Switch existing test cases to inline expectations

Author: joefarebrother

java/ql/test/library-tests/frameworks/guava/TestCollect.java

@@ -14,20 +14,20 @@ void test1() {
         String x = taint();
 
         ImmutableSet<String> xs = ImmutableSet.of(x, "y", "z");
-        sink(xs.asList());
+        sink(xs.asList()); // $numTaintFlow=1
 
         ImmutableSet<String> ys = ImmutableSet.of("a", "b", "c");
 
-        sink(Sets.filter(Sets.union(xs, ys), y -> true));
+        sink(Sets.filter(Sets.union(xs, ys), y -> true)); // $numTaintFlow=1
 
-        sink(Sets.newHashSet("a", "b", "c", "d", x));
+        sink(Sets.newHashSet("a", "b", "c", "d", x)); // $numTaintFlow=1
     }
 
     void test2() {
-        sink(ImmutableList.of(taint(), taint(), taint(), taint())); // expect 4 alerts
-        sink(ImmutableMap.of(taint(), taint(), taint(), taint())); // expect 2 alerts
-        sink(ImmutableMultimap.of(taint(), taint(), taint(), taint())); // expect 2 alerts
-        sink(ImmutableTable.of(taint(),taint(), taint())); // expect 1 alert
+        sink(ImmutableList.of(taint(), taint(), taint(), taint()));  // $numTaintFlow=4
+        sink(ImmutableMap.of(taint(), taint(), taint(), taint()));  // $numTaintFlow=2
+        sink(ImmutableMultimap.of(taint(), taint(), taint(), taint()));  // $numTaintFlow=2
+        sink(ImmutableTable.of(taint(),taint(), taint()));  // $numTaintFlow=1
     }
 
     void test3() {
@@ -38,20 +38,20 @@ void test3() {
         b.add("a");
         sink(b);
         b.add(x);
-        sink(b.build());
+        sink(b.build()); // $numTaintFlow=1
 
         b = ImmutableList.builder();
 
         b.add("a").add(x);
-        sink(b.build());
+        sink(b.build()); // $numTaintFlow=1
 
-        sink(ImmutableList.builder().add("a").add(x).build());
+        sink(ImmutableList.builder().add("a").add(x).build()); // $numTaintFlow=1
 
         ImmutableMap.Builder<String, String> b2 = ImmutableMap.builder();
         b2.put(x,"v");
         sink(b2);
         b2.put("k",x);
-        sink(b2.build());
+        sink(b2.build()); // $numTaintFlow=1
     }
 
     void test4(Table<String, String, String> t1, Table<String, String, String> t2, Table<String, String, String> t3) {
@@ -61,62 +61,62 @@ void test4(Table<String, String, String> t1, Table<String, String, String> t2, T
         t1.put("r", x, "v");
         sink(t1);
         t1.put("r", "c", x);
-        sink(t1);
-        sink(t1.row("r"));
+        sink(t1); // $numTaintFlow=1
+        sink(t1.row("r")); // $numTaintFlow=1
 
         t2.putAll(t1);
         for (Table.Cell<String,String,String> c : t2.cellSet()) {
-            sink(c.getValue());
+            sink(c.getValue()); // $numTaintFlow=1
         }
 
-        sink(t1.remove("r", "c"));
+        sink(t1.remove("r", "c")); // $numTaintFlow=1
 
         t3.row("r").put("c", x);
-        sink(t3); // Not detected
+        sink(t3);  // MISSING:$numTaintFlow=1
     }
 
     void test4(Multimap<String, String> m1, Multimap<String, String> m2, Multimap<String, String> m3, 
            Multimap<String, String> m4, Multimap<String, String> m5){
         String x = taint();
         m1.put("k", x);
-        sink(m1);
-        sink(m1.get("k"));
+        sink(m1); // $numTaintFlow=1
+        sink(m1.get("k")); // $numTaintFlow=1
 
         m2.putAll("k", ImmutableList.of("a", x, "b"));
-        sink(m2);
+        sink(m2); // $numTaintFlow=1
 
         m3.putAll(m1);
-        sink(m3);
+        sink(m3); // $numTaintFlow=1
 
         m4.replaceValues("k", m1.replaceValues("k", ImmutableList.of("a")));
         for (Map.Entry<String, String> e : m4.entries()) {
-            sink(e.getValue());
+            sink(e.getValue()); // $numTaintFlow=1
         }
 
         m5.asMap().get("k").add(x);
-        sink(m5); // Not detected
+        sink(m5);  // MISSING:$numTaintFlow=1
     }
 
     void test5(Comparator<String> comp, SortedSet<String> sorS, SortedMap<String, String> sorM) {
         ImmutableSortedSet<String> s = ImmutableSortedSet.of(taint());
 
-        sink(s);
-        sink(ImmutableSortedSet.copyOf(s));
-        sink(ImmutableSortedSet.copyOf(comp, s));
+        sink(s); // $numTaintFlow=1
+        sink(ImmutableSortedSet.copyOf(s)); // $numTaintFlow=1
+        sink(ImmutableSortedSet.copyOf(comp, s)); // $numTaintFlow=1
 
         sorS.add(taint());
-        sink(ImmutableSortedSet.copyOfSorted(sorS));
+        sink(ImmutableSortedSet.copyOfSorted(sorS)); // $numTaintFlow=1
 
