Java: convert remaining java-code-scanning.qls query tests to .qlref#19842
Merged
d10c merged 32 commits intogithub:mainfrom Jun 25, 2025
Merged
Java: convert remaining java-code-scanning.qls query tests to .qlref#19842d10c merged 32 commits intogithub:mainfrom
java-code-scanning.qls query tests to .qlref#19842d10c merged 32 commits intogithub:mainfrom
Conversation
d10c
force-pushed
the
d10c/convert-java-tests-to-qlref
branch
2 times, most recently
from
3b874a0 to
4a835f9
Compare
Also, split off into separate directory from JndiInjectionTest because their $Alerts were interfering with each other.
Leaves ReDoS.ql unmodified since it's not a dataflow query; just moves it to its own directory.
It's a non-path query, so the InlineExpectationsTest postprocessor doesn't do anything.
This fixes the failing diff-informed consistency check.
This is because it was failing the diff-informed consistency check, and like other ReDoS queries (Python?) the query tries to be helpful by showing a substring of a regex, which has a `hasLocation(...)` (intensional) but no corresponding `getLocation()` (extensional). Until the location overrides get updated to support `hasLocation`-based locations, it's probably best to turn off diff-informed support.
d10c
force-pushed
the
d10c/convert-java-tests-to-qlref
branch
from
4a835f9 to
a49999d
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
...ql/test/query-tests/security/CWE-312/CleartextStorageCookie/CleartextStorageCookieTest.qlref
Fixed
Show fixed
Hide fixed
Given that it's a non-path-problem dataflow query, the InlineExpectationsTest is not as useful.
d10c
force-pushed
the
d10c/convert-java-tests-to-qlref
branch
from
d6f8ec3 to
6904461
Compare
Contributor
|
Woah, what about CI? |
Contributor
|
There was a failing check, which I just retried, so that's still running? |
Contributor
Author
|
Yikes, sorry I missed that. Can I revert this somehow? |
Contributor
It was the QLDoc Checks, so I think it's unlikely to break main, and possibly could have been a spurious failure (hence why I retried it), but we should keep an eye on it - if the retry succeeds then all is well, otherwise we need to understand the failure and whether it's something that affects main. |
Contributor
|
Looks like the retry succeeded, so all looks well. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Example prior work: #18848 #19817
utils/test/InlineExpectationsTestQuery.ql-based ones, similar to the above PRs.--check-diff-informed) runs on .qlref-based tests, the UnsafeDeserialization and PolynomialReDoS tests were newly failing that check.getASelectedSinkLocationoverride.