From 41b35eaa490a45b53d65f636e60f27efdade0e96 Mon Sep 17 00:00:00 2001
From: Esben Sparre Andreasen <esbena@github.com>
Date: Wed, 30 Mar 2022 12:02:50 +0200
Subject: [PATCH] add generic tests for features

---
 .../EmptyFeature.expected                     |  3 ++
 .../generic_feature_testing/EmptyFeature.ql   |  8 +++++
 .../FeatureValue.expected                     | 29 +++++++++++++++++
 .../generic_feature_testing/FeatureValue.ql   |  7 +++++
 .../NonFeaturizedEndpoint.expected            |  0
 .../NonFeaturizedEndpoint.ql                  |  8 +++++
 .../NonFunctionalFeature.expected             |  0
 .../NonFunctionalFeature.ql                   |  8 +++++
 .../NonTotalFeature.expected                  | 31 +++++++++++++++++++
 .../NonTotalFeature.ql                        |  8 +++++
 .../test/generic_feature_testing/TestUtil.qll |  5 +++
 .../test/generic_feature_testing/test.js      |  9 ++++++
 12 files changed, 116 insertions(+)
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.expected
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.ql
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.ql
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFeaturizedEndpoint.expected
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFeaturizedEndpoint.ql
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFunctionalFeature.expected
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFunctionalFeature.ql
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.expected
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.ql
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/TestUtil.qll
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/test.js

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.expected
new file mode 100644
index 00000000000..4540013743d
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.expected
@@ -0,0 +1,3 @@
+| calleeApiName |
+| enclosingFunctionBody |
+| enclosingFunctionName |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.ql
new file mode 100644
index 00000000000..e155bef2801
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/EmptyFeature.ql
@@ -0,0 +1,8 @@
+import javascript
+import experimental.adaptivethreatmodeling.EndpointFeatures
+import TestUtil
+
+// every feature must produce a value for at least one endpoint, otherwise the feature is completely broken, or a relevant test example is missing
+from EndpointFeature feature
+where forall(Endpoint endpoint | not exists(feature.getValue(endpoint)))
+select feature.getName()
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected
new file mode 100644
index 00000000000..6b0a4b9e6a4
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.expected
@@ -0,0 +1,29 @@
+| test.js:2:7:2:14 | endpoint | ParameterAccessPathSimpleFromArgumentTraversal | 0 |
+| test.js:2:7:2:14 | endpoint | argumentIndex | 0 |
+| test.js:2:7:2:14 | endpoint | calleeAccessPath |  |
+| test.js:2:7:2:14 | endpoint | calleeAccessPathSimpleFromArgumentTraversal | f |
+| test.js:2:7:2:14 | endpoint | calleeAccessPathWithStructuralInfo |  |
+| test.js:2:7:2:14 | endpoint | calleeName | f |
+| test.js:3:11:3:18 | endpoint | ParameterAccessPathSimpleFromArgumentTraversal | 0.p |
+| test.js:3:11:3:18 | endpoint | calleeAccessPath |  |
+| test.js:3:11:3:18 | endpoint | calleeAccessPathSimpleFromArgumentTraversal | f |
+| test.js:3:11:3:18 | endpoint | calleeAccessPathWithStructuralInfo |  |
+| test.js:4:15:4:22 | endpoint | ParameterAccessPathSimpleFromArgumentTraversal | 0.p.q |
+| test.js:4:15:4:22 | endpoint | calleeAccessPath |  |
+| test.js:4:15:4:22 | endpoint | calleeAccessPathSimpleFromArgumentTraversal | f |
+| test.js:4:15:4:22 | endpoint | calleeAccessPathWithStructuralInfo |  |
+| test.js:5:9:5:16 | endpoint | ParameterAccessPathSimpleFromArgumentTraversal | 0 |
+| test.js:5:9:5:16 | endpoint | argumentIndex | 0 |
+| test.js:5:9:5:16 | endpoint | calleeAccessPath |  |
+| test.js:5:9:5:16 | endpoint | calleeAccessPathSimpleFromArgumentTraversal | o.m |
+| test.js:5:9:5:16 | endpoint | calleeAccessPathWithStructuralInfo |  |
+| test.js:5:9:5:16 | endpoint | calleeName | m |
+| test.js:5:9:5:16 | endpoint | receiverName | o |
+| test.js:6:13:6:20 | endpoint | ParameterAccessPathSimpleFromArgumentTraversal | 0.p |
+| test.js:6:13:6:20 | endpoint | calleeAccessPath |  |
+| test.js:6:13:6:20 | endpoint | calleeAccessPathSimpleFromArgumentTraversal | o.m |
+| test.js:6:13:6:20 | endpoint | calleeAccessPathWithStructuralInfo |  |
+| test.js:7:17:7:24 | endpoint | ParameterAccessPathSimpleFromArgumentTraversal | 0.p.q |
+| test.js:7:17:7:24 | endpoint | calleeAccessPath |  |
+| test.js:7:17:7:24 | endpoint | calleeAccessPathSimpleFromArgumentTraversal | o.m |
+| test.js:7:17:7:24 | endpoint | calleeAccessPathWithStructuralInfo |  |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.ql
new file mode 100644
index 00000000000..3fe84887baf
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/FeatureValue.ql
@@ -0,0 +1,7 @@
+import javascript
+import experimental.adaptivethreatmodeling.EndpointFeatures
+import TestUtil
+
+// detailed output for the nearby tests
+from Endpoint endpoint, EndpointFeature feature
+select endpoint, feature.getName(), feature.getValue(endpoint)
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFeaturizedEndpoint.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFeaturizedEndpoint.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFeaturizedEndpoint.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFeaturizedEndpoint.ql
new file mode 100644
index 00000000000..f975799157c
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFeaturizedEndpoint.ql
@@ -0,0 +1,8 @@
+import javascript
+import experimental.adaptivethreatmodeling.EndpointFeatures
+import TestUtil
+
+// every endpoint should have at least one feature value, otherwise the test source is likely malformed
+from Endpoint endpoint
+where not exists(EndpointFeature f | exists(f.getValue(endpoint)))
+select endpoint
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFunctionalFeature.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFunctionalFeature.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFunctionalFeature.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFunctionalFeature.ql
new file mode 100644
index 00000000000..4cb91db06af
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonFunctionalFeature.ql
@@ -0,0 +1,8 @@
+import javascript
+import experimental.adaptivethreatmodeling.EndpointFeatures
+import TestUtil
+
+// every feature must produce a single value for each endpoint that it computes a value for, otherwise the ML model will be confused(?)
