Java: Remove the hardcoded path filter that excluded CodeQL's own unit tests from the java/visible-for-testing-abuse query.

2026-04-24 08:15:14 +02:00 · 2025-08-24 09:58:35 +00:00
parent 4705ad2e32
commit 4149968f33
3 changed files with 5 additions and 8 deletions
--- a/Hiding/VisibleForTestingAbuse.ql
+++ b/Hiding/VisibleForTestingAbuse.ql
@@ -93,11 +93,6 @@ where
  // not when the accessing method or any enclosing method is @VisibleForTesting (test-to-test communication)
  not isWithinVisibleForTestingContext(e.getEnclosingCallable()) and
  // not when used in annotation contexts
-  not e.getParent*() instanceof Annotation and
-  // also omit our own ql unit test where it is acceptable
-  not e.getEnclosingCallable()
-      .getFile()
-      .getAbsolutePath()
-      .matches("%java/ql/test/query-tests/%Test.java")
+  not e.getParent*() instanceof Annotation
 select e, "Access of $@ annotated with VisibleForTesting found in production code.", annotated,
  "element"
--- a/java/ql/test/query-tests/VisibleForTestingAbuse/VisibleForTestingAbuse.expected
+++ b/java/ql/test/query-tests/VisibleForTestingAbuse/VisibleForTestingAbuse.expected
@@ -15,3 +15,5 @@
 | packagetwo/Source.java:20:28:20:47 | new AnnotatedClass(...) | Access of $@ annotated with VisibleForTesting found in production code. | packageone/AnnotatedClass.java:4:14:4:27 | AnnotatedClass | element |
 | packagetwo/Source.java:24:30:24:40 | Annotated.m | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:7:19:7:19 | m | element |
 | packagetwo/Source.java:28:27:28:39 | f(...) | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:16:16:16:16 | f | element |
+| packagetwo/Test.java:24:30:24:40 | Annotated.m | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:7:19:7:19 | m | element |
+| packagetwo/Test.java:28:27:28:39 | f(...) | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:16:16:16:16 | f | element |
--- a/java/ql/test/query-tests/VisibleForTestingAbuse/packagetwo/Test.java
+++ b/java/ql/test/query-tests/VisibleForTestingAbuse/packagetwo/Test.java
@@ -21,11 +21,11 @@ public class Test {
        
        // Lambda usage
        Runnable lambda = () -> {
-            String lambdaS = Annotated.m; // COMPLIANT
+            String lambdaS = Annotated.m; // $ SPURIOUS: Alert
            String lambdaS1 = Annotated.m1; // COMPLIANT
            String lambdaS2 = Annotated.m2; // COMPLIANT
            
-            int lambdaI = Annotated.f(); // COMPLIANT
+            int lambdaI = Annotated.f(); // $ SPURIOUS: Alert
            int lambdaI2 = Annotated.fPublic(); // COMPLIANT
            int lambdaI3 = Annotated.fProtected(); // COMPLIANT
        };