Skip to content

Convert selected Python qlref tests to inline expectations#21967

Open
Copilot wants to merge 2 commits into
mainfrom
copilot/conversion-of-codeql-queries
Open

Convert selected Python qlref tests to inline expectations#21967
Copilot wants to merge 2 commits into
mainfrom
copilot/conversion-of-codeql-queries

Conversation

Copilot AI commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This updates the Python qlref-to-inline-expectation migration by converting a focused set of standard problem and path-problem tests that can be represented cleanly without changing test semantics. The converted cases cover exception queries, overriding-signature queries, and the local threat-model SQL injection test.

  • Converted standard Python query tests

    • Added postprocess: utils/test/InlineExpectationsTestQuery.ql to:
      • python/ql/test/query-tests/Exceptions/general/IllegalExceptionHandlerType.qlref
      • python/ql/test/query-tests/Exceptions/general/IllegalRaise.qlref
      • python/ql/test/query-tests/Exceptions/general/NotImplementedIsNotAnException.qlref
      • python/ql/test/query-tests/Functions/overriding/IncorrectlyOverriddenMethod.qlref
      • python/ql/test/query-tests/Functions/overriding/IncorrectlySpecifiedOverriddenMethod.qlref
      • python/ql/test/query-tests/Functions/overriding/WrongNameForArgumentInCall.qlref
      • python/ql/test/query-tests/Functions/overriding/WrongNumberArgumentsInCall.qlref
    • Extended python/ql/test/query-tests/Security/CWE-089-SqlInjection-local-threat-model/SqlInjection.qlref by preserving PrettyPrintModels.ql and appending InlineExpectationsTestQuery.ql.

  • Annotated source at result locations

    • Added inline # $ Alert[...] markers in:
      • python/ql/test/query-tests/Exceptions/general/exceptions_test.py
      • python/ql/test/query-tests/Exceptions/general/pypy_test.py
      • python/ql/test/query-tests/Functions/overriding/test.py
      • python/ql/test/query-tests/Security/CWE-089-SqlInjection-local-threat-model/test.py
    • Used query-id-qualified tags where multiple queries share the same source file and would otherwise compete for the same comment lines.

  • Preserved existing test ownership boundaries

    • Left .expected files untouched.
    • Kept existing postprocessors intact and only switched to list form where an additional postprocessor had to be appended.

  • Excluded behavior-sensitive cases from this slice

    • Did not convert tests where inline comments would suppress or alter the query result on the annotated line (for example, shared exception tests where adding a comment changes whether the query reports the clause at all).

Example of the migrated style:

def illegal_raise_value2():
    raise NotException2()  # $ Alert[py/illegal-raise]

conn.execute(sys.argv[1])  # $ Alert
Original prompt

Please do the same for all other languages that CodeQL supports (i.e. other than go or java), using what you have learned. Do not make a PR. List any queries you do not convert and why. I think you will not have access to CodeQL to test your changes, so do your best without that feedback. I will provide a list of failing tests at a future point.

It seems like you have provided a context about the current date and some previous requests related to CodeQL files. If you need assistance with anything specific, such as formatting .qlref files for Java or addressing the test output failures, please let me know how I can help!

Created from VS Code.

Copilot AI changed the title [WIP] Convert CodeQL queries for supported languages Normalize non-Go/Java .qlref files to explicit query: format Jun 10, 2026
Copilot AI requested a review from owen-mc June 10, 2026 12:39
Copilot AI changed the title Normalize non-Go/Java .qlref files to explicit query: format Convert non-Go/Java qlref tests to inline expectation tests via postprocess Jun 10, 2026
@github-actions github-actions Bot added C# JS C++ Python Ruby Rust Pull requests that update Rust code Swift Actions Analysis of GitHub Actions labels Jun 10, 2026
@owen-mc

owen-mc commented Jun 10, 2026
edited by codeql-ci
Loading

Copy link
Copy Markdown
Contributor
Rerun has been triggered, but no failed runs found ⚠️

