Add flow-through test case generator

java/ql/src/utils/GenerateFlowTestCase.py

@@ -31,7 +31,7 @@ if os.path.exists(resultJava) or os.path.exists(resultQl):
 
 workDir = tempfile.mkdtemp()
 
-# Step 1: make a database that touches all types whose methods we want to test:
+# Make a database that touches all types whose methods we want to test:
 print("Creating Maven project")
 projectDir = os.path.join(workDir, "mavenProject")
 os.makedirs(projectDir)
@@ -138,6 +138,10 @@ with open(resultQl, "w") as f:
   with open(os.path.join(scriptPath, "testFooter.qlfrag"), "r") as header:
     shutil.copyfileobj(header, f)
 
+# Make an empty .expected file, since this is an inline-exectations test
+with open(os.path.join(sys.argv[3], "test.expected")):
+  pass
+
 cmd = ['codeql', 'query', 'format', '-qq', '-i', resultQl]
 subprocess.call(cmd)
 

java/ql/src/utils/GenerateFlowTestCase.qll

@@ -2,11 +2,12 @@ import java
 import semmle.code.java.dataflow.internal.DataFlowPrivate
 import semmle.code.java.dataflow.ExternalFlow
 import semmle.code.java.dataflow.FlowSummary
+import semmle.code.java.dataflow.internal.FlowSummaryImpl
 
 bindingset[this]
 abstract class CsvRow extends string { }
 
-Type getParameterType(SummarizedCallableExternal callable, int i) {
+Type getParameterType(Private::External::SummarizedCallableExternal callable, int i) {
   if i = -1 then result = callable.getDeclaringType() else result = callable.getParameterType(i)
 }
 
@@ -66,7 +67,7 @@ Type getRootSourceDeclaration(Type t) {
 
 newtype TRowTestSnippet =
   MkSnippet(
-    CsvRow row, SummarizedCallableExternal callable, SummaryComponentStack input,
+    CsvRow row, Private::External::SummarizedCallableExternal callable, SummaryComponentStack input,
     SummaryComponentStack output, boolean preservesValue
   ) {
     callable.propagatesFlowForRow(input, output, preservesValue, row)
@@ -74,7 +75,7 @@ newtype TRowTestSnippet =
 
 class RowTestSnippet extends TRowTestSnippet {
   string row;
-  SummarizedCallableExternal callable;
+  Private::External::SummarizedCallableExternal callable;
   SummaryComponentStack input;
   SummaryComponentStack output;
   SummaryComponentStack baseInput;
@@ -122,7 +123,10 @@ class RowTestSnippet extends TRowTestSnippet {
     // new Type(filler, in, out, filler);
     exists(string storePrefix, string invokePrefix, string args |
       (
-        if baseOutput = SummaryComponentStack::return()
+        if
+          baseOutput = SummaryComponentStack::return()
+          or
+          callable instanceof Constructor and baseOutput = SummaryComponentStack::argument(-1)
         then storePrefix = "out = "
         else storePrefix = ""
       ) and
@@ -213,7 +217,7 @@ class RowTestSnippet extends TRowTestSnippet {
 
   string getASupportMethodModel() {
     exists(SummaryComponent c, string contentSsvDescription |
-      c = input.drop(_).head() and c = interpretComponent(contentSsvDescription)
+      c = input.drop(_).head() and c = Private::External::interpretComponent(contentSsvDescription)
     |
       result =
         "generatedtest;Test;false;newWith" + contentToken(getContent(c)) + ";;;Argument[0];" +
@@ -221,7 +225,7 @@ class RowTestSnippet extends TRowTestSnippet {
     )
     or
     exists(SummaryComponent c, string contentSsvDescription |
-      c = output.drop(_).head() and c = interpretComponent(contentSsvDescription)
+      c = output.drop(_).head() and c = Private::External::interpretComponent(contentSsvDescription)
     |
       result =
         "generatedtest;Test;false;get" + contentToken(getContent(c)) + ";;;" + contentSsvDescription

java/ql/src/utils/testFooter.qlfrag

@@ -32,7 +32,7 @@ class HasFlowTest extends InlineExpectationsTest {
     )
     or
     tag = "hasTaintFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf | conf.hasFlow(src, sink) |
+    exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf | conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""