-        sink(ImmutableList.sortedCopyOf(s));
-        sink(ImmutableList.sortedCopyOf(comp, s));
+        sink(ImmutableList.sortedCopyOf(s)); // $numTaintFlow=1
+        sink(ImmutableList.sortedCopyOf(comp, s)); // $numTaintFlow=1
 
         ImmutableSortedMap<String, String> m = ImmutableSortedMap.of("k", taint());
 
-        sink(m);
-        sink(ImmutableSortedMap.copyOf(m));
-        sink(ImmutableSortedMap.copyOf(m, comp));
+        sink(m); // $numTaintFlow=1
+        sink(ImmutableSortedMap.copyOf(m)); // $numTaintFlow=1
+        sink(ImmutableSortedMap.copyOf(m, comp)); // $numTaintFlow=1
 
         sorM.put("k", taint());
-        sink(ImmutableSortedMap.copyOfSorted(sorM));
+        sink(ImmutableSortedMap.copyOfSorted(sorM)); // $numTaintFlow=1
     }
 }

java/ql/test/library-tests/frameworks/guava/TestStrings.java

@@ -14,25 +14,25 @@ void sink(Object o) {}
     void test1() {
         String x = taint();
 
-        sink(Strings.padStart(x, 10, ' '));
-        sink(Strings.padEnd(x, 10, ' '));
-        sink(Strings.repeat(x, 3));
-        sink(Strings.emptyToNull(Strings.nullToEmpty(x)));
-        sink(Strings.lenientFormat(x, 3));
-        sink(Strings.commonPrefix(x, "abc"));
-        sink(Strings.commonSuffix(x, "cde"));
-        sink(Strings.lenientFormat("%s = %s", x, 3));
+        sink(Strings.padStart(x, 10, ' ')); // $numTaintFlow=1
+        sink(Strings.padEnd(x, 10, ' ')); // $numTaintFlow=1
+        sink(Strings.repeat(x, 3)); // $numTaintFlow=1
+        sink(Strings.emptyToNull(Strings.nullToEmpty(x))); // $numTaintFlow=1
+        sink(Strings.lenientFormat(x, 3)); // $numTaintFlow=1
+        sink(Strings.commonPrefix(x, "abc")); 
+        sink(Strings.commonSuffix(x, "cde")); 
+        sink(Strings.lenientFormat("%s = %s", x, 3)); // $numTaintFlow=1
     }
 
     void test2() {
         String x = taint();
         Splitter s = Splitter.on(x).omitEmptyStrings();
 
         sink(s.split("x y z"));
-        sink(s.split(x));
-        sink(s.splitToList(x));
+        sink(s.split(x)); // $numTaintFlow=1
+        sink(s.splitToList(x)); // $numTaintFlow=1
         sink(s.withKeyValueSeparator("=").split("a=b"));
-        sink(s.withKeyValueSeparator("=").split(x));
+        sink(s.withKeyValueSeparator("=").split(x)); // $numTaintFlow=1
     }
 
     void test3() {
@@ -43,20 +43,20 @@ void test3() {
         StringBuilder sb = new StringBuilder();
         sink(safeJoiner.appendTo(sb, "a", "b", "c"));
         sink(sb.toString());
-        sink(taintedJoiner.appendTo(sb, "a", "b", "c"));
-        sink(sb.toString());
-        sink(safeJoiner.appendTo(sb, "a", "b", "c"));
-        sink(sb.toString());
+        sink(taintedJoiner.appendTo(sb, "a", "b", "c")); // $numTaintFlow=1
+        sink(sb.toString()); // $numTaintFlow=1
+        sink(safeJoiner.appendTo(sb, "a", "b", "c")); // $numTaintFlow=1
+        sink(sb.toString()); // $numTaintFlow=1
 
         sb = new StringBuilder();
-        sink(safeJoiner.appendTo(sb, x, x));
+        sink(safeJoiner.appendTo(sb, x, x)); // $numTaintFlow=1
 
         Map<String, String> m = new HashMap<String, String>();
         m.put("k", "v");
         sink(safeJoiner.withKeyValueSeparator("=").join(m));
-        sink(safeJoiner.withKeyValueSeparator(x).join(m));
-        sink(taintedJoiner.useForNull("(null)").withKeyValueSeparator("=").join(m));
+        sink(safeJoiner.withKeyValueSeparator(x).join(m)); // $numTaintFlow=1
+        sink(taintedJoiner.useForNull("(null)").withKeyValueSeparator("=").join(m)); // $numTaintFlow=1
         m.put("k2", x);
-        sink(safeJoiner.withKeyValueSeparator("=").join(m));
+        sink(safeJoiner.withKeyValueSeparator("=").join(m)); // $numTaintFlow=1
     }
 }

