Merge pull request github#14050 from jketema/inline-6

Consolidate all `InlineFlowTest` libraries in the dataflow qlpack

Author: jketema

csharp/ql/test/TestUtilities/InlineExpectationsTest.qll

@@ -3,19 +3,6 @@
  * See `shared/util/codeql/util/test/InlineExpectationsTest.qll`
  */
 
-private import csharp as CS
 private import codeql.util.test.InlineExpectationsTest
-
-private module Impl implements InlineExpectationsTestSig {
-  /**
-   * A class representing line comments in C# used by the InlineExpectations core code
-   */
-  class ExpectationComment extends CS::SinglelineComment {
-    /** Gets the contents of the given comment, _without_ the preceding comment marker (`//`). */
-    string getContents() { result = this.getText() }
-  }
-
-  class Location = CS::Location;
-}
-
+private import internal.InlineExpectationsTestImpl
 import Make<Impl>

csharp/ql/test/TestUtilities/InlineFlowTest.qll

@@ -1,120 +1,34 @@
 /**
- * Provides a simple base test for flow-related tests using inline expectations.
- *
- * Example for a test.ql:
- * ```ql
- * import csharp
- * import TestUtilities.InlineFlowTest
- * import DefaultFlowTest
- * import PathGraph
- *
- * from PathNode source, PathNode sink
- * where flowPath(source, sink)
- * select sink, source, sink, "$@", source, source.toString()
- *
- * ```
- *
- * To declare expectations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files.
- * Example of the corresponding test file, e.g. Test.cs
- * ```csharp
- * public class Test
- * {
- *     object Source() { return null; }
- *     string Taint() { return null; }
- *     void Sink(object o) { }
- *
- *     public void test()
- *     {
- *         var s = Source(1);
- *         Sink(s); // $ hasValueFlow=1
- *         var t = "foo" + Taint(2);
- *         Sink(t); // $ hasTaintFlow=2
- *     }
- * }
- * ```
- *
- * If you are only interested in value flow, then instead of importing `DefaultFlowTest`, you can import
- * `ValueFlowTest<DefaultFlowConfig>`. Similarly, if you are only interested in taint flow, then instead of
- * importing `DefaultFlowTest`, you can import `TaintFlowTest<DefaultFlowConfig>`. In both cases
- * `DefaultFlowConfig` can be replaced by another implementation of `DataFlow::ConfigSig`.
- *
- * If you need more fine-grained tuning, consider implementing a test using `InlineExpectationsTest`.
+ * Inline flow tests for CSharp.
+ * See `shared/util/codeql/dataflow/test/InlineFlowTest.qll`
  */
 
 import csharp
-import TestUtilities.InlineExpectationsTest
-
-private predicate defaultSource(DataFlow::Node source) {
-  source.asExpr().(MethodCall).getTarget().getUndecoratedName() = ["Source", "Taint"]
-}
-
-private predicate defaultSink(DataFlow::Node sink) {
-  exists(MethodCall mc | mc.getTarget().hasUndecoratedName("Sink") |
-    sink.asExpr() = mc.getAnArgument()
-  )
-}
-
-module DefaultFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { defaultSource(source) }
-
-  predicate isSink(DataFlow::Node sink) { defaultSink(sink) }
-
-  int fieldFlowBranchLimit() { result = 1000 }
-}
-
-private module NoFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { none() }
-
-  predicate isSink(DataFlow::Node sink) { none() }
-}
-
-private string getSourceArgString(DataFlow::Node src) {
-  defaultSource(src) and
-  src.asExpr().(MethodCall).getAnArgument().getValue() = result
-}
-
-module FlowTest<DataFlow::ConfigSig ValueFlowConfig, DataFlow::ConfigSig TaintFlowConfig> {
-  module ValueFlow = DataFlow::Global<ValueFlowConfig>;
-
-  module TaintFlow = TaintTracking::Global<TaintFlowConfig>;
-
-  private module InlineTest implements TestSig {
-    string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
-
-    predicate hasActualResult(Location location, string element, string tag, string value) {
-      tag = "hasValueFlow" and
-      exists(DataFlow::Node src, DataFlow::Node sink | ValueFlow::flow(src, sink) |
-        sink.getLocation() = location and
-        element = sink.toString() and
-        if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
-      )
-      or
-      tag = "hasTaintFlow" and
-      exists(DataFlow::Node src, DataFlow::Node sink |
-        TaintFlow::flow(src, sink) and not ValueFlow::flow(src, sink)
-      |
-        sink.getLocation() = location and
-        element = sink.toString() and
-        if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
-      )
-    }
+private import codeql.dataflow.test.InlineFlowTest
+private import semmle.code.csharp.dataflow.internal.DataFlowImplSpecific
+private import semmle.code.csharp.dataflow.internal.TaintTrackingImplSpecific
+private import internal.InlineExpectationsTestImpl
+
+private module FlowTestImpl implements InputSig<CsharpDataFlow> {
+  predicate defaultSource(DataFlow::Node source) {
+    source.asExpr().(MethodCall).getTarget().getUndecoratedName() = ["Source", "Taint"]
   }
 
