Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 772538f

Browse files
RasmusWLRasmusWL
committed
Python: Move tests of collection-taint to own dir
1 parent df8be43 commit 772538f

10 files changed

Lines changed: 301 additions & 146 deletions

File tree

python/ql/test/library-tests/taint/collections/Taint.qll

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
import python
2+
import semmle.python.security.TaintTracking
3+
import semmle.python.security.strings.Untrusted
4+
5+
6+
class SimpleSource extends TaintSource {
7+
8+
SimpleSource() { this.(NameNode).getId() = "TAINTED_STRING" }
9+
10+
override predicate isSourceOf(TaintKind kind) {
11+
kind instanceof ExternalStringKind
12+
}
13+
14+
override string toString() {
15+
result = "taint source"
16+
}
17+
18+
}
19+
20+
class ListSource extends TaintSource {
21+
22+
ListSource() { this.(NameNode).getId() = "TAINTED_LIST" }
23+
24+
override predicate isSourceOf(TaintKind kind) {
25+
kind instanceof ExternalStringSequenceKind
26+
}
27+
28+
override string toString() {
29+
result = "list taint source"
30+
}
31+
32+
}
33+
34+
class DictSource extends TaintSource {
35+
36+
DictSource() { this.(NameNode).getId() = "TAINTED_DICT" }
37+
38+
override predicate isSourceOf(TaintKind kind) {
39+
kind instanceof ExternalStringDictKind
40+
}
41+
42+
override string toString() {
43+
result = "dict taint source"
44+
}
45+
46+
}

python/ql/test/library-tests/taint/collections/TestNode.expected

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
| Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | |
2+
| Taint [externally controlled string] | test.py:6 | test.py:6:22:6:36 | Tuple | |
3+
| Taint [externally controlled string] | test.py:10 | test.py:10:9:10:26 | list() | |
4+
| Taint [externally controlled string] | test.py:10 | test.py:10:14:10:25 | tainted_list | |
5+
| Taint [externally controlled string] | test.py:11 | test.py:11:9:11:27 | list() | |
6+
| Taint [externally controlled string] | test.py:11 | test.py:11:14:11:26 | tainted_tuple | |
7+
| Taint [externally controlled string] | test.py:13 | test.py:13:9:13:35 | list() | |
8+
| Taint [externally controlled string] | test.py:13 | test.py:13:14:13:34 | Attribute() | |
9+
| Taint [externally controlled string] | test.py:16 | test.py:16:9:16:27 | tuple() | |
10+
| Taint [externally controlled string] | test.py:16 | test.py:16:15:16:26 | tainted_list | |
11+
| Taint [externally controlled string] | test.py:17 | test.py:17:9:17:25 | set() | |
12+
| Taint [externally controlled string] | test.py:17 | test.py:17:13:17:24 | tainted_list | |
13+
| Taint [externally controlled string] | test.py:18 | test.py:18:19:18:30 | tainted_list | |
14+
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | |
15+
| Taint [externally controlled string] | test.py:22 | test.py:22:9:22:20 | tainted_list | |
16+
| Taint [externally controlled string] | test.py:23 | test.py:23:9:23:20 | tainted_list | |
17+
| Taint [externally controlled string] | test.py:24 | test.py:24:9:24:20 | tainted_list | |
18+
| Taint [externally controlled string] | test.py:24 | test.py:24:9:24:25 | Subscript | |
19+
| Taint [externally controlled string] | test.py:25 | test.py:25:9:25:20 | tainted_list | |
20+
| Taint [externally controlled string] | test.py:25 | test.py:25:9:25:27 | Attribute() | |
21+
| Taint [externally controlled string] | test.py:26 | test.py:26:15:26:26 | tainted_list | |
22+
| Taint [externally controlled string] | test.py:27 | test.py:27:14:27:25 | tainted_list | |
23+
| Taint [externally controlled string] | test.py:29 | test.py:29:14:29:35 | reversed() | |
24+
| Taint [externally controlled string] | test.py:29 | test.py:29:23:29:34 | tainted_list | |
25+
| Taint [externally controlled string] | test.py:37 | test.py:37:14:37:34 | Attribute() | |
26+
| Taint externally controlled string | test.py:4 | test.py:4:22:4:35 | TAINTED_STRING | |
27+
| Taint externally controlled string | test.py:5 | test.py:5:21:5:34 | tainted_string | |
28+
| Taint externally controlled string | test.py:6 | test.py:6:22:6:35 | tainted_string | |
29+
| Taint externally controlled string | test.py:7 | test.py:7:20:7:33 | tainted_string | |
30+
| Taint externally controlled string | test.py:8 | test.py:8:28:8:41 | tainted_string | |
31+
| Taint externally controlled string | test.py:22 | test.py:22:9:22:23 | Subscript | |
32+
| Taint externally controlled string | test.py:23 | test.py:23:9:23:23 | Subscript | |
33+
| Taint externally controlled string | test.py:27 | test.py:27:5:27:26 | For | |
34+
| Taint externally controlled string | test.py:28 | test.py:28:9:28:9 | h | |
35+
| Taint externally controlled string | test.py:29 | test.py:29:5:29:36 | For | |
36+
| Taint externally controlled string | test.py:30 | test.py:30:9:30:9 | i | |
37+
| Taint externally controlled string | test.py:34 | test.py:34:9:34:28 | Subscript | |
38+
| Taint externally controlled string | test.py:35 | test.py:35:9:35:23 | Subscript | |
39+
| Taint externally controlled string | test.py:37 | test.py:37:5:37:35 | For | |
40+
| Taint externally controlled string | test.py:38 | test.py:38:9:38:9 | d | |
41+
| Taint externally controlled string | test.py:44 | test.py:44:19:44:32 | TAINTED_STRING | |
42+
| Taint externally controlled string | test.py:54 | test.py:54:5:54:47 | BinaryExpr | |
43+
| Taint externally controlled string | test.py:54 | test.py:54:34:54:47 | TAINTED_STRING | |
44+
| Taint {externally controlled string} | test.py:8 | test.py:8:20:8:42 | Dict | |
45+
| Taint {externally controlled string} | test.py:13 | test.py:13:14:13:25 | tainted_dict | |
46+
| Taint {externally controlled string} | test.py:14 | test.py:14:14:14:25 | tainted_dict | |
47+
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | |
48+
| Taint {externally controlled string} | test.py:34 | test.py:34:9:34:20 | tainted_dict | |
49+
| Taint {externally controlled string} | test.py:35 | test.py:35:9:35:20 | tainted_dict | |
50+
| Taint {externally controlled string} | test.py:36 | test.py:36:9:36:20 | tainted_dict | |
51+
| Taint {externally controlled string} | test.py:36 | test.py:36:9:36:27 | Attribute() | |
52+
| Taint {externally controlled string} | test.py:37 | test.py:37:14:37:25 | tainted_dict | |
53+
| Taint {externally controlled string} | test.py:39 | test.py:39:17:39:28 | tainted_dict | |

