Python: Show that we have initial taint in urlsplit test

2026-05-01 03:35:13 +02:00 · 2020-02-26 14:08:47 +01:00
parent 400a8ffae5
commit 0b31cb1716
2 changed files with 12 additions and 9 deletions
--- a/python/ql/test/library-tests/taint/namedtuple/TestTaint.expected
+++ b/python/ql/test/library-tests/taint/namedtuple/TestTaint.expected
@@ -3,12 +3,13 @@
 | test.py:13 | test_basic | c | externally controlled string |
 | test.py:13 | test_basic | d | externally controlled string |
 | test.py:13 | test_basic | urlsplit_res | [externally controlled string] |
-| test.py:20 | test_sanitizer | Attribute | NO TAINT |
-| test.py:23 | test_sanitizer | Subscript | NO TAINT |
-| test.py:26 | test_sanitizer | Attribute | NO TAINT |
-| test.py:29 | test_sanitizer | Attribute | NO TAINT |
-| test.py:32 | test_sanitizer | Attribute | externally controlled string |
-| test.py:42 | test_namedtuple | a | NO TAINT |
-| test.py:42 | test_namedtuple | b | NO TAINT |
-| test.py:42 | test_namedtuple | c | NO TAINT |
-| test.py:42 | test_namedtuple | d | NO TAINT |
+| test.py:19 | test_sanitizer | Attribute | externally controlled string |
+| test.py:22 | test_sanitizer | Attribute | NO TAINT |
+| test.py:25 | test_sanitizer | Subscript | NO TAINT |
+| test.py:28 | test_sanitizer | Attribute | NO TAINT |
+| test.py:31 | test_sanitizer | Attribute | NO TAINT |
+| test.py:34 | test_sanitizer | Attribute | externally controlled string |
+| test.py:44 | test_namedtuple | a | NO TAINT |
+| test.py:44 | test_namedtuple | b | NO TAINT |
+| test.py:44 | test_namedtuple | c | NO TAINT |
+| test.py:44 | test_namedtuple | d | NO TAINT |
--- a/python/ql/test/library-tests/taint/namedtuple/test.py
+++ b/python/ql/test/library-tests/taint/namedtuple/test.py
@@ -16,6 +16,8 @@ def test_sanitizer():
    tainted_string = TAINTED_STRING
    urlsplit_res = urlsplit(tainted_string)

+    test(urlsplit_res.netloc) # should be tainted
+
    if urlsplit_res.netloc == "OK":
        test(urlsplit_res.netloc)