Consolidate all InlineFlowTest libraries in the dataflow qlpack

java/ql/test/TestUtilities/InlineExpectationsTest.qll

@@ -3,40 +3,6 @@
  * See `shared/util/codeql/util/test/InlineExpectationsTest.qll`
  */
 
-private import java as J
 private import codeql.util.test.InlineExpectationsTest
-
-private module Impl implements InlineExpectationsTestSig {
-  /**
-   * A class representing line comments in Java, which is simply Javadoc restricted
-   * to EOL comments, with an extra accessor used by the InlineExpectations core code
-   */
-  abstract class ExpectationComment extends J::Top {
-    /** Gets the contents of the given comment, _without_ the preceding comment marker (`//`). */
-    abstract string getContents();
-  }
-
-  private class JavadocExpectationComment extends J::Javadoc, ExpectationComment {
-    JavadocExpectationComment() { isEolComment(this) }
-
-    override string getContents() { result = this.getChild(0).toString() }
-  }
-
-  private class KtExpectationComment extends J::KtComment, ExpectationComment {
-    KtExpectationComment() { this.isEolComment() }
-
-    override string getContents() { result = this.getText().suffix(2).trim() }
-  }
-
-  private class XmlExpectationComment extends ExpectationComment instanceof J::XmlComment {
-    override string getContents() { result = super.getText().trim() }
-
-    override Location getLocation() { result = J::XmlComment.super.getLocation() }
-
-    override string toString() { result = J::XmlComment.super.toString() }
-  }
-
-  class Location = J::Location;
-}
-
+private import internal.InlineExpectationsTestImpl
 import Make<Impl>

java/ql/test/TestUtilities/InlineFlowTest.qll

@@ -1,119 +1,33 @@
 /**
- * Provides a simple base test for flow-related tests using inline expectations.
- *
- * Example for a test.ql:
- * ```ql
- * import java
- * import TestUtilities.InlineFlowTest
- * import DefaultFlowTest
- * import PathGraph
- *
- * from PathNode source, PathNode sink
- * where flowPath(source, sink)
- * select sink, source, sink, "$@", source, source.toString()
- * ```
- *
- * To declare expectations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files.
- * Example of the corresponding test file, e.g. Test.java
- * ```java
- * public class Test {
- *
- * 	Object source() { return null; }
- * 	String taint() { return null; }
- * 	void sink(Object o) { }
- *
- * 	public void test() {
- * 		Object s = source();
- * 		sink(s); // $ hasValueFlow
- * 		String t = "foo" + taint();
- * 		sink(t); // $ hasTaintFlow
- * 	}
- *
- * }
- * ```
- *
- * If you are only interested in value flow, then instead of importing `DefaultFlowTest`, you can import
- * `ValueFlowTest<DefaultFlowConfig>`. Similarly, if you are only interested in taint flow, then instead of
- * importing `DefaultFlowTest`, you can import `TaintFlowTest<DefaultFlowConfig>`. In both cases
- * `DefaultFlowConfig` can be replaced by another implementation of `DataFlow::ConfigSig`.
- *
- * If you need more fine-grained tuning, consider implementing a test using `InlineExpectationsTest`.
+ * Inline flow tests for Java.
+ * See `shared/util/codeql/dataflow/test/InlineFlowTest.qll`
  */
 
+import java
 import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.ExternalFlow
-import semmle.code.java.dataflow.TaintTracking
-import TestUtilities.InlineExpectationsTest
+private import codeql.dataflow.test.InlineFlowTest
+private import semmle.code.java.dataflow.internal.DataFlowImplSpecific
+private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific
+private import internal.InlineExpectationsTestImpl
 
