JS: Add support for RelatedLocation tags

2026-04-26 17:25:19 +02:00 · 2025-02-18 15:48:54 +01:00
parent d94dc5aa40
commit e2fe74ccd6
1 changed files with 37 additions and 12 deletions
--- a/shared/util/codeql/util/test/InlineExpectationsTest.qll
+++ b/shared/util/codeql/util/test/InlineExpectationsTest.qll
@@ -779,22 +779,33 @@ module TestPostProcessing {
      )
    }

-    private string getTagRegex() {
-      exists(string sourceSinkTags |
-        (
-          getQueryKind() = "problem"
-          or
-          not exists(getSourceTag(_)) and
-          not exists(getSinkTag(_))
-        ) and
-        sourceSinkTags = ""
-        or
-        sourceSinkTags = "|" + getSourceTag(_) + "|" + getSinkTag(_)
+    bindingset[x, y]
+    private int exactDivide(int x, int y) { x % y = 0 and result = x / y }
+
+    /** Gets the `n`th related location selected in `row`. */
+    private TestLocation getRelatedLocation(int row, int n, string element) {
+      n >= 0 and
+      exists(int column |
+        mainQueryResult(row, column, result) and
+        queryResults(mainResultSet(), row, column + 1, element)
      |
-        result = "(Alert" + sourceSinkTags + ")(\\[(.*)\\])?"
+        getQueryKind() = "path-problem" and
+        n = exactDivide(column - 8, 3)
+        or
+        getQueryKind() = "problem" and
+        n = exactDivide(column - 3, 3)
      )
    }

+    private string getAnActiveTag() {
+      result = ["Alert", "RelatedLocation"]
+      or
+      getQueryKind() = "path-problem" and
+      result = ["Source", "Sink"]
+    }
+
+    private string getTagRegex() { result = "(" + concat(getAnActiveTag(), "|") + ")(\\[(.*)\\])?" }
+
    /**
     * A configuration for matching `// $ Source=foo` comments against actual
     * path-problem sources.
@@ -878,6 +889,18 @@ module TestPostProcessing {
        not hasPathProblemSink(row, location, _, _)
      }

+      private predicate hasRelatedLocation(
+        int row, TestLocation location, string element, string tag
+      ) {
+        getQueryKind() = ["problem", "path-problem"] and
+        location = getRelatedLocation(row, _, element) and
+        hasExpectationWithValue("RelatedLocation", _) and
+        tag = "RelatedLocation" and
+        not hasAlert(row, location, _, _) and
+        not hasPathProblemSource(row, location, _, _, _) and
+        not hasPathProblemSink(row, location, _, _)
+      }
+
      /**
       * Gets the expected value for result row `row`, if any. This value must
       * match the value at the corresponding path-problem source (if it is
@@ -899,6 +922,8 @@ module TestPostProcessing {
          hasPathProblemSink(row, location, element, tag)
          or
          hasAlert(row, location, element, tag)
+          or
+          hasRelatedLocation(row, location, element, tag)
        |
          not exists(getValue(row)) and value = ""
          or