Merge pull request #13498 from jketema/inline-4

Rework more inline expectation tests to use the parameterized module

Author: jketema

go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/test.expected

@@ -0,0 +1,2 @@
+failures
+testFailures

go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/test.ql

@@ -1,12 +1,10 @@
 import go
 import TestUtilities.InlineExpectationsTest
 
-class UntrustedFlowSourceTest extends InlineExpectationsTest {
-  UntrustedFlowSourceTest() { this = "untrustedflowsource" }
+module UntrustedFlowSourceTest implements TestSig {
+  string getARelevantTag() { result = "untrustedflowsource" }
 
-  override string getARelevantTag() { result = "untrustedflowsource" }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
+  predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "untrustedflowsource" and
     value = element and
     exists(UntrustedFlowSource src | value = "\"" + src.toString() + "\"" |
@@ -16,12 +14,10 @@ class UntrustedFlowSourceTest extends InlineExpectationsTest {
   }
 }
 
-class HeaderWriteTest extends InlineExpectationsTest {
-  HeaderWriteTest() { this = "headerwrite" }
-
-  override string getARelevantTag() { result = "headerwrite" }
+module HeaderWriteTest implements TestSig {
+  string getARelevantTag() { result = "headerwrite" }
 
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
+  predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "headerwrite" and
     exists(Http::HeaderWrite hw, string name, string val | element = hw.toString() |
       hw.definesHeader(name, val) and
@@ -32,12 +28,10 @@ class HeaderWriteTest extends InlineExpectationsTest {
   }
 }
 
-class LoggerTest extends InlineExpectationsTest {
-  LoggerTest() { this = "LoggerTest" }
-
-  override string getARelevantTag() { result = "logger" }
+module LoggerTest implements TestSig {
+  string getARelevantTag() { result = "logger" }
 
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
+  predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(LoggerCall log |
       log.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
         location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
@@ -48,32 +42,32 @@ class LoggerTest extends InlineExpectationsTest {
   }
 }
 
-class Config extends TaintTracking::Configuration {
-  Config() { this = "goproxy config" }
-
-  override predicate isSource(DataFlow::Node n) {
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) {
     n = any(DataFlow::CallNode c | c.getCalleeName().matches("tainted%")).getResult()
   }
 
-  override predicate isSink(DataFlow::Node n) {
+  predicate isSink(DataFlow::Node n) {
     n = any(DataFlow::CallNode cn | cn.getTarget().getName() = "sink").getAnArgument()
   }
 }
 
-class TaintFlow extends InlineExpectationsTest {
-  TaintFlow() { this = "goproxy flow" }
+module Flow = TaintTracking::Global<Config>;
 
-  override string getARelevantTag() { result = "taintflow" }
+module TaintFlow implements TestSig {
+  string getARelevantTag() { result = "taintflow" }
 
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
+  predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "taintflow" and
     value = "" and
     element = "" and
-    exists(Config c, DataFlow::Node toNode |
+    exists(DataFlow::Node toNode |
       toNode
           .hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
             location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      c.hasFlowTo(toNode)
+      Flow::flowTo(toNode)
     )
   }
 }
+
+import MakeTest<MergeTests4<UntrustedFlowSourceTest, HeaderWriteTest, LoggerTest, TaintFlow>>

go/ql/test/library-tests/semmle/go/frameworks/SQL/QueryString.expected

@@ -0,0 +1,2 @@
+failures
+testFailures

go/ql/test/library-tests/semmle/go/frameworks/SQL/QueryString.ql

@@ -1,12 +1,10 @@
 import go
 import TestUtilities.InlineExpectationsTest
 
-class SqlTest extends InlineExpectationsTest {
-  SqlTest() { this = "SQLTest" }
+module SqlTest implements TestSig {
+  string getARelevantTag() { result = "query" }
 
-  override string getARelevantTag() { result = "query" }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
+  predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "query" and
     exists(SQL::Query q, SQL::QueryString qs | qs = q.getAQueryString() |
       q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
@@ -17,12 +15,10 @@ class SqlTest extends InlineExpectationsTest {
   }
 }
 
