use isTestFile from ClassifyFiles module file instead previous where condition, update tests accordingly

am0o0 · am0o0 · commit 5a69bbf6b0a2 · 2024-06-07T06:11:48.000+02:00
diff --git a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql
@@ -16,18 +16,15 @@
 import javascript
 import semmle.javascript.security.dataflow.HardcodedCredentialsQuery
 import DataFlow::PathGraph
+import semmle.javascript.filters.ClassifyFiles
 
 bindingset[s]
 predicate looksLikeATemplate(string s) { s.regexpMatch(".*((\\{\\{.*\\}\\})|(<.*>)|(\\(.*\\))).*") }
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string value
 where
   cfg.hasFlowPath(source, sink) and
-  not sink.getNode()
-      .getFile()
-      .getAbsolutePath()
-      .toLowerCase()
-      .matches(["%stest%s", "%sdemo%s", "%sexample%s", "%ssample%s"]) and
+  not isTestFile(sink.getNode().getFile()) and
   // use source value in message if it's available
   if source.getNode().asExpr() instanceof ConstantString
   then
diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
@@ -332,12 +332,12 @@ nodes
 | HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" |
 | HardcodedCredentials.js:403:27:403:35 | secretKey |
 | HardcodedCredentials.js:403:27:403:35 | secretKey |
-| HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
-| HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
-| HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
-| HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
-| HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
-| HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
+| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
+| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
+| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
+| __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
+| __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
+| __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
 edges
 | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
 | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
@@ -512,8 +512,8 @@ edges
 | HardcodedCredentials.js:401:9:401:43 | secretKey | HardcodedCredentials.js:403:27:403:35 | secretKey |
 | HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" | HardcodedCredentials.js:401:9:401:43 | secretKey |
 | HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" | HardcodedCredentials.js:401:9:401:43 | secretKey |
-| HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
-| HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
+| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
+| __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
 #select
 | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name |
 | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | password |
diff --git a/javascript/ql/test/query-tests/Security/CWE-798/__tests__/HardcodedCredentialsDemo.js b/javascript/ql/test/query-tests/Security/CWE-798/__tests__/HardcodedCredentialsDemo.js
