hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Autoformat library-tests.

Browse Source
This commit is contained in:
Taus Brock-Nannestad
2020-03-20 16:35:37 +01:00
parent 67cb8525bf
commit 165dcd37a1
11 changed files with 96 additions and 388 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/test/library-tests/PointsTo/general/interesting.qll
View File

@@ -1,4 +1,3 @@
import python
predicate of_interest(ControlFlowNode n, int line) {
@@ -6,7 +5,7 @@ predicate of_interest(ControlFlowNode n, int line) {
line = l.getStartLine() and
f = l.getFile() and
f.getName().matches("%test.py%") and
exists(Comment c |
exists(Comment c |
c.getLocation().getStartLine() < line and
c.getLocation().getFile() = f
)

20
python/ql/test/library-tests/PointsTo/new/Util.qll
View File

@@ -13,12 +13,17 @@ string locate(Location l, string which) {
}
string repr(Object o) {
/* Do not show `unknownValue()` to keep noise levels down.
/*
* Do not show `unknownValue()` to keep noise levels down.
* To show it add:
* `o = unknownValue() and result = "*UNKNOWN VALUE*"`
*/
not o instanceof StringObject and not o = undefinedVariable() and not o = theUnknownType() and
not o = theBoundMethodType() and result = o.toString()
not o instanceof StringObject and
not o = undefinedVariable() and
not o = theUnknownType() and
not o = theBoundMethodType() and
result = o.toString()
or
o = undefinedVariable() and result = "*UNDEFINED*"
or
@@ -30,16 +35,15 @@ string repr(Object o) {
o = theBoundMethodType() and result = "builtin-class method"
}
predicate long_tuple(Value v) {
v.(TupleObjectInternal).length() > 3
}
predicate long_tuple(Value v) { v.(TupleObjectInternal).length() > 3 }
string vrepr(Value v) {
/* Work around differing names in 2/3 */
not v = ObjectInternal::boundMethod() and
not long_tuple(v) and result = v.toString()
not long_tuple(v) and
result = v.toString()
or
v = ObjectInternal::boundMethod() and result = "builtin-class method"
or
long_tuple(v) and result = "(..., ...)"
}
}

21
python/ql/test/library-tests/state_tracking/Lib.qll
View File

@@ -1,31 +1,18 @@
import python
import semmle.python.dataflow.StateTracking
predicate callTo(CallNode call, string name) {
call.getFunction().(NameNode).getId() = name
}
predicate callTo(CallNode call, string name) { call.getFunction().(NameNode).getId() = name }
class Initialized extends TrackableState {
Initialized() { this = "initialized" }
override predicate startsAt(ControlFlowNode f) {
callTo(f, "initialize")
}
override predicate startsAt(ControlFlowNode f) { callTo(f, "initialize") }
}
class Frobnicated extends TrackableState {
Frobnicated() { this = "frobnicated" }
override predicate startsAt(ControlFlowNode f) {
callTo(f, "frobnicate")
}
override predicate endsAt(ControlFlowNode f) {
callTo(f, "defrobnicate")
}
override predicate startsAt(ControlFlowNode f) { callTo(f, "frobnicate") }
override predicate endsAt(ControlFlowNode f) { callTo(f, "defrobnicate") }
}

31
python/ql/test/library-tests/taint/collections/Taint.qll
View File

@@ -2,45 +2,26 @@ import python
import semmle.python.security.TaintTracking
import semmle.python.security.strings.Untrusted
class SimpleSource extends TaintSource {
SimpleSource() { this.(NameNode).getId() = "TAINTED_STRING" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof ExternalStringKind
}
override string toString() {
result = "taint source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind }
override string toString() { result = "taint source" }
}
class ListSource extends TaintSource {
ListSource() { this.(NameNode).getId() = "TAINTED_LIST" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof ExternalStringSequenceKind
}
override string toString() {
result = "list taint source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringSequenceKind }
override string toString() { result = "list taint source" }
}
class DictSource extends TaintSource {
DictSource() { this.(NameNode).getId() = "TAINTED_DICT" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof ExternalStringDictKind
}
override string toString() {
result = "dict taint source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringDictKind }
override string toString() { result = "dict taint source" }
}

