Python: Add more examples of what is ok with new taint tests

RasmusWL · RasmusWL · commit b2cb284ff273 · 2021-04-19T14:56:20.000+02:00
diff --git a/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.expected b/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.expected
@@ -1,5 +1,7 @@
 argumentToEnsureNotTaintedNotMarkedAsSpurious
-| ERROR, you should add `SPURIOUS:` to this annotation | taint_test.py:36:9:36:29 | taint_test.py:36 | should_not_be_tainted |
+| ERROR, you should add `SPURIOUS:` to this annotation | taint_test.py:48:9:48:29 | taint_test.py:48 | should_not_be_tainted |
 untaintedArgumentToEnsureTaintedNotMarkedAsMissing
-| ERROR, you should add `# $ MISSING: tainted` annotation | taint_test.py:28:9:28:25 | taint_test.py:28 |
+| ERROR, you should add `# $ MISSING: tainted` annotation | taint_test.py:32:9:32:25 | taint_test.py:32 |
+| ERROR, you should add `# $ MISSING: tainted` annotation | taint_test.py:37:24:37:40 | taint_test.py:37 |
 failures
+| taint_test.py:41:20:41:21 | ts | Fixed missing result:tainted= |
diff --git a/python/ql/test/experimental/meta/inline-taint-test-demo/taint_test.py b/python/ql/test/experimental/meta/inline-taint-test-demo/taint_test.py
@@ -9,6 +9,10 @@ def expected_usage():
         should_be_tainted, # $ MISSING: tainted
     )
 
+    # having one annotation for multiple arguments is OK, as long as all arguments
+    # fulfil the same annotation
+    ensure_tainted(ts, ts) # $ tainted
+
     # simulating handling something we _want_ to treat at untainted, but we currently treat as tainted
     should_not_be_tainted = "pretend this is now safe" + ts
     ensure_not_tainted(
@@ -28,6 +32,14 @@ def bad_usage():
         should_be_tainted,
     )
 
+    # using one annotation for multiple arguments i not OK when it's mixed whether our
+    # taint-tracking works as expected
+    ensure_tainted(ts, should_be_tainted) # $ tainted
+
+    # if you try to get around it by adding BOTH annotations, that results in a problem
+    # from the default set of inline-test-expectation rules
+    ensure_tainted(ts, should_be_tainted) # $ tainted MISSING: tainted
+
     # simulating handling something we _want_ to treat at untainted, but we currently treat as tainted
     should_not_be_tainted = "pretend this is now safe" + ts
 
