Merge pull request github#10999 from RasmusWL/inline-fail-tag

InlineExpectationsTest: Fail if missing `getARelevantTag`

Author: RasmusWL

cpp/ql/test/TestUtilities/InlineExpectationsTest.qll

@@ -137,6 +137,7 @@ abstract class InlineExpectationsTest extends string {
   final predicate hasFailureMessage(FailureLocatable element, string message) {
     exists(ActualResult actualResult |
       actualResult.getTest() = this and
+      actualResult.getTag() = this.getARelevantTag() and
       element = actualResult and
       (
         exists(FalseNegativeExpectation falseNegative |
@@ -150,9 +151,18 @@ abstract class InlineExpectationsTest extends string {
       )
     )
     or
+    exists(ActualResult actualResult |
+      actualResult.getTest() = this and
+      not actualResult.getTag() = this.getARelevantTag() and
+      element = actualResult and
+      message =
+        "Tag mismatch: Actual result with tag '" + actualResult.getTag() +
+          "' that is not part of getARelevantTag()"
+    )
+    or
     exists(ValidExpectation expectation |
       not exists(ActualResult actualResult | expectation.matchesActualResult(actualResult)) and
-      expectation.getTag() = getARelevantTag() and
+      expectation.getTag() = this.getARelevantTag() and
       element = expectation and
       (
         expectation instanceof GoodExpectation and

csharp/ql/test/TestUtilities/InlineExpectationsTest.qll

@@ -137,6 +137,7 @@ abstract class InlineExpectationsTest extends string {
   final predicate hasFailureMessage(FailureLocatable element, string message) {
     exists(ActualResult actualResult |
       actualResult.getTest() = this and
+      actualResult.getTag() = this.getARelevantTag() and
       element = actualResult and
       (
         exists(FalseNegativeExpectation falseNegative |
@@ -150,9 +151,18 @@ abstract class InlineExpectationsTest extends string {
       )
     )
     or
+    exists(ActualResult actualResult |
+      actualResult.getTest() = this and
+      not actualResult.getTag() = this.getARelevantTag() and
+      element = actualResult and
+      message =
+        "Tag mismatch: Actual result with tag '" + actualResult.getTag() +
+          "' that is not part of getARelevantTag()"
+    )
+    or
     exists(ValidExpectation expectation |
       not exists(ActualResult actualResult | expectation.matchesActualResult(actualResult)) and
-      expectation.getTag() = getARelevantTag() and
+      expectation.getTag() = this.getARelevantTag() and
       element = expectation and
       (
         expectation instanceof GoodExpectation and

go/ql/test/TestUtilities/InlineExpectationsTest.qll

@@ -137,6 +137,7 @@ abstract class InlineExpectationsTest extends string {
   final predicate hasFailureMessage(FailureLocatable element, string message) {
     exists(ActualResult actualResult |
       actualResult.getTest() = this and
+      actualResult.getTag() = this.getARelevantTag() and
       element = actualResult and
       (
         exists(FalseNegativeExpectation falseNegative |
@@ -150,9 +151,18 @@ abstract class InlineExpectationsTest extends string {
       )
     )
     or
+    exists(ActualResult actualResult |
+      actualResult.getTest() = this and
+      not actualResult.getTag() = this.getARelevantTag() and
+      element = actualResult and
+      message =
+        "Tag mismatch: Actual result with tag '" + actualResult.getTag() +
+          "' that is not part of getARelevantTag()"
+    )
+    or
     exists(ValidExpectation expectation |
       not exists(ActualResult actualResult | expectation.matchesActualResult(actualResult)) and
-      expectation.getTag() = getARelevantTag() and
+      expectation.getTag() = this.getARelevantTag() and
       element = expectation and
       (
         expectation instanceof GoodExpectation and

java/ql/test/TestUtilities/InlineExpectationsTest.qll

@@ -137,6 +137,7 @@ abstract class InlineExpectationsTest extends string {
   final predicate hasFailureMessage(FailureLocatable element, string message) {
     exists(ActualResult actualResult |
       actualResult.getTest() = this and
+      actualResult.getTag() = this.getARelevantTag() and
       element = actualResult and
       (
         exists(FalseNegativeExpectation falseNegative |
@@ -150,9 +151,18 @@ abstract class InlineExpectationsTest extends string {
       )
     )
     or
+    exists(ActualResult actualResult |
+      actualResult.getTest() = this and
+      not actualResult.getTag() = this.getARelevantTag() and
+      element = actualResult and
+      message =
+        "Tag mismatch: Actual result with tag '" + actualResult.getTag() +
+          "' that is not part of getARelevantTag()"
+    )
+    or
     exists(ValidExpectation expectation |
       not exists(ActualResult actualResult | expectation.matchesActualResult(actualResult)) and
-      expectation.getTag() = getARelevantTag() and
+      expectation.getTag() = this.getARelevantTag() and
       element = expectation and
       (
         expectation instanceof GoodExpectation and

java/ql/test/library-tests/frameworks/JaxWs/JakartaRs1.java

@@ -41,7 +41,7 @@ void Post() { // $ ResourceMethod ResourceMethodOnResourceClass
   @Produces("text/plain") // $ ProducesAnnotation=text/plain
   @DELETE
   double Delete() { // $ ResourceMethod=text/plain ResourceMethodOnResourceClass
-    return 0.0; // $ XssSink
+    return 0.0;
   }
 
