Python: Split cleartext tests

Author: RasmusWL

python/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected renamed to python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected

@@ -1,9 +1,6 @@
 edges
-| password_in_cookie.py:7:16:7:43 | a password | password_in_cookie.py:9:33:9:40 | a password |
-| password_in_cookie.py:14:16:14:43 | a password | password_in_cookie.py:16:33:16:40 | a password |
 | test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password |
 | test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password |
-| test.py:20:12:20:21 | a certificate or key | test.py:22:20:22:23 | a certificate or key |
 #select
 | test.py:8:35:8:42 | password | test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password | Sensitive data returned by $@ is logged here. | test.py:7:16:7:29 | get_password() | a call returning a password |
 | test.py:14:30:14:39 | get_cert() | test.py:14:30:14:39 | a certificate or key | test.py:14:30:14:39 | a certificate or key | Sensitive data returned by $@ is logged here. | test.py:14:30:14:39 | get_cert() | a call returning a certificate or key |

python/ql/test/query-tests/Security/CWE-312/CleartextLogging.qlref renamed to python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.qlref

@@ -15,8 +15,3 @@ def log_cert():
 
 def print_password():
     print(get_password())
-
-def write_cert(filename):
-    cert = get_cert()
-    with open(filename, "w") as file:
-        file.write(cert)

python/ql/test/query-tests/Security/CWE-312/options renamed to python/ql/test/query-tests/Security/CWE-312-CleartextLogging/options

@@ -3,10 +3,9 @@ edges
 | password_in_cookie.py:7:16:7:43 | a password | password_in_cookie.py:9:33:9:40 | a password |
 | password_in_cookie.py:14:16:14:43 | a password | password_in_cookie.py:16:33:16:40 | a password |
 | password_in_cookie.py:14:16:14:43 | a password | password_in_cookie.py:16:33:16:40 | a password |
-| test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password |
-| test.py:20:12:20:21 | a certificate or key | test.py:22:20:22:23 | a certificate or key |
-| test.py:20:12:20:21 | a certificate or key | test.py:22:20:22:23 | a certificate or key |
+| test.py:10:12:10:21 | a certificate or key | test.py:12:20:12:23 | a certificate or key |
+| test.py:10:12:10:21 | a certificate or key | test.py:12:20:12:23 | a certificate or key |
 #select
 | password_in_cookie.py:9:33:9:40 | password | password_in_cookie.py:7:16:7:43 | a password | password_in_cookie.py:9:33:9:40 | a password | Sensitive data from $@ is stored here. | password_in_cookie.py:7:16:7:43 | Attribute() | a request parameter containing a password |
 | password_in_cookie.py:16:33:16:40 | password | password_in_cookie.py:14:16:14:43 | a password | password_in_cookie.py:16:33:16:40 | a password | Sensitive data from $@ is stored here. | password_in_cookie.py:14:16:14:43 | Attribute() | a request parameter containing a password |
-| test.py:22:20:22:23 | cert | test.py:20:12:20:21 | a certificate or key | test.py:22:20:22:23 | a certificate or key | Sensitive data from $@ is stored here. | test.py:20:12:20:21 | get_cert() | a call returning a certificate or key |
+| test.py:12:20:12:23 | cert | test.py:10:12:10:21 | a certificate or key | test.py:12:20:12:23 | a certificate or key | Sensitive data from $@ is stored here. | test.py:10:12:10:21 | get_cert() | a call returning a certificate or key |

python/ql/test/query-tests/Security/CWE-312/test.py renamed to python/ql/test/query-tests/Security/CWE-312-CleartextLogging/test.py

@@ -0,0 +1 @@
+semmle-extractor-options: -p ../lib/ --max-import-depth=3

python/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected renamed to python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected

@@ -0,0 +1,12 @@
+#Don't import logging; it transitively imports a lot of stuff
+
+def get_password():
+    pass
+
+def get_cert():
+    pass
+
+def write_cert(filename):
+    cert = get_cert()
+    with open(filename, "w") as file:
+        file.write(cert)