python/ql/test/library-tests/taint/collections/TestNode.ql

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
import python
2+
import semmle.python.security.TaintTracking
3+
import Taint
4+
5+
6+
from TaintedNode n
7+
where n.getLocation().getFile().getName().matches("%test.py")
8+
select "Taint " + n.getTaintKind(), n.getLocation().toString(), n.getCfgNode().getNode(), n.getContext()
9+

python/ql/test/library-tests/taint/collections/TestStep.expected

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
| Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | | --> | Taint [externally controlled string] | test.py:10 | test.py:10:14:10:25 | tainted_list | |
2+
| Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | | --> | Taint [externally controlled string] | test.py:16 | test.py:16:15:16:26 | tainted_list | |
3+
| Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | | --> | Taint [externally controlled string] | test.py:17 | test.py:17:13:17:24 | tainted_list | |
4+
| Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | | --> | Taint [externally controlled string] | test.py:18 | test.py:18:19:18:30 | tainted_list | |
5+
| Taint [externally controlled string] | test.py:6 | test.py:6:22:6:36 | Tuple | | --> | Taint [externally controlled string] | test.py:11 | test.py:11:14:11:26 | tainted_tuple | |
6+
| Taint [externally controlled string] | test.py:10 | test.py:10:14:10:25 | tainted_list | | --> | Taint [externally controlled string] | test.py:10 | test.py:10:9:10:26 | list() | |
7+
| Taint [externally controlled string] | test.py:11 | test.py:11:14:11:26 | tainted_tuple | | --> | Taint [externally controlled string] | test.py:11 | test.py:11:9:11:27 | list() | |
8+
| Taint [externally controlled string] | test.py:13 | test.py:13:14:13:34 | Attribute() | | --> | Taint [externally controlled string] | test.py:13 | test.py:13:9:13:35 | list() | |
9+
| Taint [externally controlled string] | test.py:16 | test.py:16:15:16:26 | tainted_list | | --> | Taint [externally controlled string] | test.py:16 | test.py:16:9:16:27 | tuple() | |
10+
| Taint [externally controlled string] | test.py:17 | test.py:17:13:17:24 | tainted_list | | --> | Taint [externally controlled string] | test.py:17 | test.py:17:9:17:25 | set() | |
11+
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:22 | test.py:22:9:22:20 | tainted_list | |
12+
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:23 | test.py:23:9:23:20 | tainted_list | |
13+
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:24 | test.py:24:9:24:20 | tainted_list | |
14+
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:25 | test.py:25:9:25:20 | tainted_list | |
15+
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:26 | test.py:26:15:26:26 | tainted_list | |
16+
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:27 | test.py:27:14:27:25 | tainted_list | |
17+
| Taint [externally controlled string] | test.py:21 | test.py:21:20:21:31 | TAINTED_LIST | | --> | Taint [externally controlled string] | test.py:29 | test.py:29:23:29:34 | tainted_list | |
18+
| Taint [externally controlled string] | test.py:22 | test.py:22:9:22:20 | tainted_list | | --> | Taint externally controlled string | test.py:22 | test.py:22:9:22:23 | Subscript | |
19+
| Taint [externally controlled string] | test.py:23 | test.py:23:9:23:20 | tainted_list | | --> | Taint externally controlled string | test.py:23 | test.py:23:9:23:23 | Subscript | |
20+
| Taint [externally controlled string] | test.py:24 | test.py:24:9:24:20 | tainted_list | | --> | Taint [externally controlled string] | test.py:24 | test.py:24:9:24:25 | Subscript | |
21+
| Taint [externally controlled string] | test.py:25 | test.py:25:9:25:20 | tainted_list | | --> | Taint [externally controlled string] | test.py:25 | test.py:25:9:25:27 | Attribute() | |
22+
| Taint [externally controlled string] | test.py:27 | test.py:27:14:27:25 | tainted_list | | --> | Taint externally controlled string | test.py:27 | test.py:27:5:27:26 | For | |
23+
| Taint [externally controlled string] | test.py:29 | test.py:29:14:29:35 | reversed() | | --> | Taint externally controlled string | test.py:29 | test.py:29:5:29:36 | For | |
24+
