Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e38ac18

Browse files
RasmusWLRasmusWL
committed
Python: Add (only) basic $HttpResponse tag to other tests files
This seems really nice to me, but you might disagree
1 parent 8b0b87a commit e38ac18

5 files changed

Lines changed: 57 additions & 77 deletions

File tree

python/ql/test/experimental/library-tests/frameworks/flask/ConceptsTest.expected

Lines changed: 0 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -1,40 +0,0 @@
1-
| old_test.py:41:12:41:54 | ControlFlowNode for make_response() | Unexpected result: HttpResponse= |
2-
| old_test.py:41:12:41:54 | ControlFlowNode for make_response() | Unexpected result: contentType=text/html |
3-
| old_test.py:41:12:41:54 | ControlFlowNode for make_response() | Unexpected result: responseBody=BinaryExpr |
4-
| old_test.py:41:12:41:54 | ControlFlowNode for make_response() | Unexpected result: statusCode=200 |
5-
| old_test.py:46:12:46:62 | ControlFlowNode for make_response() | Unexpected result: HttpResponse= |
6-
| old_test.py:46:12:46:62 | ControlFlowNode for make_response() | Unexpected result: contentType=text/html |
7-
| old_test.py:46:12:46:62 | ControlFlowNode for make_response() | Unexpected result: responseBody=BinaryExpr |
8-
| old_test.py:46:12:46:62 | ControlFlowNode for make_response() | Unexpected result: statusCode=200 |
9-
| old_test.py:50:12:50:48 | ControlFlowNode for make_response() | Unexpected result: HttpResponse= |
10-
| old_test.py:50:12:50:48 | ControlFlowNode for make_response() | Unexpected result: contentType=text/html |
11-
| old_test.py:50:12:50:48 | ControlFlowNode for make_response() | Unexpected result: responseBody=BinaryExpr |
12-
| old_test.py:50:12:50:48 | ControlFlowNode for make_response() | Unexpected result: statusCode=200 |
13-
| old_test.py:54:12:54:53 | ControlFlowNode for make_response() | Unexpected result: HttpResponse= |
14-
| old_test.py:54:12:54:53 | ControlFlowNode for make_response() | Unexpected result: contentType=text/html |
15-
| old_test.py:54:12:54:53 | ControlFlowNode for make_response() | Unexpected result: responseBody=BinaryExpr |
16-
| old_test.py:54:12:54:53 | ControlFlowNode for make_response() | Unexpected result: statusCode=200 |
17-
| old_test.py:60:12:60:62 | ControlFlowNode for make_response() | Unexpected result: HttpResponse= |
18-
| old_test.py:60:12:60:62 | ControlFlowNode for make_response() | Unexpected result: contentType=text/html |
19-
| old_test.py:60:12:60:62 | ControlFlowNode for make_response() | Unexpected result: responseBody=Attribute() |
20-
| old_test.py:60:12:60:62 | ControlFlowNode for make_response() | Unexpected result: statusCode=200 |
21-
| old_test.py:64:12:64:58 | ControlFlowNode for make_response() | Unexpected result: HttpResponse= |
22-
| old_test.py:64:12:64:58 | ControlFlowNode for make_response() | Unexpected result: contentType=text/html |
23-
| old_test.py:64:12:64:58 | ControlFlowNode for make_response() | Unexpected result: responseBody=Attribute() |
24-
| old_test.py:64:12:64:58 | ControlFlowNode for make_response() | Unexpected result: statusCode=200 |
25-
| routing_test.py:10:12:10:38 | ControlFlowNode for make_response() | Unexpected result: HttpResponse= |
26-
| routing_test.py:10:12:10:38 | ControlFlowNode for make_response() | Unexpected result: contentType=text/html |
27-
| routing_test.py:10:12:10:38 | ControlFlowNode for make_response() | Unexpected result: responseBody="some_route" |
28-
| routing_test.py:10:12:10:38 | ControlFlowNode for make_response() | Unexpected result: statusCode=200 |
29-
| routing_test.py:14:12:14:33 | ControlFlowNode for make_response() | Unexpected result: HttpResponse= |
30-
| routing_test.py:14:12:14:33 | ControlFlowNode for make_response() | Unexpected result: contentType=text/html |
31-
| routing_test.py:14:12:14:33 | ControlFlowNode for make_response() | Unexpected result: responseBody="index" |
32-
| routing_test.py:14:12:14:33 | ControlFlowNode for make_response() | Unexpected result: statusCode=200 |
33-
| routing_test.py:20:12:20:37 | ControlFlowNode for make_response() | Unexpected result: HttpResponse= |
34-
| routing_test.py:20:12:20:37 | ControlFlowNode for make_response() | Unexpected result: contentType=text/html |
35-
| routing_test.py:20:12:20:37 | ControlFlowNode for make_response() | Unexpected result: responseBody="later_set" |
36-
| routing_test.py:20:12:20:37 | ControlFlowNode for make_response() | Unexpected result: statusCode=200 |
37-
| routing_test.py:27:12:27:40 | ControlFlowNode for make_response() | Unexpected result: HttpResponse= |
38-
| routing_test.py:27:12:27:40 | ControlFlowNode for make_response() | Unexpected result: contentType=text/html |
39-
| routing_test.py:27:12:27:40 | ControlFlowNode for make_response() | Unexpected result: responseBody="unkown_route" |
40-
| routing_test.py:27:12:27:40 | ControlFlowNode for make_response() | Unexpected result: statusCode=200 |

python/ql/test/experimental/library-tests/frameworks/flask/ConceptsTest.ql

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,12 @@
11
import python
22
import experimental.meta.ConceptsTest
3+
4+
class DedicatedFlaskResponseTest extends HttpServerHttpResponseTest {
5+
DedicatedFlaskResponseTest() { file.getShortName() = "response_test.py" }
6+
}
7+
8+
class OtherFlaskResponseTest extends HttpServerHttpResponseTest {
9+
OtherFlaskResponseTest() { not this instanceof DedicatedFlaskResponseTest }
10+
11+
override string getARelevantTag() { result = "HttpResponse" }
12+
}

python/ql/test/experimental/library-tests/frameworks/flask/old_test.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -38,30 +38,30 @@ def dangerous2(): # $routeHandler
3838
@app.route("/unsafe") # $routeSetup="/unsafe"
3939
def unsafe(): # $routeHandler
4040
first_name = request.args.get('name', '')
41-
return make_response("Your name is " + first_name)
41+
return make_response("Your name is " + first_name) # $HttpResponse
4242

4343
@app.route("/safe") # $routeSetup="/safe"
4444
def safe(): # $routeHandler
4545
first_name = request.args.get('name', '')
46-
return make_response("Your name is " + escape(first_name))
46+
return make_response("Your name is " + escape(first_name)) # $HttpResponse
4747

4848
@app.route("/hello/<name>") # $routeSetup="/hello/<name>"
4949
def hello(name): # $routeHandler $routedParameter=name
50-
return make_response("Your name is " + name)
50+
return make_response("Your name is " + name) # $HttpResponse
5151

5252
@app.route("/foo/<path:subpath>") # $routeSetup="/foo/<path:subpath>"
5353
def foo(subpath): # $routeHandler $routedParameter=subpath
54-
return make_response("The subpath is " + subpath)
54+
return make_response("The subpath is " + subpath) # $HttpResponse
5555

5656
@app.route("/multiple/") # $routeSetup="/multiple/"
5757
@app.route("/multiple/foo/<foo>") # $routeSetup="/multiple/foo/<foo>"
5858
@app.route("/multiple/bar/<bar>") # $routeSetup="/multiple/bar/<bar>"
5959
def multiple(foo=None, bar=None): # $routeHandler $routedParameter=foo $routedParameter=bar
60-
return make_response("foo={!r} bar={!r}".format(foo, bar))
60+
return make_response("foo={!r} bar={!r}".format(foo, bar)) # $HttpResponse
6161

6262
@app.route("/complex/<string(length=2):lang_code>") # $routeSetup="/complex/<string(length=2):lang_code>"
6363
def complex(lang_code): # $routeHandler $routedParameter=lang_code
64-
return make_response("lang_code {}".format(lang_code))
64+
return make_response("lang_code {}".format(lang_code)) # $HttpResponse
6565

