Add tests

sylwia-budzynska · sylwia-budzynska · commit 5d946586b8e5 · 2024-04-08T15:39:54.000+02:00
diff --git a/python/ql/test/library-tests/frameworks/gradio/source_test.expected b/python/ql/test/library-tests/frameworks/gradio/source_test.expected
@@ -0,0 +1,5 @@
+| source_test.py:15:15:15:18 | ControlFlowNode for name |
+| source_test.py:19:16:19:19 | ControlFlowNode for name |
+| source_test.py:26:16:26:19 | ControlFlowNode for name |
+| taint_step_test.py:5:12:5:35 | ControlFlowNode for Attribute() |
+| taint_step_test.py:6:12:6:35 | ControlFlowNode for Attribute() |
diff --git a/python/ql/test/library-tests/frameworks/gradio/source_test.py b/python/ql/test/library-tests/frameworks/gradio/source_test.py
@@ -4,6 +4,10 @@
 with gr.Blocks() as demo:
     name = gr.Textbox(label="Name")
     output = gr.Textbox(label="Output Box")
+    # static block - not used as a source
+    static_block = gr.HTML("""
+    <div style='height: 100px; width: 800px; background-color: pink;'></div>
+    """)
     greet_btn = gr.Button("Hello")
 
 	# decorator
diff --git a/python/ql/test/library-tests/frameworks/gradio/source_test.ql b/python/ql/test/library-tests/frameworks/gradio/source_test.ql
@@ -0,0 +1,5 @@
+import python
+import semmle.python.dataflow.new.RemoteFlowSources
+
+from RemoteFlowSource rfs
+select rfs
diff --git a/python/ql/test/library-tests/frameworks/gradio/taint_step_test.expected b/python/ql/test/library-tests/frameworks/gradio/taint_step_test.expected
@@ -0,0 +1,25 @@
+edges
+| taint_step_test.py:5:5:5:8 | ControlFlowNode for path | taint_step_test.py:19:43:19:46 | ControlFlowNode for path | provenance |  |
+| taint_step_test.py:5:12:5:35 | ControlFlowNode for Attribute() | taint_step_test.py:5:5:5:8 | ControlFlowNode for path | provenance |  |
+| taint_step_test.py:6:5:6:8 | ControlFlowNode for file | taint_step_test.py:19:48:19:51 | ControlFlowNode for file | provenance |  |
+| taint_step_test.py:6:12:6:35 | ControlFlowNode for Attribute() | taint_step_test.py:6:5:6:8 | ControlFlowNode for file | provenance |  |
+| taint_step_test.py:11:18:11:21 | ControlFlowNode for path | taint_step_test.py:12:9:12:16 | ControlFlowNode for filepath | provenance |  |
+| taint_step_test.py:11:24:11:27 | ControlFlowNode for file | taint_step_test.py:12:9:12:16 | ControlFlowNode for filepath | provenance |  |
+| taint_step_test.py:12:9:12:16 | ControlFlowNode for filepath | taint_step_test.py:13:19:13:26 | ControlFlowNode for filepath | provenance |  |
+| taint_step_test.py:19:43:19:46 | ControlFlowNode for path | taint_step_test.py:11:18:11:21 | ControlFlowNode for path | provenance |  |
+| taint_step_test.py:19:48:19:51 | ControlFlowNode for file | taint_step_test.py:11:24:11:27 | ControlFlowNode for file | provenance |  |
+nodes
+| taint_step_test.py:5:5:5:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
+| taint_step_test.py:5:12:5:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| taint_step_test.py:6:5:6:8 | ControlFlowNode for file | semmle.label | ControlFlowNode for file |
+| taint_step_test.py:6:12:6:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| taint_step_test.py:11:18:11:21 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
+| taint_step_test.py:11:24:11:27 | ControlFlowNode for file | semmle.label | ControlFlowNode for file |
+| taint_step_test.py:12:9:12:16 | ControlFlowNode for filepath | semmle.label | ControlFlowNode for filepath |
+| taint_step_test.py:13:19:13:26 | ControlFlowNode for filepath | semmle.label | ControlFlowNode for filepath |
+| taint_step_test.py:19:43:19:46 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
+| taint_step_test.py:19:48:19:51 | ControlFlowNode for file | semmle.label | ControlFlowNode for file |
+subpaths
+#select
+| taint_step_test.py:13:19:13:26 | ControlFlowNode for filepath | taint_step_test.py:5:12:5:35 | ControlFlowNode for Attribute() | taint_step_test.py:13:19:13:26 | ControlFlowNode for filepath | This path depends on a $@. | taint_step_test.py:5:12:5:35 | ControlFlowNode for Attribute() | user-provided value |
+| taint_step_test.py:13:19:13:26 | ControlFlowNode for filepath | taint_step_test.py:6:12:6:35 | ControlFlowNode for Attribute() | taint_step_test.py:13:19:13:26 | ControlFlowNode for filepath | This path depends on a $@. | taint_step_test.py:6:12:6:35 | ControlFlowNode for Attribute() | user-provided value |
diff --git a/python/ql/test/library-tests/frameworks/gradio/taint_step_test.qlref b/python/ql/test/library-tests/frameworks/gradio/taint_step_test.qlref
@@ -0,0 +1 @@
+Security/CWE-022/PathInjection.ql
