Merge pull request github#3213 from RasmusWL/python-iter-str-seq-with-tests

Python: supress non-useful results (w/ tests) for iter str/seq query

Author: tausbn

python/ql/src/Statements/IterableStringOrSequence.ql

@@ -12,6 +12,7 @@
  */
 
 import python
+import semmle.python.filters.Tests
 
 predicate has_string_type(Value v) {
     v.getClass() = ClassValue::str()
@@ -28,7 +29,10 @@ where
     iter.pointsTo(seq, seq_origin) and
     has_string_type(str) and
     seq.getClass().isIterable() and
-    not has_string_type(seq)
+    not has_string_type(seq) and
+    // suppress occurrences from tests
+    not seq_origin.getScope().getScope*() instanceof TestScope and
+    not str_origin.getScope().getScope*() instanceof TestScope
 select loop,
     "Iteration over $@, of class " + seq.getClass().getName() + ", may also iterate over $@.",
     seq_origin, "sequence", str_origin, "string"

python/ql/test/3/query-tests/Statements/iter/supress_uses_from_tests.py

@@ -0,0 +1,19 @@
+# This example illustrates that not all valid results are useful.
+# The alert in this file should be suppressed.
+# see https://github.com/Semmle/ql/issues/3207
+
+def foo(l):
+    for (k, v) in l:
+        print(k, v)
+
+foo([('a', 42), ('b', 43)])
+
+import unittest
+
+class FooTest(unittest.TestCase):
+    def test_valid(self):
+        foo([('a', 42), ('b', 43)])
+
+    def test_not_valid(self):
+        with six.assertRaises(self, ValueError):
+            foo("not valid")