Merge pull request github#5687 from RasmusWL/inline-taint-tests

Approved by yoff

Author: codeql-ci

python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.expected

@@ -0,0 +1,3 @@
+argumentToEnsureNotTaintedNotMarkedAsSpurious
+untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+failures

python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/TestTaint.ql renamed to python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.ql

@@ -1,4 +1,4 @@
-import experimental.dataflow.tainttracking.TestTaintLib
+import experimental.meta.InlineTaintTest
 import semmle.python.dataflow.new.BarrierGuards
 
 class CustomSanitizerOverrides extends TestTaintTrackingConfiguration {

python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/TestTaint.expected

@@ -15,98 +15,98 @@ def test_eq():
     if ts == "safe":
         ensure_not_tainted(ts)
     else:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
     # ts should still be tainted after exiting the if block
-    ensure_tainted(ts)
+    ensure_tainted(ts) # $ tainted
 
 
 def test_eq_unsafe(x="foo"):
     """This test-case might seem strange, but it was a FP in our old points-to based analysis."""
     ts = TAINTED_STRING
     if ts == ts:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
     if ts == x:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
 
 
 def test_eq_with_or():
     ts = TAINTED_STRING
     if ts == "safe" or ts == "also_safe":
-        ensure_not_tainted(ts)
+        ensure_not_tainted(ts) # $ SPURIOUS: tainted
     else:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
 
 
 def test_non_eq1():
     ts = TAINTED_STRING
     if ts != "safe":
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
     else:
         ensure_not_tainted(ts)
 
 
 def test_non_eq2():
     ts = TAINTED_STRING
     if not ts == "safe":
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
     else:
-        ensure_not_tainted(ts)
+        ensure_not_tainted(ts) # $ SPURIOUS: tainted
 
 
 def test_in_list():
     ts = TAINTED_STRING
     if ts in ["safe", "also_safe"]:
         ensure_not_tainted(ts)
     else:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
 
 
 def test_in_tuple():
     ts = TAINTED_STRING
     if ts in ("safe", "also_safe"):
         ensure_not_tainted(ts)
     else:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
 
 
 def test_in_set():
     ts = TAINTED_STRING
     if ts in {"safe", "also_safe"}:
         ensure_not_tainted(ts)
     else:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
 
 
 def test_in_unsafe1(xs):
     ts = TAINTED_STRING
     if ts in xs:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
     else:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
 
 
 def test_in_unsafe2(x):
     ts = TAINTED_STRING
     if ts in ["safe", x]:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
     else:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
 
 
 def test_not_in1():
     ts = TAINTED_STRING
     if ts not in ["safe", "also_safe"]:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
     else:
         ensure_not_tainted(ts)
 
 
 def test_not_in2():
     ts = TAINTED_STRING
     if not ts in ["safe", "also_safe"]:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
     else:
-        ensure_not_tainted(ts)
+        ensure_not_tainted(ts) # $ SPURIOUS: tainted
 
 
 def is_safe(x):
@@ -116,9 +116,9 @@ def is_safe(x):
 def test_eq_thorugh_func():
     ts = TAINTED_STRING
     if is_safe(ts):
-        ensure_not_tainted(ts)
+        ensure_not_tainted(ts) # $ SPURIOUS: tainted
     else:
-        ensure_tainted(ts)
+        ensure_tainted(ts) # $ tainted
 
 
 # Make tests runable

python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/test_string_const_compare.py

@@ -0,0 +1,20 @@
+argumentToEnsureNotTaintedNotMarkedAsSpurious
+untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+failures
+isSanitizer
+| TestTaintTrackingConfiguration | test.py:21:39:21:39 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test.py:50:10:50:29 | ControlFlowNode for emulated_escaping() |
+isSanitizerGuard
+| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:29:8:29:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:44:8:44:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:52:12:52:21 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:72:8:72:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:80:12:80:21 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:104:8:104:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:127:12:127:21 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:132:16:132:25 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:137:20:137:29 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_reference.py:30:8:30:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_reference.py:40:8:40:25 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_reference.py:55:8:55:21 | ControlFlowNode for is_safe() |

python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected

@@ -1,4 +1,4 @@
-import experimental.dataflow.tainttracking.TestTaintLib
+import experimental.meta.InlineTaintTest
 
 class IsSafeCheck extends DataFlow::BarrierGuard {
   IsSafeCheck() {

python/ql/test/experimental/dataflow/tainttracking/customSanitizer/TestTaint.ql renamed to python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.ql

@@ -35,9 +35,9 @@ def test_custom_sanitizer_guard():
     if emulated_is_safe(s):
         ensure_not_tainted(s)
         s = TAINTED_STRING
-        ensure_tainted(s)
+        ensure_tainted(s) # $ tainted
     else:
-        ensure_tainted(s)
+        ensure_tainted(s) # $ tainted
 
 
 def emulated_escaping(arg):