hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Improve customSanitizer tests

Browse Source 
Before we didn't show how we treated the value _after_ the check. But we
do actually handle this nicely 💪
This commit is contained in:
Rasmus Wriedt Larsen
2022-02-01 15:09:29 +01:00
parent 8df04c58e9
commit 1394b38032
2 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
View File

@@ -3,9 +3,9 @@ untaintedArgumentToEnsureTaintedNotMarkedAsMissing
failures
isSanitizer
| TestTaintTrackingConfiguration | test.py:21:39:21:39 | ControlFlowNode for s |
| TestTaintTrackingConfiguration | test.py:50:10:50:29 | ControlFlowNode for emulated_escaping() |
| TestTaintTrackingConfiguration | test.py:53:10:53:29 | ControlFlowNode for emulated_escaping() |
isSanitizerGuard
| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() |
| TestTaintTrackingConfiguration | test.py:38:8:38:26 | ControlFlowNode for emulated_is_safe() |
| TestTaintTrackingConfiguration | test_logical.py:29:8:29:17 | ControlFlowNode for is_safe() |
| TestTaintTrackingConfiguration | test_logical.py:44:8:44:17 | ControlFlowNode for is_safe() |
| TestTaintTrackingConfiguration | test_logical.py:52:12:52:21 | ControlFlowNode for is_safe() |

16
python/ql/test/experimental/dataflow/tainttracking/customSanitizer/test.py
View File

@@ -14,14 +14,17 @@ def emulated_authentication_check(arg):
raise Exception("user unauthenticated")
def test_custom_sanitizer():
def test_custom_sanitizer_exception():
s = TAINTED_STRING
try:
emulated_authentication_check(s)
ensure_not_tainted(s)
except:
pass
ensure_tainted(s) # $ tainted
raise
ensure_not_tainted(s)
def emulated_is_safe(arg):
@@ -34,11 +37,11 @@ def test_custom_sanitizer_guard():
if emulated_is_safe(s):
ensure_not_tainted(s)
s = TAINTED_STRING
ensure_tainted(s) # $ tainted
else:
ensure_tainted(s) # $ tainted
ensure_tainted(s) # $ tainted
def emulated_escaping(arg):
return arg.replace("<", "?").replace(">", "?").replace("'", "?").replace("\"", "?")
@@ -53,6 +56,9 @@ def test_escape():
# Make tests runable
test_custom_sanitizer()
try:
test_custom_sanitizer_exception()
except Exception:
pass
test_custom_sanitizer_guard()
test_escape()