-  import MakeTest<InlineTest>
-  import DataFlow::MergePathGraph<ValueFlow::PathNode, TaintFlow::PathNode, ValueFlow::PathGraph, TaintFlow::PathGraph>
-
-  predicate flowPath(PathNode source, PathNode sink) {
-    ValueFlow::flowPath(source.asPathNode1(), sink.asPathNode1()) or
-    TaintFlow::flowPath(source.asPathNode2(), sink.asPathNode2())
+  predicate defaultSink(DataFlow::Node sink) {
+    exists(MethodCall mc | mc.getTarget().hasUndecoratedName("Sink") |
+      sink.asExpr() = mc.getAnArgument()
+    )
   }
-}
 
-module DefaultFlowTest = FlowTest<DefaultFlowConfig, DefaultFlowConfig>;
+  private string getSourceArgString(DataFlow::Node src) {
+    defaultSource(src) and
+    src.asExpr().(MethodCall).getAnArgument().getValue() = result
+  }
 
-module ValueFlowTest<DataFlow::ConfigSig ValueFlowConfig> {
-  import FlowTest<ValueFlowConfig, NoFlowConfig>
+  string getArgString(DataFlow::Node src, DataFlow::Node sink) {
+    (if exists(getSourceArgString(src)) then result = getSourceArgString(src) else result = "") and
+    exists(sink)
+  }
 }
 
-module TaintFlowTest<DataFlow::ConfigSig TaintFlowConfig> {
-  import FlowTest<NoFlowConfig, TaintFlowConfig>
-}
+import InlineFlowTestMake<CsharpDataFlow, CsharpTaintTracking, Impl, FlowTestImpl>

csharp/ql/test/TestUtilities/internal/InlineExpectationsTestImpl.qll

@@ -0,0 +1,14 @@
+private import csharp as CS
+private import codeql.util.test.InlineExpectationsTest
+
+module Impl implements InlineExpectationsTestSig {
+  /**
+   * A class representing line comments in C# used by the InlineExpectations core code
+   */
+  class ExpectationComment extends CS::SinglelineComment {
+    /** Gets the contents of the given comment, _without_ the preceding comment marker (`//`). */
+    string getContents() { result = this.getText() }
+  }
+
+  class Location = CS::Location;
+}

csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected

@@ -1,4 +1,3 @@
-failures
 testFailures
 edges
 | A.cs:5:17:5:28 | call to method Source<C> : C | A.cs:6:24:6:24 | access to local variable c : C |

csharp/ql/test/library-tests/dataflow/operators/operatorFlow.expected

@@ -1,4 +1,3 @@
-failures
 testFailures
 edges
 | Operator.cs:9:39:9:39 | x : C | Operator.cs:9:50:9:50 | access to parameter x : C |

csharp/ql/test/library-tests/dataflow/patterns/PatternFlow.expected

@@ -1,4 +1,3 @@
-failures
 testFailures
 edges
 nodes

csharp/ql/test/library-tests/dataflow/tuples/Tuples.expected

@@ -1,4 +1,3 @@
-failures
 testFailures
 edges
 | Tuples.cs:7:18:7:34 | call to method Source<Object> : Object | Tuples.cs:10:21:10:22 | access to local variable o1 : Object |

go/ql/test/TestUtilities/InlineExpectationsTest.qll

@@ -3,20 +3,6 @@
  * See `shared/util/codeql/util/test/InlineExpectationsTest.qll`
  */
 
-private import go as G
 private import codeql.util.test.InlineExpectationsTest
-
-private module Impl implements InlineExpectationsTestSig {
-  /**
-   * A class representing line comments in the Go style, including the
-   * preceding comment marker (`//`).
-   */
-  class ExpectationComment extends G::Comment {
-    /** Returns the contents of the given comment, _without_ the preceding comment marker (`//`). */
-    string getContents() { result = this.getText() }
-  }
-
-  class Location = G::Location;
-}
-
+private import internal.InlineExpectationsTestImpl
 import Make<Impl>

