Java: convert WebviewDebuggingEnabled test to .qlref

2026-04-27 01:35:13 +02:00 · 2025-06-23 17:09:58 +02:00
parent 192f45ed2b
commit c4b0955045
4 changed files with 21 additions and 9 deletions
--- a/java/ql/test/query-tests/security/CWE-489/webview-debugging/Test.java
+++ b/java/ql/test/query-tests/security/CWE-489/webview-debugging/Test.java
@@ -4,20 +4,20 @@ class Test {
    boolean DEBUG_BUILD;

    void test1() {
-        WebView.setWebContentsDebuggingEnabled(true); // $hasValueFlow
+        WebView.setWebContentsDebuggingEnabled(true); // $ Alert
    }

    void test2(){
        if (DEBUG_BUILD) {
-            WebView.setWebContentsDebuggingEnabled(true); 
+            WebView.setWebContentsDebuggingEnabled(true);
        }
    }

    void test3(boolean enabled){
-        WebView.setWebContentsDebuggingEnabled(enabled); // $hasValueFlow
+        WebView.setWebContentsDebuggingEnabled(enabled); // $ Alert
    }

    void test4(){
-        test3(true);
+        test3(true); // $ Source
    }
-}
+}
--- a/java/ql/test/query-tests/security/CWE-489/webview-debugging/WebviewDebuggingEnabled.expected
+++ b/java/ql/test/query-tests/security/CWE-489/webview-debugging/WebviewDebuggingEnabled.expected
@@ -0,0 +1,12 @@
+#select
+| Test.java:7:48:7:51 | true | Test.java:7:48:7:51 | true | Test.java:7:48:7:51 | true | Webview debugging is enabled. |
+| Test.java:17:48:17:54 | enabled | Test.java:21:15:21:18 | true : Boolean | Test.java:17:48:17:54 | enabled | Webview debugging is enabled. |
+edges
+| Test.java:16:16:16:30 | enabled : Boolean | Test.java:17:48:17:54 | enabled | provenance |  |
+| Test.java:21:15:21:18 | true : Boolean | Test.java:16:16:16:30 | enabled : Boolean | provenance |  |
+nodes
+| Test.java:7:48:7:51 | true | semmle.label | true |
+| Test.java:16:16:16:30 | enabled : Boolean | semmle.label | enabled : Boolean |
+| Test.java:17:48:17:54 | enabled | semmle.label | enabled |
+| Test.java:21:15:21:18 | true : Boolean | semmle.label | true : Boolean |
+subpaths
--- a/java/ql/test/query-tests/security/CWE-489/webview-debugging/WebviewDebuggingEnabled.ql
+++ b/java/ql/test/query-tests/security/CWE-489/webview-debugging/WebviewDebuggingEnabled.ql
@@ -1,4 +0,0 @@
-import java
-import utils.test.InlineFlowTest
-import semmle.code.java.security.WebviewDebuggingEnabledQuery
-import ValueFlowTest<WebviewDebugEnabledConfig>
--- a/java/ql/test/query-tests/security/CWE-489/webview-debugging/WebviewDebuggingEnabled.qlref
+++ b/java/ql/test/query-tests/security/CWE-489/webview-debugging/WebviewDebuggingEnabled.qlref
@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql