Java: Add new quality query to detect missing @Nested annotation in JUnit5 tests
#19094
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
...ry-tests/Likely Bugs/Frameworks/JUnit/JUnit5NonStaticInnerClassMissingNestedAnnotation.qlref
Fixed
Show fixed
Hide fixed
jcogs33
force-pushed
the
jcogs33/java/junit5-missing-nested-annotation
branch
from
8653c19 to
daad77a
Compare
…emplate when identifying JUnit 5 test methods
jcogs33
force-pushed
the
jcogs33/java/junit5-missing-nested-annotation
branch
from
b207ce1 to
0f00262
Compare
I'll leave as |
jcogs33
added
the
ready-for-doc-review
vgrl
added
ready-for-doc-review
There was a problem hiding this comment.
@jcogs33 👋🏻 - approving on behalf of Docs ⚡
Left a few minor suggestions, mainly to improve readability.
java/ql/src/Likely Bugs/Frameworks/JUnit/JUnit5MissingNestedAnnotation.ql
Outdated
Show resolved
Hide resolved
java/ql/src/Likely Bugs/Frameworks/JUnit/JUnit5MissingNestedAnnotation.md
Outdated
Show resolved
Hide resolved
|
|
||
| ## Implementation Notes | ||
|
|
||
| This rule is focused on missing `@Nested` annotations on non-static nested (inner) test classes. Static nested test classes should not be annotated with `@Nested`. As a result, the absence of a `@Nested` annotation on such classes is compliant. Identifying incorrect application of a `@Nested` annotation to static nested classes is out of scope for this rule. |
There was a problem hiding this comment.
Should we say "query" instead of "rule"?
There was a problem hiding this comment.
I wondered that as well, but found that there are many pre-existing qhelp files that use the term "rule" (see search results) so I left as-is.
I can change to "query" if anyone feels strongly about it. If we choose to say "query" instead, then we should align on that for all of the ported queries, since I think several say "rule". e.g. java/empty-method
Co-authored-by: mc <[email protected]>
|
Thanks @mchammer01! I've applied your suggestions. |
|
cc @knewbury01 |
Description
Adds a new quality query to detect missing
@Nestedannotations on JUnit 5 inner test classes. This query is migrated from the advance security team's quality queries.Consideration
Changes from original query. Let me know if you disagree with any of these changes:
not testClass.isStatic()since the non-static requirement already seemed to be handled bytestClass instanceof InnerClass. Let me know if the additional non-static check is needed for some reason I'm not aware of.@Nestedannotation on abstract classes is invalid and may cause an error. This exclusion reduces the number of alerts on the MRVA top-100 from 5 to 1 and on the MRVA top-1000 from 41 to 29.anonymous,local, andprivateclasses since JUnit seems to define an inner class as non-private, non-anonymous, and non-local. These exclusions further reduce the number of alerts on the MRVA top-100 from 1 to 0 and on the MRVA top-1000 from 29 to 25.@RepeatedTest,@ParameterizedTest,@TestFactory, and@TestTemplatewhen identifying JUnit 5 test methods. This inclusion adds 4 more results on the MRVA top-1000.testabilityandframeworks/junitmetadata tags to align with the tags on the other queries injava/ql/src/Likely Bugs/Frameworks/JUnit.Questions:
problem.severityoferrorinstead ofwarningsince it results in tests not running correctly?Other Notes: