Python: Add flask tests from internal repo

RasmusWL · RasmusWL · commit edfcf391370a · 2019-11-11T17:18:26.000+01:00
diff --git a/python/ql/test/library-tests/web/flask/Routing.expected b/python/ql/test/library-tests/web/flask/Routing.expected
@@ -0,0 +1,4 @@
+| / | Function hello |
+| /dangerous | Function dangerous |
+| /dangerous-with-cfg-split | Function dangerous2 |
+| /the/ | Function get |
diff --git a/python/ql/test/library-tests/web/flask/Routing.ql b/python/ql/test/library-tests/web/flask/Routing.ql
@@ -0,0 +1,9 @@
+import python
+
+import semmle.python.web.flask.General
+
+from ControlFlowNode regex, Function func
+
+where flask_routing(regex, func)
+
+select regex.getNode().(StrConst).getText(), func.toString()
diff --git a/python/ql/test/library-tests/web/flask/Sinks.expected b/python/ql/test/library-tests/web/flask/Sinks.expected
@@ -0,0 +1,4 @@
+| test.py:8 | Str | externally controlled string |
+| test.py:29 | Attribute() | externally controlled string |
+| test.py:35 | Subscript | externally controlled string |
+| test.py:36 | None | externally controlled string |
diff --git a/python/ql/test/library-tests/web/flask/Sinks.ql b/python/ql/test/library-tests/web/flask/Sinks.ql
@@ -0,0 +1,10 @@
+
+import python
+
+import semmle.python.web.HttpRequest
+import semmle.python.web.HttpResponse
+import semmle.python.security.strings.Untrusted
+
+from TaintSink sink, TaintKind kind
+where sink.sinks(kind)
+select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind
diff --git a/python/ql/test/library-tests/web/flask/Sources.expected b/python/ql/test/library-tests/web/flask/Sources.expected
@@ -0,0 +1,4 @@
+| test.py:22 | Attribute() | flask/MyView.as.view |
+| test.py:29 | Attribute | {externally controlled string} |
+| test.py:33 | Attribute | {externally controlled string} |
+| test.py:35 | Attribute | {externally controlled string} |
diff --git a/python/ql/test/library-tests/web/flask/Sources.ql b/python/ql/test/library-tests/web/flask/Sources.ql
@@ -0,0 +1,11 @@
+
+import python
+
+import semmle.python.web.HttpRequest
+import semmle.python.web.HttpResponse
+import semmle.python.security.strings.Untrusted
+
+
+from TaintSource src, TaintKind kind
+where src.isSourceOf(kind)
+select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind
diff --git a/python/ql/test/library-tests/web/flask/Taint.expected b/python/ql/test/library-tests/web/flask/Taint.expected
@@ -0,0 +1,8 @@
+| test.py:22 | Attribute() | flask/MyView.as.view |
+| test.py:25 | the_view | flask/MyView.as.view |
+| test.py:29 | Attribute | {externally controlled string} |
+| test.py:29 | Attribute() | externally controlled string |
+| test.py:33 | Attribute | {externally controlled string} |
+| test.py:33 | Subscript | externally controlled string |
+| test.py:35 | Attribute | {externally controlled string} |
+| test.py:35 | Subscript | externally controlled string |
diff --git a/python/ql/test/library-tests/web/flask/Taint.ql b/python/ql/test/library-tests/web/flask/Taint.ql
@@ -0,0 +1,12 @@
+
+import python
+
+
+import semmle.python.web.HttpRequest
+import semmle.python.web.HttpResponse
+import semmle.python.security.strings.Untrusted
+
+
+from TaintedNode node
+where node.getLocation().getFile().getName().matches("%test.py")
+select node.getLocation().toString(), node.getAstNode().toString(), node.getTaintKind()
diff --git a/python/ql/test/library-tests/web/flask/options b/python/ql/test/library-tests/web/flask/options
@@ -0,0 +1,2 @@
+semmle-extractor-options: --max-import-depth=3 --lang=3 -p ../../../query-tests/Security/lib/
+optimize: true
diff --git a/python/ql/test/library-tests/web/flask/test.py b/python/ql/test/library-tests/web/flask/test.py
@@ -0,0 +1,36 @@
+import flask
+
+from flask import Flask, request
+app = Flask(__name__)
+
+@app.route("/")
+def hello():
+    return "Hello World!"
+
+from flask.views import MethodView
+
+class MyView(MethodView):
+
+    def get(self, user_id):
+        if user_id is None:
+            # return a list of users
+            pass
+        else:
+            # expose a single user
+            pass
+
+the_view = MyView.as_view('my_view')
+
+app.add_url_rule('/the/', defaults={'user_id': None},
+                 view_func=the_view, methods=['GET',])
+
+@app.route("/dangerous")
+def dangerous():
+    return request.args.get('payload')
+
+@app.route("/dangerous-with-cfg-split")
+def dangerous2():
+    x = request.form['param0']
+    if request.method == "POST":
+        return request.form['param1']
+    return None

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+semmle-extractor-options: --max-import-depth=3 --lang=3 -p ../../../query-tests/Security/lib/`
	`2`	`+optimize: true`