| Taint [externally controlled string] | test.py:29 | test.py:29:23:29:34 | tainted_list | | --> | Taint [externally controlled string] | test.py:29 | test.py:29:14:29:35 | reversed() | |
25+
| Taint [externally controlled string] | test.py:37 | test.py:37:14:37:34 | Attribute() | | --> | Taint externally controlled string | test.py:37 | test.py:37:5:37:35 | For | |
26+
| Taint externally controlled string | test.py:4 | test.py:4:22:4:35 | TAINTED_STRING | | --> | Taint externally controlled string | test.py:5 | test.py:5:21:5:34 | tainted_string | |
27+
| Taint externally controlled string | test.py:4 | test.py:4:22:4:35 | TAINTED_STRING | | --> | Taint externally controlled string | test.py:6 | test.py:6:22:6:35 | tainted_string | |
28+
| Taint externally controlled string | test.py:4 | test.py:4:22:4:35 | TAINTED_STRING | | --> | Taint externally controlled string | test.py:7 | test.py:7:20:7:33 | tainted_string | |
29+
| Taint externally controlled string | test.py:4 | test.py:4:22:4:35 | TAINTED_STRING | | --> | Taint externally controlled string | test.py:8 | test.py:8:28:8:41 | tainted_string | |
30+
| Taint externally controlled string | test.py:5 | test.py:5:21:5:34 | tainted_string | | --> | Taint [externally controlled string] | test.py:5 | test.py:5:20:5:35 | List | |
31+
| Taint externally controlled string | test.py:6 | test.py:6:22:6:35 | tainted_string | | --> | Taint [externally controlled string] | test.py:6 | test.py:6:22:6:36 | Tuple | |
32+
| Taint externally controlled string | test.py:8 | test.py:8:28:8:41 | tainted_string | | --> | Taint {externally controlled string} | test.py:8 | test.py:8:20:8:42 | Dict | |
33+
| Taint externally controlled string | test.py:27 | test.py:27:5:27:26 | For | | --> | Taint externally controlled string | test.py:28 | test.py:28:9:28:9 | h | |
34+
| Taint externally controlled string | test.py:29 | test.py:29:5:29:36 | For | | --> | Taint externally controlled string | test.py:30 | test.py:30:9:30:9 | i | |
35+
| Taint externally controlled string | test.py:37 | test.py:37:5:37:35 | For | | --> | Taint externally controlled string | test.py:38 | test.py:38:9:38:9 | d | |
36+
| Taint externally controlled string | test.py:54 | test.py:54:34:54:47 | TAINTED_STRING | | --> | Taint externally controlled string | test.py:54 | test.py:54:5:54:47 | BinaryExpr | |
37+
| Taint {externally controlled string} | test.py:8 | test.py:8:20:8:42 | Dict | | --> | Taint {externally controlled string} | test.py:13 | test.py:13:14:13:25 | tainted_dict | |
38+
| Taint {externally controlled string} | test.py:8 | test.py:8:20:8:42 | Dict | | --> | Taint {externally controlled string} | test.py:14 | test.py:14:14:14:25 | tainted_dict | |
39+
| Taint {externally controlled string} | test.py:13 | test.py:13:14:13:25 | tainted_dict | | --> | Taint [externally controlled string] | test.py:13 | test.py:13:14:13:34 | Attribute() | |
40+
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:34 | test.py:34:9:34:20 | tainted_dict | |
41+
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:35 | test.py:35:9:35:20 | tainted_dict | |
42+
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:36 | test.py:36:9:36:20 | tainted_dict | |
43+
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:37 | test.py:37:14:37:25 | tainted_dict | |
44+
| Taint {externally controlled string} | test.py:33 | test.py:33:20:33:31 | TAINTED_DICT | | --> | Taint {externally controlled string} | test.py:39 | test.py:39:17:39:28 | tainted_dict | |
45+
| Taint {externally controlled string} | test.py:34 | test.py:34:9:34:20 | tainted_dict | | --> | Taint externally controlled string | test.py:34 | test.py:34:9:34:28 | Subscript | |
46+
| Taint {externally controlled string} | test.py:35 | test.py:35:9:35:20 | tainted_dict | | --> | Taint externally controlled string | test.py:35 | test.py:35:9:35:23 | Subscript | |
47+
| Taint {externally controlled string} | test.py:36 | test.py:36:9:36:20 | tainted_dict | | --> | Taint {externally controlled string} | test.py:36 | test.py:36:9:36:27 | Attribute() | |
48+
| Taint {externally controlled string} | test.py:37 | test.py:37:14:37:25 | tainted_dict | | --> | Taint [externally controlled string] | test.py:37 | test.py:37:14:37:34 | Attribute() | |

