Add check for test packages

luchua-bc · luchua-bc · commit 5e36eedcb6ec · 2021-02-17T18:04:55.000Z
diff --git a/java/ql/src/experimental/Security/CWE/CWE-489/ServletMain.ql b/java/ql/src/experimental/Security/CWE/CWE-489/ServletMain.ql
@@ -41,7 +41,8 @@ class ServletMainMethod extends Method {
     this.isPublic() and
     this.getNumberOfParameters() = 1 and
     this.getParameter(0).getType() instanceof Array and
-    not this.getDeclaringType().getName().matches("%Test%") // Simple check to exclude test classes to reduce FPs
+    not this.getDeclaringType().getName().toLowerCase().matches("%test%") and // Simple check to exclude test classes to reduce FPs
+    not this.getDeclaringType().getPackage().getName().toLowerCase().matches("%test%") // Simple check to exclude classes in test packages to reduce FPs
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,8 @@ class ServletMainMethod extends Method {`
`41`	`41`	`this.isPublic() and`
`42`	`42`	`this.getNumberOfParameters() = 1 and`
`43`	`43`	`this.getParameter(0).getType() instanceof Array and`
`44`		`- not this.getDeclaringType().getName().matches("%Test%") // Simple check to exclude test classes to reduce FPs`
	`44`	`+ not this.getDeclaringType().getName().toLowerCase().matches("%test%") and // Simple check to exclude test classes to reduce FPs`
	`45`	`+ not this.getDeclaringType().getPackage().getName().toLowerCase().matches("%test%") // Simple check to exclude classes in test packages to reduce FPs`
`45`	`46`	`}`
`46`	`47`	`}`
`47`	`48`