6666
if __name__ == "__main__":
6767
app.run(debug=True)

python/ql/test/experimental/library-tests/frameworks/flask/routing_test.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,24 +7,24 @@
77
SOME_ROUTE = "/some/route"
88
@app.route(SOME_ROUTE) # $routeSetup="/some/route"
99
def some_route(): # $routeHandler
10-
return make_response("some_route")
10+
return make_response("some_route") # $HttpResponse
1111

1212

1313
def index(): # $routeHandler
14-
return make_response("index")
14+
return make_response("index") # $HttpResponse
1515
app.add_url_rule('/index', 'index', index) # $routeSetup="/index"
1616

1717

1818
# We don't support this yet, and I think that's OK
1919
def later_set(): # $f-:routeHandler
20-
return make_response("later_set")
20+
return make_response("later_set") # $HttpResponse
2121
app.add_url_rule('/later-set', 'later_set', view_func=None) # $routeSetup="/later-set"
2222
app.view_functions['later_set'] = later_set
2323

2424

2525
@app.route(UNKNOWN_ROUTE) # $routeSetup
2626
def unkown_route(foo, bar): # $routeHandler $routedParameter=foo $routedParameter=bar
27-
return make_response("unkown_route")
27+
return make_response("unkown_route") # $HttpResponse
2828

2929

3030
if __name__ == "__main__":

python/ql/test/experimental/meta/ConceptsTest.qll

Lines changed: 37 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -144,39 +144,49 @@ class HttpServerRouteSetupTest extends InlineExpectationsTest {
144144
}
145145

146146
class HttpServerHttpResponseTest extends InlineExpectationsTest {
147-
HttpServerHttpResponseTest() { this = "HttpServerHttpResponseTest" }
147+
File file;
148+
149+
HttpServerHttpResponseTest() { this = "HttpServerHttpResponseTest: " + file }
148150

149151
override string getARelevantTag() {
150152
result in ["HttpResponse", "responseBody", "contentType", "statusCode"]
151153
}
152154

153155
override predicate hasActualResult(Location location, string element, string tag, string value) {
154-
exists(HTTP::Server::HttpResponse response |
155-
location = response.getLocation() and
156-
element = response.toString() and
157-
value = "" and
158-
tag = "HttpResponse"
159-
)
160-
or
161-
exists(HTTP::Server::HttpResponse response |
162-
location = response.getLocation() and
163-
element = response.toString() and
164-
value = value_from_expr(response.getBody().asExpr()) and
165-
tag = "responseBody"
166-
)
167-
or
168-
exists(HTTP::Server::HttpResponse response |
169-
location = response.getLocation() and
170-
element = response.toString() and
171-
value = response.getContentType() and
172-
tag = "contentType"
173-
)
174-
or
175-
exists(HTTP::Server::HttpResponse response |
176-
location = response.getLocation() and
177-
element = response.toString() and
178-
value = response.getStatusCode().toString() and
179-
tag = "statusCode"
156+
// By adding `file` as a class field, and these two restrictions, it's possible to
157+
// say that we only want to check _some_ tags for certain files. This helped make
158+
// flask tests more readable since adding full annotations for HttpResponses in the
159+
// the tests for routing setup is both annoying and not very useful.
160+
location.getFile() = file and
161+
tag = getARelevantTag() and
162+
(
163+
exists(HTTP::Server::HttpResponse response |
164+
location = response.getLocation() and
165+
element = response.toString() and
166+
value = "" and
167+
tag = "HttpResponse"
168+
)
169+
or
170+
exists(HTTP::Server::HttpResponse response |
171+
location = response.getLocation() and
172+
element = response.toString() and
173+
value = value_from_expr(response.getBody().asExpr()) and
174+
tag = "responseBody"
175+
)
176+
or
177+
exists(HTTP::Server::HttpResponse response |
178+
location = response.getLocation() and
179+
element = response.toString() and
180+
value = response.getContentType() and
181+
tag = "contentType"
182+
)
183+
or
184+
exists(HTTP::Server::HttpResponse response |
185+
location = response.getLocation() and
186+
element = response.toString() and
187+
value = response.getStatusCode().toString() and
188+
tag = "statusCode"
189+
)
180190
)
181191
}
182192
}

0 commit comments

Comments
 (0)