Remove leading underscore in __global_sink, __user_controlled, __tito

shannonzhu · facebook-github-bot · commit 445223c7c5ba · 2021-08-06T16:08:53.000-07:00
Summary: The naming convention for these test functions will break if we start handling private names correctly in classes, see docs on private name mangling: https://docs.python.org/3/reference/expressions.html?highlight=mangling At runtime, it's impossible to access a function named with a leading double underscore from inside a class: ``` >>> def __toplevel(x: int) -> int: ... return x ... >>> class Foo: ... def test(self): ... print(__toplevel(1)) ... >>> Foo().test() Traceback (most recent call last): File "<stdin>", line 1, in <module> File "<stdin>", line 3, in test NameError: name '_Foo__toplevel' is not defined ``` This diff is a no-op except adjusting the naming of these test helpers to lead with a single underscore instead. Reviewed By: grievejia Differential Revision: D30161410 fbshipit-source-id: 48d8120e198af61bf39671383c24bb1b444ad83e
diff --git a/source/interprocedural_analyses/taint/test/backwardAnalysisTest.ml b/source/interprocedural_analyses/taint/test/backwardAnalysisTest.ml
@@ -927,20 +927,20 @@ let test_starred context =
     ~context
     {|
       def sink_in_starred(arg):
-          __tito( *[ 1, _test_sink(arg), "foo" ] )
+          _tito( *[ 1, _test_sink(arg), "foo" ] )
 
       def sink_in_starred_starred(arg):
-          __tito( **{
+          _tito( **{
               "a": 1,
               "b": _test_sink(arg),
               "c": "foo",
           })
 
       def tito_in_starred(arg):
-          return __tito( *[ 1, arg, "foo" ] )
+          return _tito( *[ 1, arg, "foo" ] )
 
       def tito_in_starred_starred(arg):
-          return __tito( **{
+          return _tito( **{
               "a": 1,
               "b": arg,
               "c": "foo",
@@ -1431,7 +1431,7 @@ let test_assignment context =
     ~context
     {|
       def assigns_to_sink(assigned_to_sink):
-        taint.__global_sink = assigned_to_sink
+        taint._global_sink = assigned_to_sink
     |}
     [
       outcome
diff --git a/source/interprocedural_analyses/taint/test/fixpointTest.ml b/source/interprocedural_analyses/taint/test/fixpointTest.ml
@@ -45,7 +45,7 @@ let test_fixpoint context =
   assert_fixpoint
     ~context
     {|
-      from builtins import _test_source, _test_sink, __user_controlled
+      from builtins import _test_source, _test_sink, _user_controlled
       def bar():
         return _test_source()
 
@@ -70,7 +70,7 @@ let test_fixpoint context =
         bad(x)
 
       def rce_problem():
-        x = __user_controlled()
+        x = _user_controlled()
         eval(x)
 
       class TestMethods:
@@ -112,11 +112,11 @@ let test_fixpoint context =
         list_sink(x)
 
       def getattr_obj_no_match():
-        obj = __user_controlled()
+        obj = _user_controlled()
         getattr(obj, 'foo')
 
       def getattr_field_match(some_obj):
-        field = __user_controlled()
+        field = _user_controlled()
         return getattr(some_obj, field)
 
       def deep_tito(tito, no_tito):
@@ -125,11 +125,11 @@ let test_fixpoint context =
           return y
 
       def test_deep_tito_no_match():
-        obj = deep_tito(__user_controlled(), _test_source())
+        obj = deep_tito(_user_controlled(), _test_source())
         getattr('obj', obj.f.g)
 
       def test_deep_tito_match():
-        obj = deep_tito(__user_controlled(), _test_source())
+        obj = deep_tito(_user_controlled(), _test_source())
         getattr('obj', obj.g.f)
 
       class Class:
@@ -287,10 +287,10 @@ let test_combined_analysis context =
       def qualifier.combined_model(x, y: TaintSink[Demo], z: TaintInTaintOut): ...
     |}
     {|
-      from builtins import _test_sink, __user_controlled
+      from builtins import _test_sink, _user_controlled
       def combined_model(x, y, z):
         _test_sink(x)
-        return x or __user_controlled()
+        return x or _user_controlled()
     |}
     ~expect:
       {
@@ -320,10 +320,10 @@ let test_skipped_analysis context =
       def qualifier.skipped_model(x, y: TaintSink[Demo], z: TaintInTaintOut): ...
     |}
     {|
-      from builtins import _test_sink, __user_controlled
+      from builtins import _test_sink, _user_controlled
       def skipped_model(x, y, z):
         _test_sink(x)
-        return x or __user_controlled()
+        return x or _user_controlled()
     |}
     ~expect:
       {
@@ -350,11 +350,11 @@ let test_sanitized_analysis context =
       def qualifier.sanitized_model(x, y: TaintSink[Demo], z: TaintInTaintOut): ...
     |}
     {|
-      from builtins import _test_sink, __user_controlled
+      from builtins import _test_sink, _user_controlled
       def sanitized_model(x, y, z):
-        eval(__user_controlled())
+        eval(_user_controlled())
         _test_sink(x)
-        return x or __user_controlled()
+        return x or _user_controlled()
     |}
     ~expect:
       {
@@ -435,7 +435,7 @@ let test_overrides context =
   assert_fixpoint
     ~context
     {|
-      from builtins import _test_source, _test_sink, __user_controlled
+      from builtins import _test_source, _test_sink, _user_controlled
       class Base:
         def split(self):
           pass
@@ -461,7 +461,7 @@ let test_overrides context =
 
