Normalize tests

jorgectf · jorgectf · commit 81505fbd76d4 · 2021-06-16T23:18:38.000+02:00
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_bad.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_db_document_subclass_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_db_document_subclass_bad.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_db_document_subclass_good.py b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_db_document_subclass_good.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_get_db_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_get_db_bad.py
@@ -3,8 +3,8 @@
 import json
 
 app = Flask(__name__)
+app.config.from_pyfile('the-config.cfg')
 db = MongoEngine(app)
-db.init_app(app)
 
 
 class Movie(db.Document):
@@ -16,11 +16,11 @@ class Movie(db.Document):
 
 @app.route("/")
 def home_page():
-    unsanitized_search = request.args['search']
-    json_search = json.loads(unsanitized_search)
+    unsafe_search = request.args['search']
+    json_search = json.loads(unsafe_search)
 
     retrieved_db = db.get_db()
-    result = retrieved_db["Movie"].find({'name': json_search})
+    data = retrieved_db["Movie"].find({'name': json_search})
 
 # if __name__ == "__main__":
 #     app.run(debug=True)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_get_db_good.py b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_get_db_good.py
@@ -4,8 +4,8 @@
 import json
 
 app = Flask(__name__)
+app.config.from_pyfile('the-config.cfg')
 db = MongoEngine(app)
-db.init_app(app)
 
 
 class Movie(db.Document):
@@ -17,12 +17,12 @@ class Movie(db.Document):
 
 @app.route("/")
 def home_page():
-    unsanitized_search = request.args['search']
-    json_search = json.loads(unsanitized_search)
+    unsafe_search = request.args['search']
+    json_search = json.loads(unsafe_search)
     safe_search = sanitize(json_search)
 
     retrieved_db = db.get_db()
-    result = retrieved_db["Movie"].find({'name': safe_search})
+    data = retrieved_db["Movie"].find({'name': safe_search})
 
 # if __name__ == "__main__":
 #     app.run(debug=True)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_good.py b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_good.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_pymongo_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_pymongo_bad.py
@@ -8,10 +8,10 @@
 
 @app.route("/")
 def home_page():
-    unsanitized_search = request.args['search']
-    json_search = json.loads(unsanitized_search)
+    unsafe_search = request.args['search']
+    json_search = json.loads(unsafe_search)
 
-    result = mongo.db.user.find({'name': json_search})
+    data = mongo.db.user.find({'name': json_search})
 
 # if __name__ == "__main__":
 #     app.run(debug=True)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_pymongo_good.py b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_pymongo_good.py
@@ -13,7 +13,7 @@ def home_page():
     json_search = json.loads(unsafe_search)
     safe_search = sanitize(json_search)
 
-    result = mongo.db.user.find({'name': safe_search})
+    data = mongo.db.user.find({'name': safe_search})
 
 # if __name__ == "__main__":
 #    app.run(debug=True)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/mongoclient_subscript_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-943/mongoclient_subscript_bad.py
@@ -18,7 +18,7 @@ def home_page():
     json_search = json.loads(unsafe_search)
 
     db = me.connect('mydb')  
-    data = db['mydb']['movie'].find({'name': json_search})
+    data = db['movie'].find({'name': json_search})
 
 # if __name__ == "__main__":
 #     app.run(debug=True)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/mongoclient_subscript_good.py b/python/ql/test/experimental/query-tests/Security/CWE-943/mongoclient_subscript_good.py
@@ -20,7 +20,7 @@ def home_page():
     safe_search = sanitize(json_search)
 
     db = me.connect('mydb')
-    data = db['mydb']['movie'].find({'name': safe_search})
+    data = db['movie'].find({'name': safe_search})
 
 # if __name__ == "__main__":
 #     app.run(debug=True)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_bad.py
@@ -18,7 +18,7 @@ def home_page():
     json_search = json.loads(unsafe_search)
 
     db = me.connect('mydb')  
-    data = db.mydb.movie.find({'name': json_search})
+    data = db.movie.find({'name': json_search})
 
 # if __name__ == "__main__":
 #     app.run(debug=True)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_good.py b/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_good.py
@@ -20,7 +20,7 @@ def home_page():
     safe_search = sanitize(json_search)
 
     db = me.connect('mydb')  
-    data = db.mydb.movie.find({'name': safe_search})
+    data = db.movie.find({'name': json_search})
 
 # if __name__ == "__main__":
 #     app.run(debug=True)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_via_connection_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_via_connection_bad.py
@@ -19,7 +19,7 @@ def home_page():
     json_search = json.loads(unsafe_search)
 
     db = connect('mydb')
-    data = db.mydb.movie.find({'name': json_search})
+    data = db.movie.find({'name': json_search})
 
 # if __name__ == "__main__":
 #     app.run(debug=True)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_via_connection_good.py b/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_connect_via_connection_good.py
@@ -21,7 +21,7 @@ def home_page():
     safe_search = sanitize(json_search)
 
     db = connect('mydb')
-    data = db.mydb.movie.find({'name': json_search})
+    data = db.movie.find({'name': json_search})
 
 # if __name__ == "__main__":
 #     app.run(debug=True)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_document_subclass_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_document_subclass_bad.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_document_subclass_good.py b/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_document_subclass_good.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/pymongo_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-943/pymongo_bad.py
@@ -11,7 +11,7 @@ def home_page():
     unsafe_search = request.args['search']
     json_search = json.loads(unsafe_search)
 
-    result = client.db.collection.find_one({'data': json_search})
+    data = client.db.collection.find_one({'data': json_search})
 
 # if __name__ == "__main__":
 #     app.run(debug=True)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-943/pymongo_good.py b/python/ql/test/experimental/query-tests/Security/CWE-943/pymongo_good.py
@@ -13,7 +13,7 @@ def home_page():
     json_search = json.loads(unsafe_search)
     safe_search = sanitize(json_search)
 
-    result = client.db.collection.find_one({'data': safe_search})
+    data = client.db.collection.find_one({'data': safe_search})
 
 # if __name__ == "__main__":
 #     app.run(debug=True)
