Python: Highlight that safe or also_safe doesn't clear taint :(

RasmusWL · RasmusWL · commit 12b36b2245af · 2020-11-20T10:43:46.000+01:00
diff --git a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/TestTaint.expected b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/TestTaint.expected
@@ -2,8 +2,10 @@
 | test_string_eq.py:18 | ok   | const_eq_clears_taint | ts |
 | test_string_eq.py:20 | ok   | const_eq_clears_taint | ts |
 | test_string_eq.py:27 | fail | const_eq_clears_taint2 | ts |
-| test_string_eq.py:33 | ok   | non_const_eq_preserves_taint | ts |
-| test_string_eq.py:35 | ok   | non_const_eq_preserves_taint | ts |
-| test_string_eq.py:45 | fail | const_eq_through_func | ts |
-| test_string_eq.py:47 | ok   | const_eq_through_func | ts |
-| test_string_eq.py:49 | ok   | const_eq_through_func | ts |
+| test_string_eq.py:33 | fail | const_eq_clears_taint3 | ts |
+| test_string_eq.py:35 | ok   | const_eq_clears_taint3 | ts |
+| test_string_eq.py:41 | ok   | non_const_eq_preserves_taint | ts |
+| test_string_eq.py:43 | ok   | non_const_eq_preserves_taint | ts |
+| test_string_eq.py:53 | fail | const_eq_through_func | ts |
+| test_string_eq.py:55 | ok   | const_eq_through_func | ts |
+| test_string_eq.py:57 | ok   | const_eq_through_func | ts |
diff --git a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/test_string_eq.py b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/test_string_eq.py
@@ -27,6 +27,14 @@ def const_eq_clears_taint2():
     ensure_not_tainted(ts)
 
 
+def const_eq_clears_taint3():
+    ts = TAINTED_STRING
+    if ts == "safe" or ts == "also_safe":
+        ensure_not_tainted(ts)
+    else:
+        ensure_tainted(ts)
+
+
 def non_const_eq_preserves_taint(x="foo"):
     ts = TAINTED_STRING
     if ts == ts:
@@ -53,4 +61,5 @@ def const_eq_through_func():
 
 const_eq_clears_taint()
 const_eq_clears_taint2()
+const_eq_clears_taint3()
 non_const_eq_preserves_taint()