go/ql/test/TestUtilities/InlineFlowTest.qll

@@ -1,112 +1,29 @@
 /**
- * Provides a simple base test for flow-related tests using inline expectations.
- *
- * Example for a test.ql:
- * ```ql
- * import go
- * import TestUtilities.InlineFlowTest
- * import DefaultFlowTest
- * import PathGraph
- *
- * from PathNode source, PathNode sink
- * where flowPath(source, sink)
- * select sink, source, sink, "$@", source, source.toString()
- * ```
- *
- * To declare expectations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files.
- * Example of the corresponding test file, e.g. Test.go
- * ```go
- * func source() string { return ""; }
- * func taint() string { return ""; }
- * func sink(s string) { }
- *
- * func test() {
- *   s := source()
- *   sink(s) // $ hasValueFlow="s"
- *   t := "foo" + taint()
- *   sink(t) // $ hasTaintFlow="t"
- * }
- * ```
- *
- * If you are only interested in value flow, then instead of importing `DefaultFlowTest`, you can import
- * `ValueFlowTest<DefaultFlowConfig>`. Similarly, if you are only interested in taint flow, then instead of
- * importing `DefaultFlowTest`, you can import `TaintFlowTest<DefaultFlowConfig>`. In both cases
- * `DefaultFlowConfig` can be replaced by another implementation of `DataFlow::ConfigSig`.
- *
- * If you need more fine-grained tuning, consider implementing a test using `InlineExpectationsTest`.
+ * Inline flow tests for Go.
+ * See `shared/util/codeql/dataflow/test/InlineFlowTest.qll`
  */
 
 import go
-import TestUtilities.InlineExpectationsTest
-
-private predicate defaultSource(DataFlow::Node source) {
-  exists(Function fn | fn.hasQualifiedName(_, ["source", "taint"]) |
-    source = fn.getACall().getResult()
-  )
-}
-
-private predicate defaultSink(DataFlow::Node sink) {
-  exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
-}
-
-module DefaultFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { defaultSource(source) }
-
-  predicate isSink(DataFlow::Node sink) { defaultSink(sink) }
-
-  int fieldFlowBranchLimit() { result = 1000 }
-}
-
-private module NoFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { none() }
-
-  predicate isSink(DataFlow::Node sink) { none() }
-}
-
-module FlowTest<DataFlow::ConfigSig ValueFlowConfig, DataFlow::ConfigSig TaintFlowConfig> {
-  module ValueFlow = DataFlow::Global<ValueFlowConfig>;
-
-  module TaintFlow = TaintTracking::Global<TaintFlowConfig>;
-
-  private module InlineTest implements TestSig {
-    string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
-
-    predicate hasActualResult(Location location, string element, string tag, string value) {
-      tag = "hasValueFlow" and
-      exists(DataFlow::Node sink | ValueFlow::flowTo(sink) |
-        sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-          location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-        element = sink.toString() and
-        value = "\"" + sink.toString() + "\""
-      )
-      or
-      tag = "hasTaintFlow" and
-      exists(DataFlow::Node src, DataFlow::Node sink |
-        TaintFlow::flow(src, sink) and not ValueFlow::flow(src, sink)
-      |
-        sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-          location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-        element = sink.toString() and
-        value = "\"" + sink.toString() + "\""
-      )
-    }
+private import codeql.dataflow.test.InlineFlowTest
+private import semmle.go.dataflow.internal.DataFlowImplSpecific
+private import semmle.go.dataflow.internal.TaintTrackingImplSpecific
+private import internal.InlineExpectationsTestImpl
+
+private module FlowTestImpl implements InputSig<GoDataFlow> {
+  predicate defaultSource(DataFlow::Node source) {
+    exists(Function fn | fn.hasQualifiedName(_, ["source", "taint"]) |
+      source = fn.getACall().getResult()
+    )
   }
 
-  import MakeTest<InlineTest>
-  import DataFlow::MergePathGraph<ValueFlow::PathNode, TaintFlow::PathNode, ValueFlow::PathGraph, TaintFlow::PathGraph>
-
-  predicate flowPath(PathNode source, PathNode sink) {
-    ValueFlow::flowPath(source.asPathNode1(), sink.asPathNode1()) or
-    TaintFlow::flowPath(source.asPathNode2(), sink.asPathNode2())
+  predicate defaultSink(DataFlow::Node sink) {
+    exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
   }
-}
-
-module DefaultFlowTest = FlowTest<DefaultFlowConfig, DefaultFlowConfig>;
 
-module ValueFlowTest<DataFlow::ConfigSig ValueFlowConfig> {
-  import FlowTest<ValueFlowConfig, NoFlowConfig>
+  string getArgString(DataFlow::Node src, DataFlow::Node sink) {
+    exists(src) and
+    result = "\"" + sink.toString() + "\""
+  }
 }
 
-module TaintFlowTest<DataFlow::ConfigSig TaintFlowConfig> {
-  import FlowTest<NoFlowConfig, TaintFlowConfig>
-}
+import InlineFlowTestMake<GoDataFlow, GoTaintTracking, Impl, FlowTestImpl>

go/ql/test/TestUtilities/internal/InlineExpectationsTestImpl.qll

@@ -0,0 +1,15 @@
+private import go as G
+private import codeql.util.test.InlineExpectationsTest
+
+module Impl implements InlineExpectationsTestSig {
+  /**
+   * A class representing line comments in the Go style, including the
+   * preceding comment marker (`//`).
+   */
+  class ExpectationComment extends G::Comment {
+    /** Returns the contents of the given comment, _without_ the preceding comment marker (`//`). */
+    string getContents() { result = this.getText() }
+  }
+
+  class Location = G::Location;
+}