second test of taint steps

2026-05-01 03:35:13 +02:00 · 2022-04-27 23:51:28 +02:00
parent 649df1dd31
commit 0f1e070d82
3 changed files with 15 additions and 2 deletions
--- a/python/ql/test/library-tests/frameworks/data/test.expected
+++ b/python/ql/test/library-tests/frameworks/data/test.expected
@@ -5,6 +5,8 @@ taintFlow
 | test.py:10:8:10:22 | ControlFlowNode for Attribute() | test.py:10:8:10:22 | ControlFlowNode for Attribute() |
 | test.py:11:8:11:30 | ControlFlowNode for Attribute() | test.py:11:8:11:30 | ControlFlowNode for Attribute() |
 | test.py:71:28:71:38 | ControlFlowNode for getSource() | test.py:71:8:71:39 | ControlFlowNode for Attribute() |
+| test.py:75:5:75:15 | ControlFlowNode for getSource() | test.py:76:22:76:22 | ControlFlowNode for x |
+| test.py:75:5:75:15 | ControlFlowNode for getSource() | test.py:77:22:77:22 | ControlFlowNode for y |
 isSink
 | test.py:4:8:4:8 | ControlFlowNode for x | test-sink |
 | test.py:7:17:7:17 | ControlFlowNode for x | test-sink |
@@ -31,6 +33,9 @@ isSink
 | test.py:67:34:67:44 | ControlFlowNode for secondNamed | test-source |
 | test.py:71:8:71:39 | ControlFlowNode for Attribute() | test-sink |
 | test.py:72:8:72:47 | ControlFlowNode for Attribute() | test-sink |
+| test.py:76:22:76:22 | ControlFlowNode for x | test-sink |
+| test.py:77:22:77:22 | ControlFlowNode for y | test-sink |
+| test.py:78:22:78:22 | ControlFlowNode for z | test-sink |
 isSource
 | test.py:3:5:3:15 | ControlFlowNode for getSource() | test-source |
 | test.py:9:8:9:14 | ControlFlowNode for alias() | test-source |
@@ -59,6 +64,7 @@ isSource
 | test.py:63:54:63:57 | ControlFlowNode for arg5 | test-source |
 | test.py:71:28:71:38 | ControlFlowNode for getSource() | test-source |
 | test.py:72:36:72:46 | ControlFlowNode for getSource() | test-source |
+| test.py:75:5:75:15 | ControlFlowNode for getSource() | test-source |
 syntaxErrors
 | Member[foo |
 | Member[foo] .Member[bar] |
--- a/python/ql/test/library-tests/frameworks/data/test.py
+++ b/python/ql/test/library-tests/frameworks/data/test.py
@@ -69,4 +69,11 @@ ArgPos.anyNamed(arg4, arg5, name=secondNamed)
 from testlib import Steps

 mySink(Steps.preserveTaint(getSource())) # FLOW
-mySink(Steps.preserveTaint("safe", getSource())) # NO FLOW
+mySink(Steps.preserveTaint("safe", getSource())) # NO FLOW
+
+Steps.taintIntoCallback(
+    getSource(), 
+    lambda x: mySink(x), # FLOW
+    lambda y: mySink(y), # FLOW
+    lambda z: mySink(z) # NO FLOW
+)
--- a/python/ql/test/library-tests/frameworks/data/test.ql
+++ b/python/ql/test/library-tests/frameworks/data/test.ql
@@ -11,7 +11,7 @@ class Steps extends ModelInput::SummaryModelCsv {
    row =
      [
        "testlib;;Member[Steps].Member[preserveTaint];Argument[0];ReturnValue;taint",
-        // "testlib;;Member[Steps].Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
+        "testlib;;Member[Steps].Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
        // "testlib;;Member[Steps].Member[taintIntoCallbackThis];Argument[0];Argument[1..2].Parameter[this];taint",
        // "testlib;;Member[Steps].Member[preserveArgZeroAndTwo];Argument[0,2];ReturnValue;taint",
        // "testlib;;Member[Steps].Member[preserveAllButFirstArgument];Argument[1..];ReturnValue;taint",