mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
Add query suite tests for swift with shared logic
This commit is contained in:
Tamas Vajk
@@ -1,29 +1,23 @@
|
||||
import os
|
||||
import runs_on
|
||||
import pytest
|
||||
import sys
|
||||
|
||||
def get_test_module(semmle_code_dir):
|
||||
import importlib.util
|
||||
spec = importlib.util.spec_from_file_location('test-module', semmle_code_dir / 'ql' / 'misc' / 'pytest' / 'lib' / 'query-suite-test.py')
|
||||
mod = importlib.util.module_from_spec(spec)
|
||||
sys.modules["test-module"] = mod
|
||||
spec.loader.exec_module(mod)
|
||||
return mod
|
||||
|
||||
well_known_query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls']
|
||||
|
||||
@runs_on.posix
|
||||
@pytest.mark.parametrize("query_suite", well_known_query_suites)
|
||||
def test(codeql, java, cwd, expected_files, semmle_code_dir, query_suite):
|
||||
actual = codeql.resolve.queries(query_suite, _capture=True).strip()
|
||||
actual = sorted(actual.splitlines())
|
||||
actual = [os.path.relpath(q, semmle_code_dir) for q in actual]
|
||||
actual_file_name = query_suite + '.actual'
|
||||
expected_files.add(actual_file_name)
|
||||
(cwd / actual_file_name).write_text('\n'.join(actual)+'\n')
|
||||
get_test_module(semmle_code_dir).test(codeql, cwd, expected_files, semmle_code_dir, query_suite)
|
||||
|
||||
|
||||
@runs_on.posix
|
||||
def test_not_included_queries(codeql, java, cwd, expected_files, semmle_code_dir):
|
||||
all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / 'java' / 'ql' / 'src', _capture=True).strip().splitlines()
|
||||
|
||||
included_in_qls = set()
|
||||
for query_suite in well_known_query_suites:
|
||||
included_in_qls |= set(codeql.resolve.queries(query_suite, _capture=True).strip().splitlines())
|
||||
|
||||
not_included = sorted(set(all_queries) - included_in_qls)
|
||||
not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included]
|
||||
not_included_file_name = 'not_included_in_qls.actual'
|
||||
expected_files.add(not_included_file_name)
|
||||
(cwd / not_included_file_name).write_text('\n'.join(not_included)+'\n')
|
||||
get_test_module(semmle_code_dir).test_not_included_queries(codeql, 'java', cwd, expected_files, semmle_code_dir, well_known_query_suites)
|
||||
|
||||
23
misc/pytest/lib/query-suite-test.py
Normal file
23
misc/pytest/lib/query-suite-test.py
Normal file
@@ -0,0 +1,23 @@
|
||||
|
||||
import os
|
||||
|
||||
def test(codeql, cwd, expected_files, semmle_code_dir, query_suite):
|
||||
actual = codeql.resolve.queries(query_suite, _capture=True).strip()
|
||||
actual = sorted(actual.splitlines())
|
||||
actual = [os.path.relpath(q, semmle_code_dir) for q in actual]
|
||||
actual_file_name = query_suite + '.actual'
|
||||
expected_files.add(actual_file_name)
|
||||
(cwd / actual_file_name).write_text('\n'.join(actual)+'\n')
|
||||
|
||||
def test_not_included_queries(codeql, lang_folder_name, cwd, expected_files, semmle_code_dir, query_suites):
|
||||
all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / lang_folder_name / 'ql' / 'src', _capture=True).strip().splitlines()
|
||||
|
||||
included_in_qls = set()
|
||||
for query_suite in query_suites:
|
||||
included_in_qls |= set(codeql.resolve.queries(query_suite, _capture=True).strip().splitlines())
|
||||
|
||||
not_included = sorted(set(all_queries) - included_in_qls)
|
||||
not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included]
|
||||
not_included_file_name = 'not_included_in_qls.actual'
|
||||
expected_files.add(not_included_file_name)
|
||||
(cwd / not_included_file_name).write_text('\n'.join(not_included)+'\n')
|
||||
@@ -0,0 +1,9 @@
|
||||
ql/swift/ql/src/AlertSuppression.ql
|
||||
ql/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.ql
|
||||
ql/swift/ql/src/queries/Summary/FlowSources.ql
|
||||
ql/swift/ql/src/queries/Summary/QuerySinks.ql
|
||||
ql/swift/ql/src/queries/Summary/RegexEvals.ql
|
||||
ql/swift/ql/src/queries/Summary/SensitiveExprs.ql
|
||||
ql/swift/ql/src/queries/Summary/SummaryStats.ql
|
||||
ql/swift/ql/src/queries/Summary/TaintReach.ql
|