-private predicate defaultSource(DataFlow::Node source) {
-  source.asExpr().(MethodAccess).getMethod().getName() = ["source", "taint"]
-}
-
-private predicate defaultSink(DataFlow::Node sink) {
-  exists(MethodAccess ma | ma.getMethod().hasName("sink") | sink.asExpr() = ma.getAnArgument())
-}
-
-module DefaultFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { defaultSource(source) }
-
-  predicate isSink(DataFlow::Node sink) { defaultSink(sink) }
-
-  int fieldFlowBranchLimit() { result = 1000 }
-}
-
-private module NoFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { none() }
-
-  predicate isSink(DataFlow::Node sink) { none() }
-}
-
-private string getSourceArgString(DataFlow::Node src) {
-  defaultSource(src) and
-  src.asExpr().(MethodAccess).getAnArgument().(StringLiteral).getValue() = result
-}
-
-module FlowTest<DataFlow::ConfigSig ValueFlowConfig, DataFlow::ConfigSig TaintFlowConfig> {
-  module ValueFlow = DataFlow::Global<ValueFlowConfig>;
-
-  module TaintFlow = TaintTracking::Global<TaintFlowConfig>;
-
-  private module InlineTest implements TestSig {
-    string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
-
-    predicate hasActualResult(Location location, string element, string tag, string value) {
-      tag = "hasValueFlow" and
-      exists(DataFlow::Node src, DataFlow::Node sink | ValueFlow::flow(src, sink) |
-        sink.getLocation() = location and
-        element = sink.toString() and
-        if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
-      )
-      or
-      tag = "hasTaintFlow" and
-      exists(DataFlow::Node src, DataFlow::Node sink |
-        TaintFlow::flow(src, sink) and not ValueFlow::flow(src, sink)
-      |
-        sink.getLocation() = location and
-        element = sink.toString() and
-        if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
-      )
-    }
+private module FlowTestImpl implements InputSig<JavaDataFlow> {
+  predicate defaultSource(DataFlow::Node source) {
+    source.asExpr().(MethodAccess).getMethod().getName() = ["source", "taint"]
   }
 
-  import MakeTest<InlineTest>
-  import DataFlow::MergePathGraph<ValueFlow::PathNode, TaintFlow::PathNode, ValueFlow::PathGraph, TaintFlow::PathGraph>
+  predicate defaultSink(DataFlow::Node sink) {
+    exists(MethodAccess ma | ma.getMethod().hasName("sink") | sink.asExpr() = ma.getAnArgument())
+  }
 
-  predicate flowPath(PathNode source, PathNode sink) {
-    ValueFlow::flowPath(source.asPathNode1(), sink.asPathNode1()) or
-    TaintFlow::flowPath(source.asPathNode2(), sink.asPathNode2())
+  private string getSourceArgString(DataFlow::Node src) {
+    defaultSource(src) and
+    src.asExpr().(MethodAccess).getAnArgument().(StringLiteral).getValue() = result
+  }
+
+  string getArgString(DataFlow::Node src, DataFlow::Node sink) {
+    (if exists(getSourceArgString(src)) then result = getSourceArgString(src) else result = "") and
+    exists(sink)
   }
 }
 
-module DefaultFlowTest = FlowTest<DefaultFlowConfig, DefaultFlowConfig>;
-
-module ValueFlowTest<DataFlow::ConfigSig ValueFlowConfig> {
-  import FlowTest<ValueFlowConfig, NoFlowConfig>
-}
-
-module TaintFlowTest<DataFlow::ConfigSig TaintFlowConfig> {
-  import FlowTest<NoFlowConfig, TaintFlowConfig>
-}
+import InlineFlowTestMake<JavaDataFlow, JavaTaintTracking, Impl, FlowTestImpl>

java/ql/test/TestUtilities/internal/InlineExpectationsTestImpl.qll

@@ -0,0 +1,35 @@
+private import java as J
+private import codeql.util.test.InlineExpectationsTest
+
+module Impl implements InlineExpectationsTestSig {
+  /**
+   * A class representing line comments in Java, which is simply Javadoc restricted
+   * to EOL comments, with an extra accessor used by the InlineExpectations core code
+   */
+  abstract class ExpectationComment extends J::Top {
+    /** Gets the contents of the given comment, _without_ the preceding comment marker (`//`). */
+    abstract string getContents();
+  }
+
+  private class JavadocExpectationComment extends J::Javadoc, ExpectationComment {
+    JavadocExpectationComment() { isEolComment(this) }
+
+    override string getContents() { result = this.getChild(0).toString() }
+  }
+
+  private class KtExpectationComment extends J::KtComment, ExpectationComment {
+    KtExpectationComment() { this.isEolComment() }
+
+    override string getContents() { result = this.getText().suffix(2).trim() }
+  }
+
+  private class XmlExpectationComment extends ExpectationComment instanceof J::XmlComment {
+    override string getContents() { result = super.getText().trim() }
+
+    override Location getLocation() { result = J::XmlComment.super.getLocation() }
+
+    override string toString() { result = J::XmlComment.super.toString() }
+  }
+
+  class Location = J::Location;
+}

