Skip to content

Commit a55c13e

Browse files
RasmusWLRasmusWL
committed
Python: Improve tests for StringDictKind taint
+ show we handle dict.values() + show we don't handle dict.items()
1 parent c79d7ac commit a55c13e

4 files changed

Lines changed: 84 additions & 69 deletions

File tree

python/ql/test/library-tests/taint/strings/DistinctStringKinds.expected

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,16 @@
1-
| Taint exception.info | test.py:54 | test.py:54:22:54:26 | taint | p1 = exception.info |
2-
| Taint exception.info | test.py:55 | test.py:55:12:55:22 | func() | p1 = exception.info |
3-
| Taint exception.info | test.py:55 | test.py:55:17:55:21 | taint | p1 = exception.info |
4-
| Taint exception.info | test.py:58 | test.py:58:12:58:33 | TAINTED_EXCEPTION_INFO | |
5-
| Taint exception.info | test.py:59 | test.py:59:11:59:41 | cross_over() | |
6-
| Taint exception.info | test.py:59 | test.py:59:37:59:40 | info | |
7-
| Taint exception.info | test.py:61 | test.py:61:19:61:21 | arg | p0 = exception.info |
8-
| Taint exception.info | test.py:62 | test.py:62:12:62:14 | arg | p0 = exception.info |
9-
| Taint externally controlled string | test.py:54 | test.py:54:22:54:26 | taint | p1 = externally controlled string |
10-
| Taint externally controlled string | test.py:55 | test.py:55:12:55:22 | func() | p1 = externally controlled string |
11-
| Taint externally controlled string | test.py:55 | test.py:55:17:55:21 | taint | p1 = externally controlled string |
12-
| Taint externally controlled string | test.py:61 | test.py:61:19:61:21 | arg | p0 = externally controlled string |
13-
| Taint externally controlled string | test.py:62 | test.py:62:12:62:14 | arg | p0 = externally controlled string |
14-
| Taint externally controlled string | test.py:65 | test.py:65:11:65:33 | TAINTED_EXTERNAL_STRING | |
15-
| Taint externally controlled string | test.py:66 | test.py:66:11:66:41 | cross_over() | |
16-
| Taint externally controlled string | test.py:66 | test.py:66:38:66:40 | ext | |
1+
| Taint exception.info | test.py:59 | test.py:59:22:59:26 | taint | p1 = exception.info |
2+
| Taint exception.info | test.py:60 | test.py:60:12:60:22 | func() | p1 = exception.info |
3+
| Taint exception.info | test.py:60 | test.py:60:17:60:21 | taint | p1 = exception.info |
4+
| Taint exception.info | test.py:63 | test.py:63:12:63:33 | TAINTED_EXCEPTION_INFO | |
5+
| Taint exception.info | test.py:64 | test.py:64:11:64:41 | cross_over() | |
6+
| Taint exception.info | test.py:64 | test.py:64:37:64:40 | info | |
7+
| Taint exception.info | test.py:66 | test.py:66:19:66:21 | arg | p0 = exception.info |
8+
| Taint exception.info | test.py:67 | test.py:67:12:67:14 | arg | p0 = exception.info |
9+
| Taint externally controlled string | test.py:59 | test.py:59:22:59:26 | taint | p1 = externally controlled string |
10+
| Taint externally controlled string | test.py:60 | test.py:60:12:60:22 | func() | p1 = externally controlled string |
11+
| Taint externally controlled string | test.py:60 | test.py:60:17:60:21 | taint | p1 = externally controlled string |
12+
| Taint externally controlled string | test.py:66 | test.py:66:19:66:21 | arg | p0 = externally controlled string |
13+
| Taint externally controlled string | test.py:67 | test.py:67:12:67:14 | arg | p0 = externally controlled string |
14+
| Taint externally controlled string | test.py:70 | test.py:70:11:70:33 | TAINTED_EXTERNAL_STRING | |
15+
| Taint externally controlled string | test.py:71 | test.py:71:11:71:41 | cross_over() | |
16+
| Taint externally controlled string | test.py:71 | test.py:71:38:71:40 | ext | |

python/ql/test/library-tests/taint/strings/TestNode.expected

Lines changed: 33 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
| Taint [externally controlled string] | test.py:15 | test.py:15:9:15:25 | Subscript | |
66
| Taint [externally controlled string] | test.py:16 | test.py:16:9:16:20 | tainted_list | |
77
| Taint [externally controlled string] | test.py:16 | test.py:16:9:16:27 | Attribute() | |
8+
| Taint [externally controlled string] | test.py:23 | test.py:23:14:23:34 | Attribute() | |
89
| Taint externally controlled string | test.py:5 | test.py:5:22:5:28 | TAINTED | |
910
| Taint externally controlled string | test.py:6 | test.py:6:31:6:44 | tainted_string | |
1011
| Taint externally controlled string | test.py:7 | test.py:7:9:7:25 | Subscript | |
@@ -16,35 +17,37 @@
1617
| Taint externally controlled string | test.py:14 | test.py:14:9:14:23 | Subscript | |
1718
| Taint externally controlled string | test.py:20 | test.py:20:9:20:28 | Subscript | |
1819
| Taint externally controlled string | test.py:21 | test.py:21:9:21:23 | Subscript | |
19-
| Taint externally controlled string | test.py:25 | test.py:25:22:25:28 | TAINTED | |
20-
| Taint externally controlled string | test.py:26 | test.py:26:9:26:22 | tainted_string | |
21-
| Taint externally controlled string | test.py:26 | test.py:26:9:26:31 | Attribute() | |
22-
| Taint externally controlled string | test.py:27 | test.py:27:9:27:22 | tainted_string | |
23-
| Taint externally controlled string | test.py:27 | test.py:27:9:27:29 | Attribute() | |
24-
| Taint externally controlled string | test.py:28 | test.py:28:9:28:22 | tainted_string | |
25-
| Taint externally controlled string | test.py:28 | test.py:28:9:28:25 | Subscript | |
26-
| Taint externally controlled string | test.py:29 | test.py:29:9:29:22 | tainted_string | |
27-
| Taint externally controlled string | test.py:29 | test.py:29:9:29:27 | Subscript | |
28-
| Taint externally controlled string | test.py:30 | test.py:30:9:30:32 | reversed() | |
29-
| Taint externally controlled string | test.py:30 | test.py:30:18:30:31 | tainted_string | |
30-
| Taint externally controlled string | test.py:31 | test.py:31:9:31:28 | copy() | |
31-
| Taint externally controlled string | test.py:31 | test.py:31:14:31:27 | tainted_string | |
20+
| Taint externally controlled string | test.py:23 | test.py:23:5:23:35 | For | |
21+
| Taint externally controlled string | test.py:24 | test.py:24:9:24:9 | d | |
22+
| Taint externally controlled string | test.py:30 | test.py:30:22:30:28 | TAINTED | |
23+
| Taint externally controlled string | test.py:31 | test.py:31:9:31:22 | tainted_string | |
24+
| Taint externally controlled string | test.py:31 | test.py:31:9:31:31 | Attribute() | |
3225
| Taint externally controlled string | test.py:32 | test.py:32:9:32:22 | tainted_string | |
33-
| Taint externally controlled string | test.py:32 | test.py:32:9:32:30 | Attribute() | |
34-
| Taint externally controlled string | test.py:35 | test.py:35:22:35:28 | TAINTED | |
35-
| Taint externally controlled string | test.py:36 | test.py:36:8:36:21 | tainted_string | |
36-
| Taint externally controlled string | test.py:39 | test.py:39:23:39:36 | tainted_string | |
37-
| Taint externally controlled string | test.py:42 | test.py:42:22:42:28 | TAINTED | |
38-
| Taint externally controlled string | test.py:43 | test.py:43:8:43:21 | tainted_string | |
39-
| Taint externally controlled string | test.py:43 | test.py:43:34:43:47 | tainted_string | |
40-
| Taint externally controlled string | test.py:46 | test.py:46:23:46:36 | tainted_string | |
41-
| Taint externally controlled string | test.py:49 | test.py:49:22:49:28 | TAINTED | |
42-
