Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 5f9aa4c

Browse files
RasmusWLRasmusWL
committed
Python: Restructure defaultAdditionalTaintStep tests
This makes it easier to add a new test-case, and makes it easier to work with the existing files. It does have a downside on making it a bit more annoying looking at TestTaint.expected, and possible longer runtime, but I think it's still worth it.
1 parent a1ada62 commit 5f9aa4c

27 files changed

Lines changed: 158 additions & 164 deletions

File tree

python/ql/test/experimental/dataflow/tainttracking/TestTaintLib.qll

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,8 @@ private string repr(Expr e) {
4545

4646
query predicate test_taint(string arg_location, string test_res, string function_name, string repr) {
4747
exists(Call call, Expr arg, boolean expected_taint, boolean has_taint |
48-
call.getLocation().getFile().getShortName() = "test.py" and
48+
// only consider files that are extracted as part of the test
49+
exists(call.getLocation().getFile().getRelativePath()) and
4950
(
5051
call.getFunc().(Name).getId() = "ensure_tainted" and
5152
expected_taint = true

python/ql/test/experimental/dataflow/tainttracking/collections-py3/TestTaint.expected

Lines changed: 0 additions & 1 deletion
This file was deleted.

python/ql/test/experimental/dataflow/tainttracking/collections/TestTaint.expected

Lines changed: 0 additions & 37 deletions
This file was deleted.

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/TestTaint.expected

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
| collections.py:16 | fail | test_access | tainted_list.copy() |
2+
| string.py:17 | ok | str_methods | ts.casefold() |
3+
| string.py:19 | ok | str_methods | ts.format_map(..) |
4+
| string.py:20 | fail | str_methods | "{unsafe}".format_map(..) |
5+
| string.py:31 | fail | binary_decode_encode | base64.a85encode(..) |
6+
| string.py:32 | fail | binary_decode_encode | base64.a85decode(..) |
7+
| string.py:35 | fail | binary_decode_encode | base64.b85encode(..) |
8+
| string.py:36 | fail | binary_decode_encode | base64.b85decode(..) |
9+
| string.py:39 | fail | binary_decode_encode | base64.encodebytes(..) |
10+
| string.py:40 | fail | binary_decode_encode | base64.decodebytes(..) |
11+
| string.py:48 | ok | f_strings | Fstring |
12+
| unpacking.py:18 | fail | extended_unpacking | first |
13+
| unpacking.py:18 | fail | extended_unpacking | last |
14+
| unpacking.py:18 | fail | extended_unpacking | rest |
15+
| unpacking.py:23 | fail | also_allowed | a |
16+
| unpacking.py:31 | fail | also_allowed | b |
17+
| unpacking.py:31 | fail | also_allowed | c |
18+
| unpacking.py:39 | fail | nested | x |
19+
| unpacking.py:39 | fail | nested | xs |
20+
| unpacking.py:39 | fail | nested | ys |

python/ql/test/experimental/dataflow/tainttracking/collections-py3/TestTaint.ql renamed to python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/TestTaint.ql

File renamed without changes.

python/ql/test/experimental/dataflow/tainttracking/collections-py3/test.py renamed to python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/collections.py

File renamed without changes.

python/ql/test/experimental/dataflow/tainttracking/collections-py3/options renamed to python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/options

File renamed without changes.

python/ql/test/experimental/dataflow/tainttracking/string-py3/test.py renamed to python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/string.py

File renamed without changes.

python/ql/test/experimental/dataflow/tainttracking/unpacking-py3/test.py renamed to python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/unpacking.py

File renamed without changes.

