Python: Improve sanitizer/guards tests

RasmusWL · RasmusWL · commit 9d81fd3b955d · 2022-02-18T14:12:41.000+01:00
Based on review conversation
diff --git a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
@@ -3,18 +3,21 @@ untaintedArgumentToEnsureTaintedNotMarkedAsMissing
 failures
 isSanitizer
 | TestTaintTrackingConfiguration | test.py:21:39:21:39 | ControlFlowNode for s |
-| TestTaintTrackingConfiguration | test.py:53:10:53:29 | ControlFlowNode for emulated_escaping() |
+| TestTaintTrackingConfiguration | test.py:34:39:34:39 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test.py:66:10:66:29 | ControlFlowNode for emulated_escaping() |
 isSanitizerGuard
-| TestTaintTrackingConfiguration | test.py:38:8:38:26 | ControlFlowNode for emulated_is_safe() |
+| TestTaintTrackingConfiguration | test.py:51:8:51:26 | ControlFlowNode for emulated_is_safe() |
 | TestTaintTrackingConfiguration | test_logical.py:29:8:29:17 | ControlFlowNode for is_safe() |
 | TestTaintTrackingConfiguration | test_logical.py:44:8:44:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:52:12:52:21 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:72:8:72:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:80:12:80:21 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:104:8:104:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:127:12:127:21 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:132:16:132:25 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:137:20:137:29 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:49:8:49:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:59:8:59:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:67:12:67:21 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:87:8:87:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:95:12:95:21 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:119:8:119:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:142:12:142:21 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:147:16:147:25 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:152:20:152:29 | ControlFlowNode for is_safe() |
 | TestTaintTrackingConfiguration | test_reference.py:30:8:30:17 | ControlFlowNode for is_safe() |
 | TestTaintTrackingConfiguration | test_reference.py:40:8:40:25 | ControlFlowNode for is_safe() |
 | TestTaintTrackingConfiguration | test_reference.py:55:8:55:21 | ControlFlowNode for is_safe() |
diff --git a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/test.py b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/test.py
@@ -14,7 +14,7 @@ def emulated_authentication_check(arg):
         raise Exception("user unauthenticated")
 
 
-def test_custom_sanitizer_exception():
+def test_custom_sanitizer_exception_raise():
     s = TAINTED_STRING
 
     try:
@@ -27,6 +27,19 @@ def test_custom_sanitizer_exception():
     ensure_not_tainted(s)
 
 
+def test_custom_sanitizer_exception_pass():
+    s = TAINTED_STRING
+
+    try:
+        emulated_authentication_check(s)
+        ensure_not_tainted(s)
+    except:
+        ensure_tainted(s) # $ tainted
+        pass
+
+    ensure_tainted(s) # $ tainted
+
+
 def emulated_is_safe(arg):
     # emulating something we won't be able to look at source code for
     return eval("False")
@@ -52,12 +65,14 @@ def test_escape():
 
     s2 = emulated_escaping(s)
     ensure_not_tainted(s2)
+    ensure_tainted(s) # $ tainted
 
 
 # Make tests runable
 
+test_custom_sanitizer_exception_pass()
 try:
-    test_custom_sanitizer_exception()
+    test_custom_sanitizer_exception_raise()
 except Exception:
     pass
 test_custom_sanitizer_guard()
diff --git a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/test_logical.py b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/test_logical.py
@@ -37,6 +37,21 @@ def test_basic():
         ensure_not_tainted(s) # $ SPURIOUS: tainted
 
 
+def test_if_in_depth():
+    s = TAINTED_STRING
+
+    # ensure that value is still considered tainted after guard check
+    if is_safe(s):
+        ensure_not_tainted(s)
+    ensure_tainted(s) # $ tainted
+
+    # ensure new tainted assignment to variable is not treated as safe by guard
+    if is_safe(s):
+        ensure_not_tainted(s)
+        s = TAINTED_STRING
+        ensure_tainted(s) # $ tainted
+
+
 def test_or():
     s = TAINTED_STRING
 
@@ -160,6 +175,7 @@ def test_with_exception():
 # Make tests runable
 
 test_basic()
+test_if_in_depth()
 test_or()
 test_and()
 test_tricky()
