this much easier than the suggested implementation. I was hoping this would work, and I'm glad it does.

How to review/Questions for the reviewers:

  • We'll add more test cases to these suites as we maintain the queries, but are there important features you'd like to see tested straight away?
  • Do you have out of the box ideas to improve this?
  • The intention is to set up a small test-suite that'll make it easier to add tests of new and existing behaviour in the future.
    The reason why this only tests some of our queries (only the extraction queries; the queries share most of the implementations behind the scenes) is to manage the maintenance overhead of the test suites. LMK if you disagree with that and would like to see more test suites.

@github-actions github-actions bot added the Java label Jul 21, 2023
@kaeluka kaeluka changed the title Tests for Automodel Extraction Queries Java: Tests for Automodel Extraction Queries Jul 21, 2023
@kaeluka kaeluka force-pushed the kaeluka/automodel-telemetry-testing branch from c78c031 to bee43b0 Compare July 24, 2023 08:34
@kaeluka kaeluka marked this pull request as ready for review July 24, 2023 10:08
@kaeluka kaeluka requested a review from a team as a code owner July 24, 2023 10:08
@kaeluka
Copy link
Contributor Author

kaeluka commented Jul 24, 2023

After merging #13747, this needed minor updates 👍

@kaeluka kaeluka added the no-change-note-required This PR does not need a change note label Jul 24, 2023
Copy link
Collaborator

@adityasharad adityasharad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Glad to see tests! Some high level comments on structure before I get into checking the test cases themselves.

@kaeluka
Copy link
Contributor Author

kaeluka commented Jul 25, 2023

following @adityasharad's comments, this has been restructured significantly. Before merging this, I'd like to squash these commits a bit.

@kaeluka kaeluka force-pushed the kaeluka/automodel-telemetry-testing branch from 2a00bec to 64d38ef Compare July 26, 2023 09:09
Copy link
Collaborator

@adityasharad adityasharad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good stuff. A few minor comments.

@@ -0,0 +1,2 @@
| Test.java:16:3:16:11 | reference | command-injection, path-injection, request-forgery, sql-injection\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:16:3:16:24 | set(...) | CallContext | file://java.util.concurrent.atomic:1:1:1:1 | java.util.concurrent.atomic | package | file://AtomicReference:1:1:1:1 | AtomicReference | type | file://false:1:1:1:1 | false | subtypes | file://set:1:1:1:1 | set | name | file://(String):1:1:1:1 | (String) | signature | file://Argument[this]:1:1:1:1 | Argument[this] | input |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The path components of these file:// URIs are interesting. I see they are a string representation of the code element. This is coming from our custom getURL / hasLocationInfo implementation for metadata right?

(I would like to clean this up but that's not in scope for this PR. Just want to understand what they are.)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, that's exactly right :)

In PR #13823, we had rewritten the endpoints that are being considered for framework mode. We used to use `DataFlow::ParameterNode` as endpoints.
However, `ParameterNode`s do not exist for the implicit `this` parameter; they also do not exist for bodiless interface-methods.

In PR #13823, we forgot to model that `this` only exists for non-static methods and to only consider parameters that we have source code for.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Java no-change-note-required This PR does not need a change note
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants