Python: Update comments for new taint tests

RasmusWL · RasmusWL · commit e0cfe8123efd · 2020-09-01T11:58:26.000+02:00
I see I didn't keep them up to date as I implemented things
diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
@@ -16,7 +16,7 @@ def test_construction():
     tainted_string = TAINTED_STRING
     tainted_list = [tainted_string]
     tainted_tuple = (tainted_string,)
-    tainted_set = {tainted_string} # TODO: set currently not handled
+    tainted_set = {tainted_string}
     tainted_dict = {'key': tainted_string}
 
     ensure_tainted(
@@ -30,13 +30,13 @@ def test_construction():
     ensure_tainted(
         list(tainted_list),
         list(tainted_tuple),
-        list(tainted_set), # TODO: set currently not handled
+        list(tainted_set),
         list(tainted_dict.values()),
-        list(tainted_dict.items()), # TODO: dict.items() currently not handled
+        list(tainted_dict.items()),
 
         tuple(tainted_list),
         set(tainted_list),
-        frozenset(tainted_list), # TODO: frozenset constructor currently not handled
+        frozenset(tainted_list),
     )
 
 
@@ -75,7 +75,7 @@ def test_dict_access(x):
 
     for v in tainted_dict.values():
         ensure_tainted(v)
-    for k, v in tainted_dict.items(): # TODO: dict.items() currently not handled
+    for k, v in tainted_dict.items():
         ensure_tainted(v)
 
 
diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_unpacking.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_unpacking.py
@@ -51,17 +51,17 @@ def contrived_1():
     tainted_list = TAINTED_LIST[0:3]
     no_taint_list = [1,2,3]
 
-    # We don't handle this case currently, since we mark `d`, `e` and `f` as tainted.
     (a, b, c), (d, e, f) = tainted_list, no_taint_list
     ensure_tainted(a, b, c)
-    ensure_not_tainted(d, e, f)
+    ensure_not_tainted(d, e, f) # FP: we mark `d`, `e` and `f` as tainted.
 
 
 def contrived_2():
     # A contrived example. Don't know why anyone would ever actually do this.
 
-    # We currently only handle taint nested 2 levels.
-    [[[ (a,b,c) ]]] = [[[ TAINTED_LIST[0:3] ]]]
+    # Old taint tracking was only able to handle taint nested 2 levels in sequences,
+    # so would not mark a, b, c as tainted
+    [[[ (a, b, c) ]]] = [[[ TAINTED_LIST[0:3] ]]]
     ensure_tainted(a, b, c)
 
 
