Merge pull request github#3917 from RasmusWL/python-fix-experimental-tests

tausbn · web-flow · commit 548fceb3068d · 2020-07-07T22:05:47.000+02:00
Python: Fix experimental tests
diff --git a/python/ql/src/experimental/CWE-643/xpath.ql b/python/ql/src/experimental/CWE-643/xpath.ql
@@ -12,6 +12,7 @@
 
 import python
 import semmle.python.security.Paths
+import semmle.python.security.strings.Untrusted
 /* Sources */
 import semmle.python.web.HttpRequest
 /* Sinks */
diff --git a/python/ql/src/experimental/semmle/python/security/injection/Xpath.qll b/python/ql/src/experimental/semmle/python/security/injection/Xpath.qll
@@ -22,14 +22,14 @@ module XpathInjection {
   abstract class XpathInjectionSink extends TaintSink { }
 
   /**
-   * A Sink representing an argument to the `etree.Xpath` call.
+   * A Sink representing an argument to the `etree.XPath` call.
    *
    *    from lxml import etree
    *    root = etree.XML("<xmlContent>")
    *    find_text = etree.XPath("`sink`")
    */
   private class EtreeXpathArgument extends XpathInjectionSink {
-    override string toString() { result = "lxml.etree.Xpath" }
+    override string toString() { result = "lxml.etree.XPath" }
 
     EtreeXpathArgument() {
       exists(CallNode call | call.getFunction().(AttrNode).getObject("XPath").pointsTo(etree()) |
diff --git a/python/ql/test/experimental/CWE-091/Xslt.qlref b/python/ql/test/experimental/CWE-091/Xslt.qlref
@@ -1 +1 @@
-experimental/CWE-643/Xslt.ql
+experimental/CWE-091/Xslt.ql
diff --git a/python/ql/test/experimental/CWE-643/xpath.qlref b/python/ql/test/experimental/CWE-643/xpath.qlref
@@ -1 +1 @@
-experimental/CWE-643/xpath.ql
+experimental/CWE-643/xpath.ql
diff --git a/python/ql/test/experimental/CWE-643/xpathSinks.expected b/python/ql/test/experimental/CWE-643/xpathSinks.expected
@@ -1,12 +1,12 @@
 | xpath.py:8:20:8:29 | lxml.etree.parse.xpath | externally controlled string |
-| xpath.py:13:29:13:38 | lxml.etree.Xpath | externally controlled string |
-| xpath.py:19:29:19:38 | lxml.etree.Xpath | externally controlled string |
+| xpath.py:13:29:13:38 | lxml.etree.XPath | externally controlled string |
+| xpath.py:19:29:19:38 | lxml.etree.XPath | externally controlled string |
 | xpath.py:25:38:25:46 | lxml.etree.ETXpath | externally controlled string |
 | xpath.py:32:29:32:34 | libxml2.parseFile.xpathEval | externally controlled string |
 | xpathBad.py:13:20:13:43 | lxml.etree.parse.xpath | externally controlled string |
 | xpathFlow.py:14:20:14:29 | lxml.etree.parse.xpath | externally controlled string |
-| xpathFlow.py:23:29:23:38 | lxml.etree.Xpath | externally controlled string |
-| xpathFlow.py:32:29:32:38 | lxml.etree.Xpath | externally controlled string |
+| xpathFlow.py:23:29:23:38 | lxml.etree.XPath | externally controlled string |
+| xpathFlow.py:32:29:32:38 | lxml.etree.XPath | externally controlled string |
 | xpathFlow.py:41:31:41:40 | lxml.etree.ETXpath | externally controlled string |
 | xpathFlow.py:49:29:49:38 | libxml2.parseFile.xpathEval | externally controlled string |
 | xpathGood.py:13:20:13:37 | lxml.etree.parse.xpath | externally controlled string |
diff --git a/python/ql/test/experimental/CWE-643/xpathSinks.ql b/python/ql/test/experimental/CWE-643/xpathSinks.ql
@@ -1,5 +1,6 @@
 import python
 import experimental.semmle.python.security.injection.Xpath
+import semmle.python.security.strings.Untrusted
 
 from XpathInjection::XpathInjectionSink sink, TaintKind kind
 where sink.sinks(kind)

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-experimental/CWE-643/Xslt.ql`
	`1`	`+experimental/CWE-091/Xslt.ql`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-experimental/CWE-643/xpath.ql`
	`1`	`+experimental/CWE-643/xpath.ql`