       class E(Base):
         def some_source(self):
-          return __user_controlled()
+          return _user_controlled()
 
       def test_obscure_override(b: Base):
         return b.split()
diff --git a/source/interprocedural_analyses/taint/test/forwardAnalysisTest.ml b/source/interprocedural_analyses/taint/test/forwardAnalysisTest.ml
@@ -481,7 +481,7 @@ let test_taint_in_taint_out_application context =
 
       def taint_with_tito():
         y = simple_source()
-        x = __tito(y)
+        x = _tito(y)
         return x
     |}
     [outcome ~kind:`Function ~returns:[Sources.NamedSource "Test"] "qualifier.simple_source"];
@@ -867,15 +867,15 @@ let test_starred context =
     {|
       def source_in_starred():
           list = [ 1, _test_source(), "foo" ]
-          return __tito( *list )
+          return _tito( *list )
 
       def source_in_starred_starred():
           dict = {
               "a": 1,
               "b": _test_source(),
               "c": "foo",
           }
-          return __tito( **dict )
+          return _tito( **dict )
     |}
     [
       outcome ~kind:`Function ~returns:[Sources.NamedSource "Test"] "qualifier.source_in_starred";
diff --git a/source/interprocedural_analyses/taint/test/integration/maximum_trace_length.py b/source/interprocedural_analyses/taint/test/integration/maximum_trace_length.py
@@ -3,7 +3,7 @@
 # This source code is licensed under the MIT license found in the
 # LICENSE file in the root directory of this source tree.
 
-from builtins import _test_sink, _test_source, __tito
+from builtins import _test_sink, _test_source, _tito
 
 
 def source_distance_zero():
@@ -55,5 +55,5 @@ def issue_source_one_sink_two():
 
 
 def multi_sink(x):
-    y = __tito(x, x.foo)
+    y = _tito(x, x.foo)
     sink_distance_one(y)
diff --git a/source/interprocedural_analyses/taint/test/integration/maximum_trace_length.py.cg b/source/interprocedural_analyses/taint/test/integration/maximum_trace_length.py.cg
@@ -5,7 +5,7 @@ maximum_trace_length.issue_source_one_sink_two (fun) -> [maximum_trace_length.si
 maximum_trace_length.issue_source_one_sink_zero (fun) -> [maximum_trace_length.sink_distance_zero (fun) maximum_trace_length.source_distance_one (fun)]
 maximum_trace_length.issue_source_two_sink_one (fun) -> [maximum_trace_length.sink_distance_one (fun) maximum_trace_length.source_distance_two (fun)]
 maximum_trace_length.issue_source_zero_sink_zero (fun) -> [maximum_trace_length.sink_distance_zero (fun) maximum_trace_length.source_distance_zero (fun)]
-maximum_trace_length.multi_sink (fun) -> [__tito (fun) maximum_trace_length.sink_distance_one (fun)]
+maximum_trace_length.multi_sink (fun) -> [_tito (fun) maximum_trace_length.sink_distance_one (fun)]
 maximum_trace_length.sink_distance_one (fun) -> [maximum_trace_length.sink_distance_zero (fun)]
 maximum_trace_length.sink_distance_two (fun) -> [maximum_trace_length.sink_distance_one (fun)]
 maximum_trace_length.sink_distance_zero (fun) -> [_test_sink (fun)]
diff --git a/source/interprocedural_analyses/taint/test/integration/remote_code_execution.py b/source/interprocedural_analyses/taint/test/integration/remote_code_execution.py
@@ -3,9 +3,9 @@
 # This source code is licensed under the MIT license found in the
 # LICENSE file in the root directory of this source tree.
 
-from builtins import __user_controlled
+from builtins import _user_controlled
 
 
 def rce_problem():
-    x = __user_controlled()
+    x = _user_controlled()
     eval(x)
diff --git a/source/interprocedural_analyses/taint/test/integration/remote_code_execution.py.cg b/source/interprocedural_analyses/taint/test/integration/remote_code_execution.py.cg
@@ -1,3 +1,3 @@
 @generated
 Call dependencies
-remote_code_execution.rce_problem (fun) -> [__user_controlled (fun) eval (fun)]
+remote_code_execution.rce_problem (fun) -> [_user_controlled (fun) eval (fun)]
diff --git a/source/interprocedural_analyses/taint/test/integration/remote_code_execution.py.models b/source/interprocedural_analyses/taint/test/integration/remote_code_execution.py.models
@@ -20,10 +20,10 @@
               "filename": "remote_code_execution.py",
               "line": 10,
               "start": 8,
-              "end": 27
+              "end": 26
             },
             "leaves": [
-              { "kind": "UserControlled", "name": "__user_controlled" }
+              { "kind": "UserControlled", "name": "_user_controlled" }
             ]
           }
         ]
diff --git a/source/interprocedural_analyses/taint/test/missingFlowsTest.ml b/source/interprocedural_analyses/taint/test/missingFlowsTest.ml
@@ -60,7 +60,7 @@ let test_obscure context =
       def test_obscure.obscure(x): ...
     |}
     {|
-      from builtins import _test_source, _test_sink, __user_controlled
+      from builtins import _test_source, _test_sink, _user_controlled
 
       def obscure(x): ...
 