java/ql/test/ext/TestModels/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/kotlin/library-tests/dataflow/summaries/test.expected

@@ -1,5 +1,3 @@
-failures
-testFailures
 | test.kt:28:14:28:21 | getSecond(...) | Unexpected result: hasTaintFlow=a |
 | test.kt:35:14:35:27 | component1(...) | Unexpected result: hasTaintFlow=d |
 | test.kt:41:14:41:22 | getSecond(...) | Unexpected result: hasTaintFlow=e |

java/ql/test/library-tests/dataflow/callctx/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/dataflow/capture/inlinetest.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/dataflow/collections/containerflow.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/dataflow/field-value/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/dataflow/fluent-methods/flow.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/dataflow/stream-collect/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/dataflow/stream-read/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/dataflow/synth-global/test.expected

@@ -1,3 +1,2 @@
-failures
 testFailures
 invalidModelRow

java/ql/test/library-tests/dataflow/synth-global/test.ql

@@ -1,4 +1,5 @@
 import java
+import semmle.code.java.dataflow.ExternalFlow
 import TestUtilities.InlineFlowTest
 import DefaultFlowTest
 import ModelValidation

java/ql/test/library-tests/dataflow/taint-format/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/dataflow/taint-gson/dataFlow.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/dataflow/taint-jackson/dataFlow.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/android/asynctask/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/android/content-provider/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/android/external-storage/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/android/flow-steps/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/android/intent/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/android/notification/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/android/slice/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/android/uri/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/android/widget/test.expected

@@ -1,3 +1,2 @@
-failures
 testFailures
 valueOf

java/ql/test/library-tests/frameworks/apache-ant/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/apache-collections/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/apache-commons-compress/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/apache-commons-lang3/flow.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/apache-http/flow.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/gson/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/guava/generated/cache/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/guava/generated/collect/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/hudson/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/jackson/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/javax-json/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/jdk/java.io/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/jdk/java.net/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/jdk/java.nio.file/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/json-java/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/netty/generated/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/netty/manual/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/okhttp/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/okhttp/test.ql

@@ -1,5 +1,6 @@
 import java
 import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.dataflow.ExternalFlow
 import TestUtilities.InlineFlowTest
 
 module OkHttpFlowConfig implements DataFlow::ConfigSig {

java/ql/test/library-tests/frameworks/play/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/ratpack/flow.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/retrofit/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/retrofit/test.ql

@@ -1,5 +1,6 @@
 import java
 import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.dataflow.ExternalFlow
 import TestUtilities.InlineFlowTest
 
 module FlowConfig implements DataFlow::ConfigSig {

java/ql/test/library-tests/frameworks/spring/beans/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/spring/cache/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/spring/context/flow.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/spring/controller/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/spring/data/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/spring/http/flow.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/spring/ui/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/spring/util/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/spring/validation/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/spring/webmultipart/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/spring/webutil/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/stapler/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/stream/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/frameworks/thymeleaf/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/logging/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/optional/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/paths/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/pathsanitizer/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/regex/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/library-tests/scanner/test.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/query-tests/security/CWE-117/LogInjectionTest.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/query-tests/security/CWE-266/IntentUriPermissionManipulationTest.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/query-tests/security/CWE-470/FragmentInjectionTest.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/query-tests/security/CWE-489/webview-debugging/WebviewDebuggingEnabled.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.expected

@@ -1,2 +0,0 @@
-failures
-testFailures

java/ql/test/query-tests/security/CWE-611/XXE.expected

@@ -1,2 +0,0 @@
-failures
-testFailures