Add tests for tornado and twisted

Author: joefarebrother

python/ql/test/library-tests/frameworks/rest_framework/response_test.py

@@ -15,8 +15,8 @@ def plain_text_response(request): # $ requestHandler
     # this response is not the standard way to use the Djagno REST framework, but it
     # certainly is possible -- notice that the response contains double quotes
     data = 'this response will contain double quotes since it was a string'
-    resp = Response(data, None, None, None, None, "text/plain") # $ HttpResponse mimetype=text/plain responseBody=data
-    resp = Response(data=data, content_type="text/plain") # $ HttpResponse mimetype=text/plain responseBody=data
+    resp = Response(data, None, None, None, None, "text/plain") # $ HttpResponse
+    resp = Response(data=data, content_type="text/plain") # $ HttpResponse
     return resp
 
 ################################################################################

python/ql/test/library-tests/frameworks/tornado/response_test.py

@@ -65,12 +65,13 @@ def get(self, stream=False): # $ requestHandler routedParameter=stream
 class CookieWriting(tornado.web.RequestHandler):
     def get(self):  # $ requestHandler
         self.write("foo") # $ HttpResponse mimetype=text/html responseBody="foo"
-        self.set_cookie("key", "value") # $ CookieWrite CookieName="key" CookieValue="value"
-        self.set_cookie(name="key", value="value") # $ CookieWrite CookieName="key" CookieValue="value"
-        self.set_header("Set-Cookie", "key2=value2") # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2"
-        self.add_header("Set-Cookie", "key3=value3") # $ headerWriteName="Set-Cookie" headerWriteValue="key3=value3" CookieWrite CookieRawHeader="key3=value3"
-        self.request.headers.add("Set-Cookie", "key4=value4") # $ headerWriteName="Set-Cookie" headerWriteValue="key4=value4" CookieWrite CookieRawHeader="key4=value4"
-        self.request.headers["Set-Cookie"] = "key5=value5" # $ headerWriteName="Set-Cookie" headerWriteValue="key5=value5" CookieWrite CookieRawHeader="key5=value5"
+        self.set_cookie("key", "value") # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax
+        self.set_cookie(name="key", value="value") # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax
+        self.set_cookie("key", "value", secure=True, httponly=True, samesite="strict") # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=true CookieHttpOnly=true CookieSameSite=Strict
+        self.set_header("Set-Cookie", "key2=value2") # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax
+        self.add_header("Set-Cookie", "key3=value3") # $ headerWriteName="Set-Cookie" headerWriteValue="key3=value3" CookieWrite CookieRawHeader="key3=value3" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax
+        self.request.headers.add("Set-Cookie", "key4=value4") # $ headerWriteName="Set-Cookie" headerWriteValue="key4=value4" CookieWrite CookieRawHeader="key4=value4" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax
+        self.request.headers["Set-Cookie"] = "key5=value5" # $ headerWriteName="Set-Cookie" headerWriteValue="key5=value5" CookieWrite CookieRawHeader="key5=value5" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax
 
 
 def make_app():

python/ql/test/library-tests/frameworks/twisted/response_test.py

@@ -51,13 +51,14 @@ class CookieWriting(Resource):
     """Examples of providing values in response that is not in the body
     """
     def render_GET(self, request: Request): # $ requestHandler
-        request.addCookie("key", "value") # $ CookieWrite CookieName="key" CookieValue="value"
-        request.addCookie(k="key", v="value") # $ CookieWrite CookieName="key" CookieValue="value"
+        request.addCookie("key", "value") # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax
+        request.addCookie(k="key", v="value") # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax
+        request.addCookie("key", "value", secure=True, httponly=True, samesite="strict") # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=true CookieHttpOnly=true CookieSameSite=Strict
         val = "key2=value"
-        request.cookies.append(val) # $ CookieWrite CookieRawHeader=val
+        request.cookies.append(val) # $ CookieWrite CookieRawHeader=val CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax
 
         request.responseHeaders.addRawHeader("key", "value")
-        request.setHeader("Set-Cookie", "key3=value3") # $ MISSING: CookieWrite CookieRawHeader="key3=value3"
+        request.setHeader("Set-Cookie", "key3=value3") # $ MISSING: CookieWrite CookieRawHeader="key3=value3" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax
 
         return b"" # $ HttpResponse mimetype=text/html responseBody=b""