-class QueryString extends InlineExpectationsTest {
-  QueryString() { this = "QueryString no Query" }
-
-  override string getARelevantTag() { result = "querystring" }
+module QueryString implements TestSig {
+  string getARelevantTag() { result = "querystring" }
 
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
+  predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "querystring" and
     element = "" and
     exists(SQL::QueryString qs | not exists(SQL::Query q | qs = q.getAQueryString()) |
@@ -33,30 +29,30 @@ class QueryString extends InlineExpectationsTest {
   }
 }
 
-class Config extends TaintTracking::Configuration {
-  Config() { this = "pg-orm config" }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) { n.asExpr() instanceof StringLit }
 
-  override predicate isSource(DataFlow::Node n) { n.asExpr() instanceof StringLit }
-
-  override predicate isSink(DataFlow::Node n) {
+  predicate isSink(DataFlow::Node n) {
     n = any(DataFlow::CallNode cn | cn.getTarget().getName() = "sink").getAnArgument()
   }
 }
 
-class TaintFlow extends InlineExpectationsTest {
-  TaintFlow() { this = "pg-orm flow" }
+module Flow = TaintTracking::Global<Config>;
 
-  override string getARelevantTag() { result = "flowfrom" }
+module TaintFlow implements TestSig {
+  string getARelevantTag() { result = "flowfrom" }
 
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
+  predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "flowfrom" and
     element = "" and
-    exists(Config c, DataFlow::Node fromNode, DataFlow::Node toNode |
+    exists(DataFlow::Node fromNode, DataFlow::Node toNode |
       toNode
           .hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
             location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      c.hasFlow(fromNode, toNode) and
+      Flow::flow(fromNode, toNode) and
       value = fromNode.asExpr().(StringLit).getValue()
     )
   }
 }
+
+import MakeTest<MergeTests3<SqlTest, QueryString, TaintFlow>>

go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.expected

@@ -0,0 +1,2 @@
+failures
+testFailures

go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.ql

@@ -11,32 +11,29 @@ DataFlow::CallNode getAYamlCall() {
   isYamlFunction(result.getACalleeIncludingExternals().asFunction())
 }
 
-class TaintTransitsFunctionConfig extends TaintTracking::Configuration {
-  TaintTransitsFunctionConfig() { this = "TaintTransitsFunctionConfig" }
-
-  predicate isSourceSinkPair(DataFlow::Node inNode, DataFlow::Node outNode) {
-    exists(DataFlow::CallNode cn | cn = getAYamlCall() |
-      inNode = [cn.getAnArgument(), cn.getReceiver()] and
-      (
-        outNode.(DataFlow::PostUpdateNode).getPreUpdateNode() =
-          [cn.getAnArgument(), cn.getReceiver()]
-        or
-        outNode = cn.getAResult()
-      )
+predicate isSourceSinkPair(DataFlow::Node inNode, DataFlow::Node outNode) {
+  exists(DataFlow::CallNode cn | cn = getAYamlCall() |
+    inNode = [cn.getAnArgument(), cn.getReceiver()] and
+    (
+      outNode.(DataFlow::PostUpdateNode).getPreUpdateNode() = [cn.getAnArgument(), cn.getReceiver()]
+      or
+      outNode = cn.getAResult()
     )
-  }
+  )
+}
 
-  override predicate isSource(DataFlow::Node n) { this.isSourceSinkPair(n, _) }
+module TaintTransitsFunctionConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) { isSourceSinkPair(n, _) }
 
-  override predicate isSink(DataFlow::Node n) { this.isSourceSinkPair(_, n) }
+  predicate isSink(DataFlow::Node n) { isSourceSinkPair(_, n) }
 }
 
-class TaintFunctionModelTest extends InlineExpectationsTest {
-  TaintFunctionModelTest() { this = "TaintFunctionModelTest" }
+module TaintTransitsFunctionFlow = TaintTracking::Global<TaintTransitsFunctionConfig>;
 
