java inline expectations prototype with tests

2026-05-27 17:41:24 +02:00 · 2024-06-26 15:27:59 +01:00
parent 3ae4cb2f9d
commit 65655db77b
44 changed files with 318 additions and 0 deletions
--- a/java/ql/test/query-tests/Postprocessing/passingWithDiff/OverlyLargeRangeQuery.expected
+++ b/java/ql/test/query-tests/Postprocessing/passingWithDiff/OverlyLargeRangeQuery.expected
@@ -0,0 +1,2 @@
+| SuspiciousRegexpRange.java:11 | expected alert | NOT OK |
+| SuspiciousRegexpRange.java:7:49:7:51 | unexpected alert | Suspicious character range that overlaps with A-Z in the same character class, and is equivalent to [A-Z\\[\\\\\\]^_`a-z]. |
--- a/java/ql/test/query-tests/Postprocessing/passingWithDiff/OverlyLargeRangeQuery.qlref
+++ b/java/ql/test/query-tests/Postprocessing/passingWithDiff/OverlyLargeRangeQuery.qlref
@@ -0,0 +1,2 @@
+query: Security/CWE/CWE-020/OverlyLargeRange.ql
+postprocess: TestUtilities/JavaInlineExpectations.ql
--- a/java/ql/test/query-tests/Postprocessing/passingWithDiff/SuspiciousRegexpRange.java
+++ b/java/ql/test/query-tests/Postprocessing/passingWithDiff/SuspiciousRegexpRange.java
@@ -0,0 +1,37 @@
+import java.util.regex.Pattern;
+
+class SuspiciousRegexpRange {
+    void test() {
+        Pattern overlap1 = Pattern.compile("^[0-93-5]*$"); // NOT OK
+
+        Pattern overlap2 = Pattern.compile("[A-ZA-z]*"); // OK
+
+        Pattern isEmpty = Pattern.compile("^[z-a]*$"); // NOT OK
+
+        Pattern isAscii = Pattern.compile("^[\\x00-\\x7F]*$"); // NOT OK
+
+        Pattern printable = Pattern.compile("[!-~]*"); // OK - used to select most printable ASCII characters
+
+        Pattern codePoints = Pattern.compile("[^\\x21-\\x7E]|[[\\](){}<>/%]*"); // OK
+
+        Pattern NON_ALPHANUMERIC_REGEXP = Pattern.compile("([^\\#-~| |!])*"); // OK
+
+        Pattern smallOverlap = Pattern.compile("[0-9a-fA-f]*"); // NOT OK
+
+        Pattern weirdRange = Pattern.compile("[$-`]*"); // NOT OK
+
+        Pattern keywordOperator = Pattern.compile("[!\\~\\*\\/%+-<>\\^|=&]*"); // NOT OK
+
+        Pattern notYoutube = Pattern.compile("youtu.be/[a-z1-9.-_]+"); // NOT OK
+
+        Pattern numberToLetter = Pattern.compile("[7-F]*"); // NOT OK
+
+        Pattern overlapsWithClass1 = Pattern.compile("[0-9\\d]*"); // NOT OK
+
+        Pattern overlapsWithClass2 = Pattern.compile("[\\w,.-?:*+]*"); // NOT OK
+
+        Pattern nested = Pattern.compile("[[A-Za-z_][A-Za-z0-9._-]]*"); // OK, the dash it at the end
+
+        Pattern octal = Pattern.compile("[\000-\037\040-\045]*"); // OK
+    }
+}