Add tests and change note

sylwia-budzynska · sylwia-budzynska · commit 6d1c00742f3f · 2024-07-26T14:15:43.000+02:00
diff --git a/python/ql/lib/semmle/python/Frameworks.qll b/python/ql/lib/semmle/python/Frameworks.qll
@@ -73,6 +73,7 @@ private import semmle.python.frameworks.Simplejson
 private import semmle.python.frameworks.SqlAlchemy
 private import semmle.python.frameworks.Starlette
 private import semmle.python.frameworks.Stdlib
+private import semmle.python.frameworks.Streamlit
 private import semmle.python.frameworks.Toml
 private import semmle.python.frameworks.Torch
 private import semmle.python.frameworks.Tornado
diff --git a/python/ql/src/change-notes/2024-07-26-streamlit-models.md b/python/ql/src/change-notes/2024-07-26-streamlit-models.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added models of `streamlit` PyPI package.
diff --git a/python/ql/test/library-tests/frameworks/streamlit/ConceptsTest.ql b/python/ql/test/library-tests/frameworks/streamlit/ConceptsTest.ql
@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest
diff --git a/python/ql/test/library-tests/frameworks/streamlit/rfs-test.expected b/python/ql/test/library-tests/frameworks/streamlit/rfs-test.expected
@@ -0,0 +1,2 @@
+testFailures
+failures
diff --git a/python/ql/test/library-tests/frameworks/streamlit/rfs-test.ql b/python/ql/test/library-tests/frameworks/streamlit/rfs-test.ql
@@ -0,0 +1,20 @@
+import python
+import semmle.python.dataflow.new.RemoteFlowSources
+import TestUtilities.InlineExpectationsTest
+private import semmle.python.dataflow.new.internal.PrintNode
+
+module SourceTest implements TestSig {
+  string getARelevantTag() { result = "source" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(location.getFile().getRelativePath()) and
+    exists(RemoteFlowSource rfs |
+      location = rfs.getLocation() and
+      element = rfs.toString() and
+      value = prettyNode(rfs) and
+      tag = "source"
+    )
+  }
+}
+
+import MakeTest<SourceTest>
diff --git a/python/ql/test/library-tests/frameworks/streamlit/test.py b/python/ql/test/library-tests/frameworks/streamlit/test.py
@@ -0,0 +1,12 @@
+import streamlit as st
+
+# Streamlit sources
+inp = st.text_input("Query the database") # $ source=st.text_input(..)
+area = st.text_area("Area") # $ source=st.text_area(..)
+chat = st.chat_input("Chat") # $ source=st.chat_input(..)
+
+# Initialize connection.
+conn = st.connection("postgresql", type="sql")
+
+# SQL injection sink
+q = conn.query("some sql")  # $ getSql="some sql"

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added models of `streamlit` PyPI package.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+import python`
	`2`	`+import experimental.meta.ConceptsTest`