@owen-mc owen-mc force-pushed the copilot/conversion-of-codeql-queries branch from aa3982d to 4d2e16e Compare June 10, 2026 20:59
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 10, 2026
View reviewed changes

@github-advanced-security github-advanced-security AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

Copilot AI changed the title Convert non-Go/Java qlref tests to inline expectation tests via postprocess Align qlref inline-expectation conversion with recipe for ql tests Jun 11, 2026
@github-actions github-actions Bot added documentation QL-for-QL and removed Actions Analysis of GitHub Actions labels Jun 11, 2026
Copilot AI changed the title Convert selected C++ qlref tests to inline expectations Convert JavaScript templating CodeInjection test to inline expectations Jun 11, 2026
Copilot AI changed the title Convert JavaScript templating CodeInjection test to inline expectations Convert selected Python qlref tests to inline expectations Jun 11, 2026
@owen-mc owen-mc force-pushed the copilot/conversion-of-codeql-queries branch from a713d75 to 0156cfb Compare June 15, 2026 10:08
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 15, 2026
View reviewed changes
Comment thread ...xperimental/query-tests/Security/CWE-074-RemoteCommandExecution/RemoteCommandExecution.qlref Outdated
Comment thread python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.qlref
@@ -1 +1 @@
experimental/Security/CWE-176/UnicodeBypassValidation.ql
query: experimental/Security/CWE-176/UnicodeBypassValidation.ql
Comment thread python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.qlref
@@ -1 +1 @@
Security/CWE-079/ReflectedXss.ql
query: Security/CWE-079/ReflectedXss.ql
Comment thread python/ql/test/library-tests/frameworks/gradio/taint_step_test.qlref
@@ -1 +1 @@
Security/CWE-022/PathInjection.ql
query: Security/CWE-022/PathInjection.ql
Comment thread python/ql/test/query-tests/Exceptions/general/CatchingBaseException.qlref Outdated
Comment thread python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.qlref
@@ -1 +1 @@
Security/CWE-078/CommandInjection.ql
query: Security/CWE-078/CommandInjection.ql
Comment thread ...y-tests/Security/CWE-078-UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.qlref
@@ -1 +1 @@
Security/CWE-078/UnsafeShellCommandConstruction.ql
query: Security/CWE-078/UnsafeShellCommandConstruction.ql
Comment thread python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.qlref
@@ -1 +1 @@
Security/CWE-209/StackTraceExposure.ql
query: Security/CWE-209/StackTraceExposure.ql
Comment thread python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.qlref
@@ -1 +1 @@
Security/CWE-943/NoSqlInjection.ql
query: Security/CWE-943/NoSqlInjection.ql
Comment thread python/ql/test/query-tests/Statements/DocStrings/DocStrings.qlref Outdated
@owen-mc owen-mc force-pushed the copilot/conversion-of-codeql-queries branch from 0156cfb to 0c2df7c Compare June 15, 2026 15:15
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 15, 2026
View reviewed changes
Comment thread python/ql/test/query-tests/Lexical/ToDoComment/ToDoComment.qlref Dismissed
@owen-mc owen-mc marked this pull request as ready for review June 15, 2026 16:11
@owen-mc owen-mc requested a review from a team as a code owner June 15, 2026 16:11
Copilot AI review requested due to automatic review settings June 15, 2026 16:11
@owen-mc owen-mc requested a review from a team as a code owner June 15, 2026 16:11
Copilot AI reviewed Jun 15, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review this pull request because it exceeds the maximum number of files (300). Try reducing the number of changed files and requesting a review from Copilot again.

@owen-mc owen-mc requested a review from Copilot June 15, 2026 16:17
Copilot AI reviewed Jun 15, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review this pull request because it exceeds the maximum number of files (300). Try reducing the number of changed files and requesting a review from Copilot again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@owen-mc owen-mc Awaiting requested review from owen-mc

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@owen-mc owen-mc

Copilot code review Copilot

Labels

Python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@owen-mc @github-advanced-security