@@ -74,7 +74,7 @@ let test_obscure context =
         obscure(_test_source())
 
       def user_controlled():
-        return __user_controlled()
+        return _user_controlled()
 
       def indirect_issue():
         to_obscure_x(user_controlled(), 0)
@@ -134,7 +134,7 @@ let test_type context =
     ~missing_flows:TaintConfiguration.Type
     ~handle:"test_type.py"
     {|
-      from builtins import _test_source, _test_sink, __user_controlled
+      from builtins import _test_source, _test_sink, _user_controlled
 
       def to_unknown_callee_x(x, y, f):
         f(x)
@@ -146,7 +146,7 @@ let test_type context =
         f(_test_source())
 
       def user_controlled():
-        return __user_controlled()
+        return _user_controlled()
 
       def indirect_issue(f):
         to_unknown_callee_x(user_controlled(), 0, f)
diff --git a/source/interprocedural_analyses/taint/test/testHelper.ml b/source/interprocedural_analyses/taint/test/testHelper.ml
@@ -338,16 +338,16 @@ let run_with_taint_models tests ~name =
       {|
       def _test_sink(arg: TaintSink[Test, Via[special_sink]]): ...
       def _test_source() -> TaintSource[Test, Via[special_source]]: ...
-      def __tito( *x: TaintInTaintOut, **kw: TaintInTaintOut): ...
+      def _tito( *x: TaintInTaintOut, **kw: TaintInTaintOut): ...
       def eval(arg: TaintSink[RemoteCodeExecution]): ...
-      def __user_controlled() -> TaintSource[UserControlled]: ...
+      def _user_controlled() -> TaintSource[UserControlled]: ...
       def getattr(
           o: TaintInTaintOut[Via[object]],
           name: TaintSink[GetAttr],
           default: TaintInTaintOut[Via[default]] = ...,
       ): ...
 
-      taint.__global_sink: TaintSink[Test] = ...
+      taint._global_sink: TaintSink[Test] = ...
       ClassWithSinkAttribute.attribute: TaintSink[Test] = ...
 
       def copy(obj: TaintInTaintOut[Via[copy]]): ...
diff --git a/source/test/test.ml b/source/test/test.ml
@@ -424,11 +424,11 @@ let typeshed_stubs ?(include_helper_builtins = true) () =
         class TestCallableTarget:
           def __call__(self) -> int: ...
         def to_callable_target(f: typing.Callable[..., Any]) -> TestCallableTarget: ...
-        def __tito( *x: Any, **kw: Any) -> Any: ...
-        __global_sink: Any
+        def _tito( *x: Any, **kw: Any) -> Any: ...
+        _global_sink: Any
         def copy(obj: object) -> object: ...
         def pyre_dump() -> None: ...
-        def __user_controlled() -> Any: ...
+        def _user_controlled() -> Any: ...
         class ClassWithSinkAttribute():
           attribute: Any = ...
 
@@ -1405,7 +1405,7 @@ let typeshed_stubs ?(include_helper_builtins = true) () =
         |}
     );
     "taint.pyi", {|
-        __global_sink: Any = ...
+        _global_sink: Any = ...
         |};
     ( "unittest.pyi",
       {|
diff --git a/stubs/integration_test/assignments_to_sinks.py b/stubs/integration_test/assignments_to_sinks.py
@@ -13,7 +13,7 @@
 
 
 def indirect(into_global_sink):
-    pyre.__global_sink = into_global_sink
+    pyre._global_sink = into_global_sink
 
 
 def test_indirect(request: HttpRequest):
@@ -23,4 +23,4 @@ def test_indirect(request: HttpRequest):
 
 def test_direct(request: HttpRequest):
     source = request.GET["bad"]
-    pyre.__global_sink = source
+    pyre._global_sink = source

Original file line number	Diff line number	Diff line change
`@@ -20,10 +20,10 @@`
`20`	`20`	`"filename": "remote_code_execution.py",`
`21`	`21`	`"line": 10,`
`22`	`22`	`"start": 8,`
`23`		`- "end": 27`
	`23`	`+ "end": 26`
`24`	`24`	`},`
`25`	`25`	`"leaves": [`
`26`		`- { "kind": "UserControlled", "name": "__user_controlled" }`
	`26`	`+ { "kind": "UserControlled", "name": "_user_controlled" }`
`27`	`27`	`]`
`28`	`28`	`}`
`29`	`29`	`]`