| Taint externally controlled string | test.py:50 | test.py:50:9:50:27 | str() | |
43-
| Taint externally controlled string | test.py:50 | test.py:50:13:50:26 | tainted_string | |
44-
| Taint externally controlled string | test.py:51 | test.py:51:9:51:29 | bytes() | |
45-
| Taint externally controlled string | test.py:51 | test.py:51:15:51:28 | tainted_string | |
46-
| Taint externally controlled string | test.py:52 | test.py:52:9:52:46 | bytes() | |
47-
| Taint externally controlled string | test.py:52 | test.py:52:15:52:28 | tainted_string | |
26+
| Taint externally controlled string | test.py:32 | test.py:32:9:32:29 | Attribute() | |
27+
| Taint externally controlled string | test.py:33 | test.py:33:9:33:22 | tainted_string | |
28+
| Taint externally controlled string | test.py:33 | test.py:33:9:33:25 | Subscript | |
29+
| Taint externally controlled string | test.py:34 | test.py:34:9:34:22 | tainted_string | |
30+
| Taint externally controlled string | test.py:34 | test.py:34:9:34:27 | Subscript | |
31+
| Taint externally controlled string | test.py:35 | test.py:35:9:35:32 | reversed() | |
32+
| Taint externally controlled string | test.py:35 | test.py:35:18:35:31 | tainted_string | |
33+
| Taint externally controlled string | test.py:36 | test.py:36:9:36:28 | copy() | |
34+
| Taint externally controlled string | test.py:36 | test.py:36:14:36:27 | tainted_string | |
35+
| Taint externally controlled string | test.py:37 | test.py:37:9:37:22 | tainted_string | |
36+
| Taint externally controlled string | test.py:37 | test.py:37:9:37:30 | Attribute() | |
37+
| Taint externally controlled string | test.py:40 | test.py:40:22:40:28 | TAINTED | |
38+
| Taint externally controlled string | test.py:41 | test.py:41:8:41:21 | tainted_string | |
39+
| Taint externally controlled string | test.py:44 | test.py:44:23:44:36 | tainted_string | |
40+
| Taint externally controlled string | test.py:47 | test.py:47:22:47:28 | TAINTED | |
41+
| Taint externally controlled string | test.py:48 | test.py:48:8:48:21 | tainted_string | |
42+
| Taint externally controlled string | test.py:48 | test.py:48:34:48:47 | tainted_string | |
43+
| Taint externally controlled string | test.py:51 | test.py:51:23:51:36 | tainted_string | |
44+
| Taint externally controlled string | test.py:54 | test.py:54:22:54:28 | TAINTED | |
45+
| Taint externally controlled string | test.py:55 | test.py:55:9:55:27 | str() | |
46+
| Taint externally controlled string | test.py:55 | test.py:55:13:55:26 | tainted_string | |
47+
| Taint externally controlled string | test.py:56 | test.py:56:9:56:29 | bytes() | |
48+
| Taint externally controlled string | test.py:56 | test.py:56:15:56:28 | tainted_string | |
49+
| Taint externally controlled string | test.py:57 | test.py:57:9:57:46 | bytes() | |
50+
| Taint externally controlled string | test.py:57 | test.py:57:15:57:28 | tainted_string | |
4851
| Taint json[externally controlled string] | test.py:6 | test.py:6:20:6:45 | Attribute() | |
4952
| Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:20 | tainted_json | |
5053
| Taint json[externally controlled string] | test.py:7 | test.py:7:9:7:25 | Subscript | |
@@ -57,3 +60,5 @@
5760
| Taint {externally controlled string} | test.py:21 | test.py:21:9:21:20 | tainted_dict | |
5861
| Taint {externally controlled string} | test.py:22 | test.py:22:9:22:20 | tainted_dict | |
5962
| Taint {externally controlled string} | test.py:22 | test.py:22:9:22:27 | Attribute() | |
63+
| Taint {externally controlled string} | test.py:23 | test.py:23:14:23:25 | tainted_dict | |
64+
| Taint {externally controlled string} | test.py:26 | test.py:26:17:26:28 | tainted_dict | |

0 commit comments

Comments
 (0)