-  override string getARelevantTag() { result = "ttfnmodelstep" }
+module TaintFunctionModelTest implements TestSig {
+  string getARelevantTag() { result = "ttfnmodelstep" }
 
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
+  predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "ttfnmodelstep" and
     (
       exists(TaintTracking::FunctionModel model, DataFlow::CallNode call | call = model.getACall() |
@@ -46,9 +43,9 @@ class TaintFunctionModelTest extends InlineExpectationsTest {
         value = "\"" + model.getAnInputNode(call) + " -> " + model.getAnOutputNode(call) + "\""
       )
       or
-      exists(TaintTransitsFunctionConfig config, DataFlow::Node arg, DataFlow::Node output |
-        config.hasFlow(arg, output) and
-        config.isSourceSinkPair(arg, output) and
+      exists(DataFlow::Node arg, DataFlow::Node output |
+        TaintTransitsFunctionFlow::flow(arg, output) and
+        isSourceSinkPair(arg, output) and
         arg.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
           location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
         element = arg.toString() and
@@ -58,12 +55,10 @@ class TaintFunctionModelTest extends InlineExpectationsTest {
   }
 }
 
-class MarshalerTest extends InlineExpectationsTest {
-  MarshalerTest() { this = "MarshalerTest" }
-
-  override string getARelevantTag() { result = "marshaler" }
+module MarshalerTest implements TestSig {
+  string getARelevantTag() { result = "marshaler" }
 
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
+  predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "marshaler" and
     exists(MarshalingFunction m, DataFlow::CallNode call | call = m.getACall() |
       call.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
@@ -76,12 +71,10 @@ class MarshalerTest extends InlineExpectationsTest {
   }
 }
 
-class UnmarshalerTest extends InlineExpectationsTest {
-  UnmarshalerTest() { this = "UnmarshalerTest" }
+module UnmarshalerTest implements TestSig {
+  string getARelevantTag() { result = "unmarshaler" }
 
-  override string getARelevantTag() { result = "unmarshaler" }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
+  predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "unmarshaler" and
     exists(UnmarshalingFunction m, DataFlow::CallNode call | call = m.getACall() |
       call.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
@@ -93,3 +86,5 @@ class UnmarshalerTest extends InlineExpectationsTest {
     )
   }
 }
+
+import MakeTest<MergeTests3<TaintFunctionModelTest, MarshalerTest, UnmarshalerTest>>

python/ql/test/experimental/dataflow/TestUtil/DataflowQueryTest.qll

@@ -3,12 +3,10 @@ import semmle.python.dataflow.new.DataFlow
 import TestUtilities.InlineExpectationsTest
 private import semmle.python.dataflow.new.internal.PrintNode
 
-class DataFlowQueryTest extends InlineExpectationsTest {
-  DataFlowQueryTest() { this = "DataFlowQueryTest" }
+module DataFlowQueryTest implements TestSig {
+  string getARelevantTag() { result = "result" }
 
-  override string getARelevantTag() { result = "result" }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
+  predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(DataFlow::Configuration cfg, DataFlow::Node sink | cfg.hasFlowTo(sink) |
       location = sink.getLocation() and
       tag = "result" and
@@ -22,7 +20,7 @@ class DataFlowQueryTest extends InlineExpectationsTest {
   // Sometimes a line contains both an alert and a safe sink.
   // In this situation, the annotation form `OK(safe sink)`
   // can be useful.
-  override predicate hasOptionalResult(Location location, string element, string tag, string value) {
+  predicate hasOptionalResult(Location location, string element, string tag, string value) {
     exists(DataFlow::Configuration cfg, DataFlow::Node sink |
       cfg.isSink(sink) or cfg.isSink(sink, _)
     |
@@ -34,6 +32,8 @@ class DataFlowQueryTest extends InlineExpectationsTest {
   }
 }
 