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/TestTaint.expected

Lines changed: 136 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,136 @@
1+
| collections.py:24 | ok | test_construction | tainted_string |
2+
| collections.py:25 | fail | test_construction | tainted_list |
3+
| collections.py:26 | fail | test_construction | tainted_tuple |
4+
| collections.py:27 | fail | test_construction | tainted_set |
5+
| collections.py:28 | fail | test_construction | tainted_dict |
6+
| collections.py:32 | fail | test_construction | list(..) |
7+
| collections.py:33 | fail | test_construction | list(..) |
8+
| collections.py:34 | fail | test_construction | list(..) |
9+
| collections.py:35 | fail | test_construction | list(..) |
10+
| collections.py:36 | fail | test_construction | list(..) |
11+
| collections.py:38 | fail | test_construction | tuple(..) |
12+
| collections.py:39 | fail | test_construction | set(..) |
13+
| collections.py:40 | fail | test_construction | frozenset(..) |
14+
| collections.py:48 | ok | test_access | tainted_list[0] |
15+
| collections.py:49 | ok | test_access | tainted_list[x] |
16+
| collections.py:50 | ok | test_access | tainted_list[Slice] |
17+
| collections.py:54 | fail | test_access | a |
18+
| collections.py:54 | fail | test_access | b |
19+
| collections.py:54 | fail | test_access | c |
20+
| collections.py:57 | fail | test_access | h |
21+
| collections.py:59 | fail | test_access | i |
22+
| collections.py:66 | ok | test_dict_access | tainted_dict["name"] |
23+
| collections.py:67 | ok | test_dict_access | tainted_dict[x] |
24+
| collections.py:68 | fail | test_dict_access | tainted_dict.copy() |
25+
| collections.py:72 | fail | test_dict_access | v |
26+
| collections.py:74 | fail | test_dict_access | v |
27+
| collections.py:82 | fail | test_named_tuple | point[0] |
28+
| collections.py:83 | fail | test_named_tuple | point.x |
29+
| collections.py:87 | ok | test_named_tuple | point[1] |
30+
| collections.py:88 | ok | test_named_tuple | point.y |
31+
| collections.py:92 | fail | test_named_tuple | a |
32+
| collections.py:93 | ok | test_named_tuple | b |
33+
| collections.py:101 | fail | test_defaultdict | tainted_default_dict["name"] |
34+
| collections.py:102 | fail | test_defaultdict | tainted_default_dict[x] |
35+
| collections.py:103 | fail | test_defaultdict | tainted_default_dict.copy() |
36+
| collections.py:106 | fail | test_defaultdict | v |
37+
| collections.py:108 | fail | test_defaultdict | v |
38+
| json.py:26 | fail | test | json.dumps(..) |
39+
| json.py:27 | fail | test | json.loads(..) |
40+
| json.py:34 | fail | test | tainted_filelike |
41+
| json.py:35 | fail | test | json.load(..) |
42+
| string.py:25 | ok | str_operations | ts |
43+
| string.py:26 | ok | str_operations | BinaryExpr |
44+
| string.py:27 | ok | str_operations | BinaryExpr |
45+
| string.py:28 | ok | str_operations | BinaryExpr |
46+
| string.py:29 | ok | str_operations | ts[Slice] |
47+
| string.py:30 | ok | str_operations | ts[Slice] |
48+
| string.py:31 | ok | str_operations | ts[Slice] |
49+
| string.py:32 | ok | str_operations | ts[0] |
50+
| string.py:33 | ok | str_operations | str(..) |
51+
| string.py:34 | ok | str_operations | bytes(..) |
52+
| string.py:35 | ok | str_operations | unicode(..) |
53+
| string.py:44 | ok | str_methods | ts.capitalize() |
54+
| string.py:45 | ok | str_methods | ts.center(..) |
55+
| string.py:46 | ok | str_methods | ts.expandtabs() |
56+
| string.py:48 | ok | str_methods | ts.format() |
57+
| string.py:49 | ok | str_methods | "{}".format(..) |
58+
| string.py:50 | ok | str_methods | "{unsafe}".format(..) |
59+
| string.py:52 | ok | str_methods | ts.join(..) |
60+
| string.py:53 | fail | str_methods | "".join(..) |
61+
| string.py:55 | ok | str_methods | ts.ljust(..) |
62+
| string.py:56 | ok | str_methods | ts.lstrip() |
63+
| string.py:57 | ok | str_methods | ts.lower() |
64+
| string.py:59 | ok | str_methods | ts.replace(..) |
65+
| string.py:60 | ok | str_methods | "safe".replace(..) |
66+
| string.py:62 | ok | str_methods | ts.rjust(..) |