python/ql/test/library-tests/taint/collections/TestStep.ql

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
import python
2+
import semmle.python.security.TaintTracking
3+
import Taint
4+
5+
6+
from TaintedNode n, TaintedNode s
7+
where n.getLocation().getFile().getName().matches("%test.py") and
8+
s.getLocation().getFile().getName().matches("%test.py") and
9+
s = n.getASuccessor()
10+
select
11+
"Taint " + n.getTaintKind(), n.getLocation().toString(), n.getAstNode(), n.getContext(),
12+
" --> ",
13+
"Taint " + s.getTaintKind(), s.getLocation().toString(), s.getAstNode(), s.getContext()

python/ql/test/library-tests/taint/collections/test.py

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
from collections import defaultdict, namedtuple
2+
3+
def test_construction():
4+
tainted_string = TAINTED_STRING
5+
tainted_list = [tainted_string]
6+
tainted_tuple = (tainted_string,)
7+
tainted_set = {tainted_string} # TODO: set currently not handled
8+
tainted_dict = {'key': tainted_string}
9+
10+
a = list(tainted_list)
11+
b = list(tainted_tuple)
12+
c = list(tainted_set) # TODO: set currently not handled
13+
d = list(tainted_dict.values())
14+
e = list(tainted_dict.items()) # TODO: dict.items() currently not handled
15+
16+
f = tuple(tainted_list)
17+
g = set(tainted_list)
18+
h = frozenset(tainted_list) # TODO: frozenset constructor currently not handled
19+
20+
def test_access():
21+
tainted_list = TAINTED_LIST
22+
a = tainted_list[0]
23+
b = tainted_list[x]
24+
c = tainted_list[y:z]
25+
d = tainted_list.copy()
26+
e, f, g = tainted_list # TODO: currently not handled
27+
for h in tainted_list:
28+
h
29+
for i in reversed(tainted_list):
30+
i
31+
32+
def test_dict_access(x):
33+
tainted_dict = TAINTED_DICT
34+
a = tainted_dict["name"]
35+
b = tainted_dict[x]
36+
c = tainted_dict.copy()
37+
for d in tainted_dict.values():
38+
d
39+
for _, e in tainted_dict.items(): # TODO: dict.items() currently not handled
40+
e
41+
42+
def test_named_tuple(): # TODO: namedtuple currently not handled
43+
Point = namedtuple('Point', ['x', 'y'])
44+
point = Point(TAINTED_STRING, 'const')
45+
46+
a = point[0]
47+
b = point.x
48+
c = point[1]
49+
d = point.y
50+
e, f = point
51+
52+
def test_defaultdict(key, x): # TODO: defaultdict currently not handled
53+
tainted_default_dict = defaultdict(str)
54+
tainted_default_dict[key] += TAINTED_STRING
55+
56+
a = tainted_dict["name"]
57+
b = tainted_dict[x]
58+
c = tainted_dict.copy()
59+
for d in tainted_dict.values():
60+
d
61+
for _, e in tainted_dict.items():
62+
e

0 commit comments

Comments
 (0)