+import MakeTest<DataFlowQueryTest>
+
 query predicate missingAnnotationOnSink(Location location, string error, string element) {
   error = "ERROR, you should add `# $ MISSING: result=BAD` or `result=OK` annotation" and
   exists(DataFlow::Node sink |
@@ -42,13 +42,13 @@ query predicate missingAnnotationOnSink(Location location, string error, string
     location = sink.getLocation() and
     element = prettyExpr(sink.asExpr()) and
     not exists(DataFlow::Configuration cfg | cfg.hasFlowTo(sink)) and
-    not exists(FalseNegativeExpectation missingResult |
+    not exists(FalseNegativeTestExpectation missingResult |
       missingResult.getTag() = "result" and
       missingResult.getValue() = "BAD" and
       missingResult.getLocation().getFile() = location.getFile() and
       missingResult.getLocation().getStartLine() = location.getStartLine()
     ) and
-    not exists(GoodExpectation okResult |
+    not exists(GoodTestExpectation okResult |
       okResult.getTag() = "result" and
       okResult.getValue() in ["OK", "OK(" + prettyNode(sink) + ")"] and
       okResult.getLocation().getFile() = location.getFile() and

python/ql/test/experimental/dataflow/TestUtil/FlowTest.qll

@@ -3,22 +3,21 @@ import semmle.python.dataflow.new.DataFlow
 import TestUtilities.InlineExpectationsTest
 private import semmle.python.dataflow.new.internal.PrintNode
 
-abstract class FlowTest extends InlineExpectationsTest {
-  bindingset[this]
-  FlowTest() { any() }
+signature module FlowTestSig {
+  string flowTag();
 
-  abstract string flowTag();
-
-  abstract predicate relevantFlow(DataFlow::Node fromNode, DataFlow::Node toNode);
+  predicate relevantFlow(DataFlow::Node fromNode, DataFlow::Node toNode);
+}
 
-  override string getARelevantTag() { result = this.flowTag() }
+private module FlowTest<FlowTestSig Impl> implements TestSig {
+  string getARelevantTag() { result = Impl::flowTag() }
 
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(DataFlow::Node fromNode, DataFlow::Node toNode | this.relevantFlow(fromNode, toNode) |
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(DataFlow::Node fromNode, DataFlow::Node toNode | Impl::relevantFlow(fromNode, toNode) |
       location = toNode.getLocation() and
-      tag = this.flowTag() and
+      tag = Impl::flowTag() and
       value =
-        "\"" + prettyNode(fromNode).replaceAll("\"", "'") + this.lineStr(fromNode, toNode) + " -> " +
+        "\"" + prettyNode(fromNode).replaceAll("\"", "'") + lineStr(fromNode, toNode) + " -> " +
           prettyNode(toNode).replaceAll("\"", "'") + "\"" and
       element = toNode.toString()
     )
@@ -38,3 +37,11 @@ abstract class FlowTest extends InlineExpectationsTest {
     )
   }
 }
+
+module MakeFlowTest<FlowTestSig Impl> {
+  import MakeTest<FlowTest<Impl>>
+}
+
+module MakeFlowTest2<FlowTestSig Impl1, FlowTestSig Impl2> {
+  import MakeTest<MergeTests<FlowTest<Impl1>, FlowTest<Impl2>>>
+}

python/ql/test/experimental/dataflow/TestUtil/LocalFlowStepTest.qll

@@ -2,12 +2,12 @@ import python
 import semmle.python.dataflow.new.DataFlow
 import FlowTest
 
-class LocalFlowStepTest extends FlowTest {
-  LocalFlowStepTest() { this = "LocalFlowStepTest" }
+module LocalFlowStepTest implements FlowTestSig {
+  string flowTag() { result = "step" }
 
-  override string flowTag() { result = "step" }
-
-  override predicate relevantFlow(DataFlow::Node fromNode, DataFlow::Node toNode) {
+  predicate relevantFlow(DataFlow::Node fromNode, DataFlow::Node toNode) {
     DataFlow::localFlowStep(fromNode, toNode)
   }
 }
+
+import MakeFlowTest<LocalFlowStepTest>