Shared: Add support for provenance pretty-printing as a qltest postprocess step.

java/ql/test/TestUtilities/PrettyPrintModels.ql

@@ -0,0 +1,18 @@
+/**
+ * @kind test-postprocess
+ */
+
+import codeql.dataflow.test.ProvenancePathGraph
+import semmle.code.java.dataflow.ExternalFlow
+
+external predicate queryResults(string relation, int row, int column, string data);
+
+external predicate queryRelations(string relation);
+
+query predicate resultRelations(string relation) { queryRelations(relation) }
+
+module Res = TranslateProvenanceResults<interpretModelForTest/2, queryResults/4>;
+
+from string relation, int row, int column, string data
+where Res::results(relation, row, column, data)
+select relation, row, column, data

java/ql/test/query-tests/security/CWE-078/ExecTainted.expected

@@ -1,23 +1,33 @@
+#select
+| Test.java:7:44:7:69 | ... + ... | Test.java:57:27:57:39 | args : String[] | Test.java:7:25:7:70 | new ..[] { .. } | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value |
+| Test.java:10:29:10:74 | new String[] | Test.java:57:27:57:39 | args : String[] | Test.java:10:29:10:74 | new String[] | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value |
+| Test.java:18:29:18:31 | cmd | Test.java:57:27:57:39 | args : String[] | Test.java:18:29:18:31 | cmd | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value |
+| Test.java:24:29:24:32 | cmd1 | Test.java:57:27:57:39 | args : String[] | Test.java:24:29:24:32 | cmd1 | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value |
+| Test.java:29:44:29:64 | ... + ... | Test.java:57:27:57:39 | args : String[] | Test.java:29:25:29:65 | new ..[] { .. } | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value |
 edges
 | Test.java:6:35:6:44 | arg : String | Test.java:7:44:7:69 | ... + ... : String | provenance |  |
 | Test.java:6:35:6:44 | arg : String | Test.java:10:61:10:73 | ... + ... : String | provenance |  |
 | Test.java:6:35:6:44 | arg : String | Test.java:16:13:16:25 | ... + ... : String | provenance |  |
 | Test.java:6:35:6:44 | arg : String | Test.java:22:15:22:27 | ... + ... : String | provenance |  |
-| Test.java:7:25:7:70 | new ..[] { .. } : String[] [[]] : String | Test.java:7:25:7:70 | new ..[] { .. } | provenance |  Sink:MaD:42682 |
+| Test.java:7:25:7:70 | new ..[] { .. } : String[] [[]] : String | Test.java:7:25:7:70 | new ..[] { .. } | provenance |  Sink:MaD:2 |
 | Test.java:7:44:7:69 | ... + ... : String | Test.java:7:25:7:70 | new ..[] { .. } : String[] [[]] : String | provenance |  |
-| Test.java:10:29:10:74 | {...} : String[] [[]] : String | Test.java:10:29:10:74 | new String[] | provenance |  Sink:MaD:42682 |
+| Test.java:10:29:10:74 | {...} : String[] [[]] : String | Test.java:10:29:10:74 | new String[] | provenance |  Sink:MaD:2 |
 | Test.java:10:61:10:73 | ... + ... : String | Test.java:10:29:10:74 | {...} : String[] [[]] : String | provenance |  |
-| Test.java:16:5:16:7 | cmd [post update] : ArrayList [<element>] : String | Test.java:18:29:18:31 | cmd | provenance |  Sink:MaD:42681 |
-| Test.java:16:13:16:25 | ... + ... : String | Test.java:16:5:16:7 | cmd [post update] : ArrayList [<element>] : String | provenance | MaD:43744 |
-| Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String | Test.java:24:29:24:32 | cmd1 | provenance |  Sink:MaD:42682 |
+| Test.java:16:5:16:7 | cmd [post update] : ArrayList [<element>] : String | Test.java:18:29:18:31 | cmd | provenance |  Sink:MaD:1 |
+| Test.java:16:13:16:25 | ... + ... : String | Test.java:16:5:16:7 | cmd [post update] : ArrayList [<element>] : String | provenance | MaD:3 |
+| Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String | Test.java:24:29:24:32 | cmd1 | provenance |  Sink:MaD:2 |
 | Test.java:22:15:22:27 | ... + ... : String | Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String | provenance |  |
 | Test.java:28:38:28:47 | arg : String | Test.java:29:44:29:64 | ... + ... : String | provenance |  |
-| Test.java:29:25:29:65 | new ..[] { .. } : String[] [[]] : String | Test.java:29:25:29:65 | new ..[] { .. } | provenance |  Sink:MaD:42682 |
+| Test.java:29:25:29:65 | new ..[] { .. } : String[] [[]] : String | Test.java:29:25:29:65 | new ..[] { .. } | provenance |  Sink:MaD:2 |
 | Test.java:29:44:29:64 | ... + ... : String | Test.java:29:25:29:65 | new ..[] { .. } : String[] [[]] : String | provenance |  |
 | Test.java:57:27:57:39 | args : String[] | Test.java:60:20:60:22 | arg : String | provenance |  |
 | Test.java:57:27:57:39 | args : String[] | Test.java:61:23:61:25 | arg : String | provenance |  |
 | Test.java:60:20:60:22 | arg : String | Test.java:6:35:6:44 | arg : String | provenance |  |
 | Test.java:61:23:61:25 | arg : String | Test.java:28:38:28:47 | arg : String | provenance |  |
+models
+| 1 | Sink: java.lang; ProcessBuilder; false; ProcessBuilder; (List); ; Argument[0]; command-injection; ai-manual |
+| 2 | Sink: java.lang; ProcessBuilder; false; ProcessBuilder; (String[]); ; Argument[0]; command-injection; ai-manual |
+| 3 | Summary: java.util; Collection; true; add; ; ; Argument[0]; Argument[this].Element; value; manual |
 nodes
 | Test.java:6:35:6:44 | arg : String | semmle.label | arg : String |
 | Test.java:7:25:7:70 | new ..[] { .. } | semmle.label | new ..[] { .. } |
@@ -40,9 +50,3 @@ nodes
 | Test.java:60:20:60:22 | arg : String | semmle.label | arg : String |
 | Test.java:61:23:61:25 | arg : String | semmle.label | arg : String |
 subpaths
-#select
-| Test.java:7:44:7:69 | ... + ... | Test.java:57:27:57:39 | args : String[] | Test.java:7:25:7:70 | new ..[] { .. } | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value |
-| Test.java:10:29:10:74 | new String[] | Test.java:57:27:57:39 | args : String[] | Test.java:10:29:10:74 | new String[] | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value |
-| Test.java:18:29:18:31 | cmd | Test.java:57:27:57:39 | args : String[] | Test.java:18:29:18:31 | cmd | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value |
-| Test.java:24:29:24:32 | cmd1 | Test.java:57:27:57:39 | args : String[] | Test.java:24:29:24:32 | cmd1 | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value |
-| Test.java:29:44:29:64 | ... + ... | Test.java:57:27:57:39 | args : String[] | Test.java:29:25:29:65 | new ..[] { .. } | This command line depends on a $@. | Test.java:57:27:57:39 | args | user-provided value |