67+
| string.py:63 | ok | str_methods | ts.rstrip() |
68+
| string.py:64 | ok | str_methods | ts.strip() |
69+
| string.py:65 | ok | str_methods | ts.swapcase() |
70+
| string.py:66 | ok | str_methods | ts.title() |
71+
| string.py:67 | ok | str_methods | ts.upper() |
72+
| string.py:68 | ok | str_methods | ts.zfill(..) |
73+
| string.py:70 | ok | str_methods | ts.encode(..) |
74+
| string.py:71 | ok | str_methods | ts.encode(..).decode(..) |
75+
| string.py:73 | ok | str_methods | tb.decode(..) |
76+
| string.py:74 | ok | str_methods | tb.decode(..).encode(..) |
77+
| string.py:77 | ok | str_methods | ts.partition(..) |
78+
| string.py:78 | ok | str_methods | ts.rpartition(..) |
79+
| string.py:79 | ok | str_methods | ts.rsplit(..) |
80+
| string.py:80 | ok | str_methods | ts.split(..) |
81+
| string.py:81 | ok | str_methods | ts.splitlines() |
82+
| string.py:86 | ok | str_methods | "safe".replace(..) |
83+
| string.py:88 | fail | str_methods | ts.join(..) |
84+
| string.py:89 | fail | str_methods | ts.join(..) |
85+
| string.py:99 | fail | non_syntactic | meth() |
86+
| string.py:100 | fail | non_syntactic | _str(..) |
87+
| string.py:109 | ok | percent_fmt | BinaryExpr |
88+
| string.py:110 | ok | percent_fmt | BinaryExpr |
89+
| string.py:111 | fail | percent_fmt | BinaryExpr |
90+
| string.py:121 | fail | binary_decode_encode | base64.b64encode(..) |
91+
| string.py:122 | fail | binary_decode_encode | base64.b64decode(..) |
92+
| string.py:124 | fail | binary_decode_encode | base64.standard_b64encode(..) |
93+
| string.py:125 | fail | binary_decode_encode | base64.standard_b64decode(..) |
94+
| string.py:127 | fail | binary_decode_encode | base64.urlsafe_b64encode(..) |
95+
| string.py:128 | fail | binary_decode_encode | base64.urlsafe_b64decode(..) |
96+
| string.py:130 | fail | binary_decode_encode | base64.b32encode(..) |
97+
| string.py:131 | fail | binary_decode_encode | base64.b32decode(..) |
98+
| string.py:133 | fail | binary_decode_encode | base64.b16encode(..) |
99+
| string.py:134 | fail | binary_decode_encode | base64.b16decode(..) |
100+
| string.py:149 | fail | binary_decode_encode | base64.encodestring(..) |
101+
| string.py:150 | fail | binary_decode_encode | base64.decodestring(..) |
102+
| string.py:155 | fail | binary_decode_encode | quopri.encodestring(..) |
103+
| string.py:156 | fail | binary_decode_encode | quopri.decodestring(..) |
104+
| unpacking.py:16 | fail | unpacking | a |
105+
| unpacking.py:16 | fail | unpacking | b |
106+
| unpacking.py:16 | fail | unpacking | c |
107+
| unpacking.py:22 | fail | unpacking_to_list | a |
108+
| unpacking.py:22 | fail | unpacking_to_list | b |
109+
| unpacking.py:22 | fail | unpacking_to_list | c |
110+
| unpacking.py:31 | fail | nested | a1 |
111+
| unpacking.py:31 | fail | nested | a2 |
112+
| unpacking.py:31 | fail | nested | a3 |
113+
| unpacking.py:31 | fail | nested | b |
114+
| unpacking.py:31 | fail | nested | c |
115+
| unpacking.py:35 | fail | nested | a1 |
116+
| unpacking.py:35 | fail | nested | a2 |
117+
| unpacking.py:35 | fail | nested | a3 |
118+
| unpacking.py:35 | fail | nested | b |
119+
| unpacking.py:35 | fail | nested | c |
120+
| unpacking.py:39 | fail | nested | a1 |
121+
| unpacking.py:39 | fail | nested | a2 |
122+
| unpacking.py:39 | fail | nested | a3 |
123+
| unpacking.py:39 | fail | nested | b |
124+
| unpacking.py:39 | fail | nested | c |
125+
| unpacking.py:46 | fail | unpack_from_set | a |
126+
| unpacking.py:46 | fail | unpack_from_set | b |
127+
| unpacking.py:46 | fail | unpack_from_set | c |
128+
| unpacking.py:56 | fail | contrived_1 | a |
129+
| unpacking.py:56 | fail | contrived_1 | b |
130+
| unpacking.py:56 | fail | contrived_1 | c |
131+
| unpacking.py:57 | ok | contrived_1 | d |
132+
| unpacking.py:57 | ok | contrived_1 | e |
133+
| unpacking.py:57 | ok | contrived_1 | f |
134+
| unpacking.py:65 | fail | contrived_2 | a |
135+
| unpacking.py:65 | fail | contrived_2 | b |
136+
| unpacking.py:65 | fail | contrived_2 | c |

0 commit comments

Comments
 (0)