Skip to content

Test: Add support for RelatedLocation tag and use in a JS query #18810

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Feb 25, 2025
Merged

Test: Add support for RelatedLocation tag and use in a JS query #18810

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
e2fe74c
JS: Add support for RelatedLocation tags
asgerf Feb 18, 2025
cd2c4d5
JS: Use post-processed inline test in MissingCsrfMiddleware
asgerf Feb 18, 2025
cd0fd02
Rust: Remove 'Source' annotations from same line as Alert
asgerf Feb 19, 2025
694f01a
Fix column count and add clarifying comment
asgerf Feb 25, 2025
ae161f1
Add meta-tests for inline expectation with related locations
asgerf Feb 25, 2025
92e1023
Update line numbers due to addition of new test code
asgerf Feb 25, 2025
5f2e5ab
Rename file and ID to match .qlref and other query
asgerf Feb 25, 2025
bb8f452
Fix bug when RelatedLocation was used with a query ID
asgerf Feb 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 37 additions & 12 deletions shared/util/codeql/util/test/InlineExpectationsTest.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -779,22 +779,33 @@ module TestPostProcessing {
)
}

private string getTagRegex() {
exists(string sourceSinkTags |
(
getQueryKind() = "problem"
or
not exists(getSourceTag(_)) and
not exists(getSinkTag(_))
) and
sourceSinkTags = ""
or
sourceSinkTags = "|" + getSourceTag(_) + "|" + getSinkTag(_)
bindingset[x, y]
private int exactDivide(int x, int y) { x % y = 0 and result = x / y }

/** Gets the `n`th related location selected in `row`. */
private TestLocation getRelatedLocation(int row, int n, string element) {
Comment on lines +785 to +786
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see n being used outside of the predicate, so maybe the predicate can be simplified?

n >= 0 and
exists(int column |
mainQueryResult(row, column, result) and
queryResults(mainResultSet(), row, column + 1, element)
|
result = "(Alert" + sourceSinkTags + ")(\\[(.*)\\])?"
getQueryKind() = "path-problem" and
n = exactDivide(column - 8, 3)
or
getQueryKind() = "problem" and
n = exactDivide(column - 3, 3)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's hard to figure out where these numbers come from, can you add an inline explanation to each line?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call. I added a clarifying comment and noticed a bug, namely that the 8 should have been a 7.

There was no path-problem query using related locations, so it didn't get caught initially. I went ahead and added some better tests for this as well.

)
}

private string getAnActiveTag() {
result = ["Alert", "RelatedLocation"]
or
getQueryKind() = "path-problem" and
result = ["Source", "Sink"]
}

private string getTagRegex() { result = "(" + concat(getAnActiveTag(), "|") + ")(\\[(.*)\\])?" }

/**
* A configuration for matching `// $ Source=foo` comments against actual
* path-problem sources.
Expand Down Expand Up @@ -878,6 +889,18 @@ module TestPostProcessing {
not hasPathProblemSink(row, location, _, _)
}

private predicate hasRelatedLocation(
int row, TestLocation location, string element, string tag
) {
getQueryKind() = ["problem", "path-problem"] and
location = getRelatedLocation(row, _, element) and
hasExpectationWithValue("RelatedLocation", _) and
tag = "RelatedLocation" and
not hasAlert(row, location, _, _) and
not hasPathProblemSource(row, location, _, _, _) and
not hasPathProblemSink(row, location, _, _)
}

/**
* Gets the expected value for result row `row`, if any. This value must
* match the value at the corresponding path-problem source (if it is
Expand All @@ -899,6 +922,8 @@ module TestPostProcessing {
hasPathProblemSink(row, location, element, tag)
or
hasAlert(row, location, element, tag)
or
hasRelatedLocation(row, location, element, tag)
|
not exists(getValue(row)) and value = ""
or
Expand Down