java/ql/test/query-tests/security/CWE-078/ExecTainted.qlref

@@ -1 +1,2 @@
-Security/CWE/CWE-078/ExecTainted.ql
+query: Security/CWE/CWE-078/ExecTainted.ql
+postprocess: TestUtilities/PrettyPrintModels.ql

java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.ql

@@ -1,14 +0,0 @@
-/**
- * @kind path-problem
- */
-
-import java
-import semmle.code.java.security.HttpsUrlsQuery
-import codeql.dataflow.test.ProvenancePathGraph
-import semmle.code.java.dataflow.ExternalFlow
-import ShowProvenance<interpretModelForTest/2, HttpStringToUrlOpenMethodFlow::PathNode, HttpStringToUrlOpenMethodFlow::PathGraph>
-
-from HttpStringToUrlOpenMethodFlow::PathNode source, HttpStringToUrlOpenMethodFlow::PathNode sink
-where HttpStringToUrlOpenMethodFlow::flowPath(source, sink)
-select sink.getNode(), source, sink, "URL may have been constructed with HTTP protocol, using $@.",
-  source.getNode(), "this HTTP URL"

java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.qlref

@@ -0,0 +1,2 @@
+query: Security/CWE/CWE-319/HttpsUrls.ql
+postprocess: TestUtilities/PrettyPrintModels.ql