   @Produces(MediaType.TEXT_HTML) // $ ProducesAnnotation=text/html
@@ -77,7 +77,7 @@ boolean Post() { // $ ResourceMethod=text/html ResourceMethodOnResourceClass
     @Produces(MediaType.TEXT_PLAIN) // $ ProducesAnnotation=text/plain
     @DELETE
     double Delete() { // $ ResourceMethod=text/plain ResourceMethodOnResourceClass
-      return 0.0; // $ XssSink
+      return 0.0;
     }
 
     @Path("")

java/ql/test/library-tests/frameworks/JaxWs/JaxRs.ql

@@ -14,7 +14,7 @@ class JaxRsTest extends InlineExpectationsTest {
         "InjectionAnnotation", "ResponseDeclaration", "ResponseBuilderDeclaration",
         "ClientDeclaration", "BeanParamConstructor", "MessageBodyReaderDeclaration",
         "MessageBodyReaderReadFromCall", "MessageBodyReaderReadCall", "ProducesAnnotation",
-        "ConsumesAnnotation"
+        "ConsumesAnnotation", "XssSink"
       ]
   }
 

java/ql/test/library-tests/frameworks/JaxWs/JaxRs1.java

@@ -41,7 +41,7 @@ void Post() { // $ ResourceMethod ResourceMethodOnResourceClass
   @Produces("text/plain") // $ ProducesAnnotation=text/plain
   @DELETE
   double Delete() { // $ ResourceMethod=text/plain ResourceMethodOnResourceClass
-    return 0.0; // $ XssSink
+    return 0.0;
   }
 
   @Produces(MediaType.TEXT_HTML) // $ ProducesAnnotation=text/html
@@ -77,7 +77,7 @@ boolean Post() { // $ ResourceMethod=text/html ResourceMethodOnResourceClass
     @Produces(MediaType.TEXT_PLAIN) // $ ProducesAnnotation=text/plain
     @DELETE
     double Delete() { // $ ResourceMethod=text/plain ResourceMethodOnResourceClass
-      return 0.0; // $ XssSink
+      return 0.0;
     }
 
     @Path("")

python/ql/test/TestUtilities/InlineExpectationsTest.qll

@@ -137,6 +137,7 @@ abstract class InlineExpectationsTest extends string {
   final predicate hasFailureMessage(FailureLocatable element, string message) {
     exists(ActualResult actualResult |
       actualResult.getTest() = this and
+      actualResult.getTag() = this.getARelevantTag() and
       element = actualResult and
       (
         exists(FalseNegativeExpectation falseNegative |
@@ -150,9 +151,18 @@ abstract class InlineExpectationsTest extends string {
       )
     )
     or
+    exists(ActualResult actualResult |
+      actualResult.getTest() = this and
+      not actualResult.getTag() = this.getARelevantTag() and
+      element = actualResult and
+      message =
+        "Tag mismatch: Actual result with tag '" + actualResult.getTag() +
+          "' that is not part of getARelevantTag()"
+    )
+    or
     exists(ValidExpectation expectation |
       not exists(ActualResult actualResult | expectation.matchesActualResult(actualResult)) and
-      expectation.getTag() = getARelevantTag() and
+      expectation.getTag() = this.getARelevantTag() and
       element = expectation and
       (
         expectation instanceof GoodExpectation and

python/ql/test/library-tests/InlineExpectationsTest/missing-relevant-tag/Test.expected

@@ -0,0 +1,2 @@
+| test.py:1:1:1:3 | foo | Tag mismatch: Actual result with tag 'foo' that is not part of getARelevantTag() |
+| test.py:4:1:4:3 | foo | Tag mismatch: Actual result with tag 'foo' that is not part of getARelevantTag() |

python/ql/test/library-tests/InlineExpectationsTest/missing-relevant-tag/Test.ql

@@ -0,0 +1,20 @@
+// test to illustrate what happens if you forget to put in the
+// right values for `getARelevantTag`. We want to alert on this,
+// so it gets fixed!
+import python
+import TestUtilities.InlineExpectationsTest
+
+class MissingRelevantTag extends InlineExpectationsTest {
+  MissingRelevantTag() { this = "MissingRelevantTag" }
+
+  override string getARelevantTag() { none() }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(Name name | name.getId() = "foo" |
+      location = name.getLocation() and
+      element = name.toString() and
+      value = "val" and
+      tag = "foo"
+    )
+  }
+}