java/ql/test/library-tests/frameworks/guava/flow.expected

@@ -1,52 +0,0 @@
-| TestCollect.java:14:20:14:26 | taint(...) | TestCollect.java:17:14:17:24 | asList(...) |
-| TestCollect.java:14:20:14:26 | taint(...) | TestCollect.java:21:14:21:55 | filter(...) |
-| TestCollect.java:14:20:14:26 | taint(...) | TestCollect.java:23:14:23:51 | newHashSet(...) |
-| TestCollect.java:27:31:27:37 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
-| TestCollect.java:27:40:27:46 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
-| TestCollect.java:27:49:27:55 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
-| TestCollect.java:27:58:27:64 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
-| TestCollect.java:28:39:28:45 | taint(...) | TestCollect.java:28:14:28:64 | of(...) |
-| TestCollect.java:28:57:28:63 | taint(...) | TestCollect.java:28:14:28:64 | of(...) |
-| TestCollect.java:29:44:29:50 | taint(...) | TestCollect.java:29:14:29:69 | of(...) |
-| TestCollect.java:29:62:29:68 | taint(...) | TestCollect.java:29:14:29:69 | of(...) |
-| TestCollect.java:30:49:30:55 | taint(...) | TestCollect.java:30:14:30:56 | of(...) |
-| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:41:14:41:22 | build(...) |
-| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:46:14:46:22 | build(...) |
-| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:48:14:48:60 | build(...) |
-| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:54:14:54:23 | build(...) |
-| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:64:14:64:15 | t1 |
-| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:65:14:65:24 | row(...) |
-| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:69:18:69:29 | getValue(...) |
-| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:72:14:72:32 | remove(...) |
-| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:82:14:82:15 | m1 |
-| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:83:14:83:24 | get(...) |
-| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:86:14:86:15 | m2 |
-| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:89:14:89:15 | m3 |
-| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:93:18:93:29 | getValue(...) |
-| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:103:14:103:14 | s |
-| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:104:14:104:41 | copyOf(...) |
-| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:105:14:105:47 | copyOf(...) |
-| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:110:14:110:42 | sortedCopyOf(...) |
-| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:111:14:111:48 | sortedCopyOf(...) |
-| TestCollect.java:107:18:107:24 | taint(...) | TestCollect.java:108:14:108:50 | copyOfSorted(...) |
-| TestCollect.java:113:75:113:81 | taint(...) | TestCollect.java:115:14:115:14 | m |
-| TestCollect.java:113:75:113:81 | taint(...) | TestCollect.java:116:14:116:41 | copyOf(...) |
-| TestCollect.java:113:75:113:81 | taint(...) | TestCollect.java:117:14:117:47 | copyOf(...) |
-| TestCollect.java:119:23:119:29 | taint(...) | TestCollect.java:120:14:120:50 | copyOfSorted(...) |
-| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:17:14:17:41 | padStart(...) |
-| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:18:14:18:39 | padEnd(...) |
-| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:19:14:19:33 | repeat(...) |
-| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:20:14:20:56 | emptyToNull(...) |
-| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:21:14:21:40 | lenientFormat(...) |
-| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:24:14:24:51 | lenientFormat(...) |
-| TestStrings.java:28:20:28:26 | taint(...) | TestStrings.java:32:14:32:23 | split(...) |
-| TestStrings.java:28:20:28:26 | taint(...) | TestStrings.java:33:14:33:29 | splitToList(...) |
-| TestStrings.java:28:20:28:26 | taint(...) | TestStrings.java:35:14:35:50 | split(...) |
-| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:46:14:46:54 | appendTo(...) |
-| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:47:14:47:26 | toString(...) |
-| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:48:14:48:51 | appendTo(...) |
-| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:49:14:49:26 | toString(...) |
-| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:52:14:52:42 | appendTo(...) |
-| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:57:14:57:56 | join(...) |
-| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:58:14:58:82 | join(...) |
-| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:60:14:60:58 | join(...) |

java/ql/test/library-tests/frameworks/guava/flow.ql

@@ -1,5 +1,6 @@
 import java
 import semmle.code.java.dataflow.TaintTracking
+import TestUtilities.InlineExpectationsTest
 
 class Conf extends TaintTracking::Configuration {
   Conf() { this = "qltest:frameworks:guava" }
@@ -13,6 +14,18 @@ class Conf extends TaintTracking::Configuration {
   }
 }
 
-from DataFlow::Node src, DataFlow::Node sink, Conf conf
-where conf.hasFlow(src, sink)
-select src, sink
+class HasFlowTest extends InlineExpectationsTest {
+  HasFlowTest() { this = "HasFlowTest" }
+
+  override string getARelevantTag() { result = "numTaintFlow" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "numTaintFlow" and
+    exists(DataFlow::Node src, DataFlow::Node sink, Conf conf, int num | conf.hasFlow(src, sink) |
+      value = num.toString() and
+      sink.getLocation() = location and
+      element = sink.toString() and
+      num = strictcount(DataFlow::Node src2 | conf.hasFlow(src2, sink))
+    )
+  }
+}