+from Endpoint endpoint, EndpointFeature feature, int arity
+where arity = count(feature.getValue(endpoint)) and arity > 1
+select endpoint, feature.getName(), arity
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.expected
new file mode 100644
index 00000000000..5c7ab7db0e0
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.expected
@@ -0,0 +1,31 @@
+| test.js:2:7:2:14 | endpoint | calleeApiName |
+| test.js:2:7:2:14 | endpoint | enclosingFunctionBody |
+| test.js:2:7:2:14 | endpoint | enclosingFunctionName |
+| test.js:2:7:2:14 | endpoint | receiverName |
+| test.js:3:11:3:18 | endpoint | argumentIndex |
+| test.js:3:11:3:18 | endpoint | calleeApiName |
+| test.js:3:11:3:18 | endpoint | calleeName |
+| test.js:3:11:3:18 | endpoint | enclosingFunctionBody |
+| test.js:3:11:3:18 | endpoint | enclosingFunctionName |
+| test.js:3:11:3:18 | endpoint | receiverName |
+| test.js:4:15:4:22 | endpoint | argumentIndex |
+| test.js:4:15:4:22 | endpoint | calleeApiName |
+| test.js:4:15:4:22 | endpoint | calleeName |
+| test.js:4:15:4:22 | endpoint | enclosingFunctionBody |
+| test.js:4:15:4:22 | endpoint | enclosingFunctionName |
+| test.js:4:15:4:22 | endpoint | receiverName |
+| test.js:5:9:5:16 | endpoint | calleeApiName |
+| test.js:5:9:5:16 | endpoint | enclosingFunctionBody |
+| test.js:5:9:5:16 | endpoint | enclosingFunctionName |
+| test.js:6:13:6:20 | endpoint | argumentIndex |
+| test.js:6:13:6:20 | endpoint | calleeApiName |
+| test.js:6:13:6:20 | endpoint | calleeName |
+| test.js:6:13:6:20 | endpoint | enclosingFunctionBody |
+| test.js:6:13:6:20 | endpoint | enclosingFunctionName |
+| test.js:6:13:6:20 | endpoint | receiverName |
+| test.js:7:17:7:24 | endpoint | argumentIndex |
+| test.js:7:17:7:24 | endpoint | calleeApiName |
+| test.js:7:17:7:24 | endpoint | calleeName |
+| test.js:7:17:7:24 | endpoint | enclosingFunctionBody |
+| test.js:7:17:7:24 | endpoint | enclosingFunctionName |
+| test.js:7:17:7:24 | endpoint | receiverName |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.ql
new file mode 100644
index 00000000000..bb435c84c88
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/NonTotalFeature.ql
@@ -0,0 +1,8 @@
+import javascript
+import experimental.adaptivethreatmodeling.EndpointFeatures
+import TestUtil
+
+// every feature should produce a value for all endpoints
+from EndpointFeature feature, Endpoint endpoint
+where not exists(feature.getValue(endpoint))
+select endpoint, feature.getName()
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/TestUtil.qll b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/TestUtil.qll
new file mode 100644
index 00000000000..30349bc8c63
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/TestUtil.qll
@@ -0,0 +1,5 @@
+import javascript
+
+class Endpoint extends DataFlow::Node {
+  Endpoint() { this.asExpr().(VarAccess).getName() = "endpoint" }
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/test.js b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/test.js
new file mode 100644
index 00000000000..b7a42fd53b0
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/generic_feature_testing/test.js
@@ -0,0 +1,9 @@
+(function(){
+    f(endpoint);
+    f({p: endpoint})
+    f({p: {q: endpoint}})
+    o.m(endpoint);
+    o.m({p: endpoint})
+    o.m({p: {q: endpoint}})
+
+});
\ No newline at end of file