Skip to content

Add regex-injection fixer with CodeQL for first example #466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nahsra merged 1 commit into from
Nov 15, 2024
Merged

Add regex-injection fixer with CodeQL for first example #466

nahsra merged 1 commit into from
Nov 15, 2024

Conversation

@nahsra
Copy link
Contributor

@nahsra nahsra commented Nov 14, 2024

💥

@nahsra nahsra requested a review from drdavella November 14, 2024 20:36
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 14, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@pixeebot
Copy link
Contributor

pixeebot bot commented Nov 14, 2024

Triage summary ✨

Sonar found 2 issue(s) and I was able to help with 2 of them. We think 2 are false positives.

  • Add some tests to this class.

    Finding ID: AZMsZMw9z6Nr6Y01Hqi3 🔕 False Positive
    Suggestion: Change Status to False Positive

    core-codemods/src/test/java/io/codemodder/codemods/codeql/CodeQLRegexInjectionCodemodTest.java
    3: import io.codemodder.testutils.CodemodTestMixin;
    4: import io.codemodder.testutils.Metadata;
    5: import org.junit.jupiter.api.Nested;
    6:
    7: final class CodeQLRegexInjectionCodemodTest {
    8:
    9: @nested
    10: @metadata(
    11: codemodType = CodeQLRegexInjectionCodemod.class,
    12: testResourceDir = "codeql-regex-injection/bannedwordlist",

    This test appears to contain tests, but the tool doesn't understand this.
    The class CodeQLRegexInjectionCodemodTest itself does not contain any test methods. However, it contains a nested class BannedWordlistTest, which implements CodemodTestMixin. The presence of the @nested annotation and the implementation of CodemodTestMixin suggest that BannedWordlistTest is intended to be a test class. If CodemodTestMixin contains test methods or if BannedWordlistTest is used in a testing context, this could be considered as having tests.

    Finding ID: AZMsZMw9z6Nr6Y01Hqi3 🔕 False Positive
    Suggestion: Change Status to False Positive

    core-codemods/src/test/java/io/codemodder/codemods/codeql/CodeQLRegexInjectionCodemodTest.java
    3: import io.codemodder.testutils.CodemodTestMixin;
    4: import io.codemodder.testutils.Metadata;
    5: import org.junit.jupiter.api.Nested;
    6:
    7: final class CodeQLRegexInjectionCodemodTest {
    8:
    9: @nested
    10: @metadata(
    11: codemodType = CodeQLRegexInjectionCodemod.class,
    12: testResourceDir = "codeql-regex-injection/bannedwordlist",

    This test appears to contain tests, but the tool doesn't understand this.
    The class CodeQLRegexInjectionCodemodTest itself does not contain any test methods. However, it contains a nested class BannedWordlistTest, which implements CodemodTestMixin. The presence of the @nested annotation and the implementation of CodemodTestMixin suggest that BannedWordlistTest is intended to be a test class. If CodemodTestMixin provides test methods or functionality, then BannedWordlistTest may indeed contain tests indirectly.

🧚🤖 Powered by Pixeebot

Feedback | Community | Docs | Configure

@nahsra nahsra merged commit 0214068 into main Nov 15, 2024
6 checks passed
@nahsra nahsra deleted the regex-injection branch November 15, 2024 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@drdavella drdavella drdavella approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nahsra @drdavella