||||
ql/swift/ql/src/queries/ide-contextual-queries/printAst.ql
|
||||
@@ -0,0 +1 @@
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
ql/swift/ql/src/diagnostics/ExtractedFiles.ql
|
||||
ql/swift/ql/src/diagnostics/SuccessfullyExtractedLines.ql
|
||||
ql/swift/ql/src/diagnostics/internal/AstNodes.ql
|
||||
ql/swift/ql/src/diagnostics/internal/ExtractionErrors.ql
|
||||
ql/swift/ql/src/diagnostics/internal/UnresolvedAstNodes.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/MissingRegexAnchor.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-022/PathInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-116/BadTagFilter.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1333/ReDoS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-327/ECBEncryption.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-611/XXE.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-730/RegexInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-943/PredicateInjection.ql
|
||||
@@ -0,0 +1,32 @@
|
||||
ql/swift/ql/src/diagnostics/ExtractedFiles.ql
|
||||
ql/swift/ql/src/diagnostics/SuccessfullyExtractedLines.ql
|
||||
ql/swift/ql/src/diagnostics/internal/AstNodes.ql
|
||||
ql/swift/ql/src/diagnostics/internal/ExtractionErrors.ql
|
||||
ql/swift/ql/src/diagnostics/internal/UnresolvedAstNodes.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/MissingRegexAnchor.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-022/PathInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-116/BadTagFilter.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1333/ReDoS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-327/ECBEncryption.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-611/XXE.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-730/RegexInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-943/PredicateInjection.ql
|
||||
@@ -0,0 +1,32 @@
|
||||
ql/swift/ql/src/diagnostics/ExtractedFiles.ql
|
||||
ql/swift/ql/src/diagnostics/SuccessfullyExtractedLines.ql
|
||||
ql/swift/ql/src/diagnostics/internal/AstNodes.ql
|
||||
ql/swift/ql/src/diagnostics/internal/ExtractionErrors.ql
|
||||
ql/swift/ql/src/diagnostics/internal/UnresolvedAstNodes.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/MissingRegexAnchor.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-022/PathInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-116/BadTagFilter.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1333/ReDoS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-327/ECBEncryption.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-611/XXE.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-730/RegexInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-943/PredicateInjection.ql
|
||||
23
swift/ql/integration-tests/posix/query-suite/test.py
Normal file
23
swift/ql/integration-tests/posix/query-suite/test.py
Normal file
@@ -0,0 +1,23 @@
|
||||
import runs_on
|
||||
import pytest
|
||||
import sys
|
||||
|
||||
def get_test_module(semmle_code_dir):
|
||||
import importlib.util
|
||||
spec = importlib.util.spec_from_file_location('test-module', semmle_code_dir / 'ql' / 'misc' / 'pytest' / 'lib' / 'query-suite-test.py')
|
||||
mod = importlib.util.module_from_spec(spec)
|
||||
sys.modules["test-module"] = mod
|
||||
spec.loader.exec_module(mod)
|
||||
return mod
|
||||
|
||||
|
||||
well_known_query_suites = ['swift-code-quality.qls', 'swift-security-and-quality.qls', 'swift-security-extended.qls', 'swift-code-scanning.qls']
|
||||
|
||||
@runs_on.posix
|
||||
@pytest.mark.parametrize("query_suite", well_known_query_suites)
|
||||
def test(codeql, swift, cwd, expected_files, semmle_code_dir, query_suite):
|
||||
get_test_module(semmle_code_dir).test(codeql, cwd, expected_files, semmle_code_dir, query_suite)
|
||||
|
||||
@runs_on.posix
|
||||
def test_not_included_queries(codeql, swift, cwd, expected_files, semmle_code_dir):
|
||||
get_test_module(semmle_code_dir).test_not_included_queries(codeql, 'swift', cwd, expected_files, semmle_code_dir, well_known_query_suites)
|
||||
Reference in New Issue
Block a user