Java: restrict test to source methods

Otherwise it finds standard library methods that depend on stdlib internals as to what happens to get extracted. In particular the extractor bump to JDK21 led to MethodHandles being in scope and a new method being found; seems better to avoid considering the standard library at all.
2026-04-25 08:45:14 +02:00 · 2023-10-05 09:54:34 +01:00
parent d56a9f0781
commit 0510b0c825
2 changed files with 1 additions and 3 deletions
--- a/java/ql/test/library-tests/sensitive-actions/test.expected
+++ b/java/ql/test/library-tests/sensitive-actions/test.expected
@@ -67,5 +67,3 @@ sensitiveDataMethod
 | Test.java:37:18:37:31 | aaCryptAccntaa |
 | Test.java:39:18:39:33 | aaCryptTrustedaa |
 | Test.java:41:18:41:40 | aaCryptRefreshaaTokenaa |
-| file:///modules/java.base/java/lang/invoke/MemberName.class:0:0:0:0 | isTrustedFinalField |
-| file:///modules/java.base/java/lang/reflect/Field.class:0:0:0:0 | isTrustedFinal |
--- a/java/ql/test/library-tests/sensitive-actions/test.ql
+++ b/java/ql/test/library-tests/sensitive-actions/test.ql
@@ -9,4 +9,4 @@ query predicate sensitiveVariable(Variable v) {
  v.getName().regexpMatch(getCommonSensitiveInfoRegex())
 }

-query predicate sensitiveDataMethod(SensitiveDataMethod m) { any() }
+query predicate sensitiveDataMethod(SensitiveDataMethod m) { m.fromSource() }