130
python/ql/test/library-tests/taint/config/TaintLib.qll
View File

@@ -1,24 +1,16 @@
import python
import semmle.python.security.TaintTracking
class SimpleTest extends TaintKind {
SimpleTest() {
this = "simple.test"
}
SimpleTest() { this = "simple.test" }
}
abstract class TestConfig extends TaintTracking::Configuration {
bindingset[this]
TestConfig() { any() }
}
class SimpleConfig extends TestConfig {
SimpleConfig() { this = "Simple config" }
override predicate isSource(DataFlow::Node node, TaintKind kind) {
@@ -38,26 +30,19 @@ class SimpleConfig extends TestConfig {
node.asCfgNode().(CallNode).getFunction().(NameNode).getId() = "SANITIZE" and
kind instanceof SimpleTest
}
}
class BasicCustomTaint extends TaintKind {
BasicCustomTaint() {
this = "basic.custom"
}
BasicCustomTaint() { this = "basic.custom" }
override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) {
tonode.(CallNode).getAnArg() = fromnode and
tonode.(CallNode).getFunction().(NameNode).getId() = "TAINT_FROM_ARG" and
result = this
}
}
class BasicCustomConfig extends TestConfig {
BasicCustomConfig() { this = "Basic custom config" }
override predicate isSource(DataFlow::Node node, TaintKind kind) {
@@ -72,57 +57,46 @@ class BasicCustomConfig extends TestConfig {
) and
kind instanceof SimpleTest
}
}
class Rock extends TaintKind {
Rock() { this = "rock" }
override TaintKind getTaintOfMethodResult(string name) {
override TaintKind getTaintOfMethodResult(string name) {
name = "prev" and result instanceof Scissors
}
}
class Paper extends TaintKind {
Paper() { this = "paper" }
override TaintKind getTaintOfMethodResult(string name) {
override TaintKind getTaintOfMethodResult(string name) {
name = "prev" and result instanceof Rock
}
}
class Scissors extends TaintKind {
Scissors() { this = "scissors" }
override TaintKind getTaintOfMethodResult(string name) {
override TaintKind getTaintOfMethodResult(string name) {
name = "prev" and result instanceof Paper
}
}
class RockPaperScissorConfig extends TestConfig {
RockPaperScissorConfig() { this = "Rock-paper-scissors config" }
override predicate isSource(DataFlow::Node node, TaintKind kind) {
exists(string name |
node.asCfgNode().(NameNode).getId() = name and
kind = name.toLowerCase()
|
|
name = "ROCK" or name = "PAPER" or name = "SCISSORS"
)
}
override predicate isSink(DataFlow::Node node, TaintKind kind) {
exists(string name |
function_param(name, node) |
exists(string name | function_param(name, node) |
name = "paper" and kind = "rock"
or
name = "rock" and kind = "scissors"
@@ -130,7 +104,6 @@ class RockPaperScissorConfig extends TestConfig {
name = "scissors" and kind = "paper"
)
}
}
private predicate function_param(string funcname, DataFlow::Node arg) {
@@ -140,20 +113,15 @@ private predicate function_param(string funcname, DataFlow::Node arg) {
)
}
class TaintCarrier extends TaintKind {
TaintCarrier() { this = "explicit.carrier" }
override TaintKind getTaintOfMethodResult(string name) {
name = "get_taint" and result instanceof SimpleTest
}
}
class TaintCarrierConfig extends TestConfig {
TaintCarrierConfig() { this = "Taint carrier config" }
override predicate isSource(DataFlow::Node node, TaintKind kind) {
@@ -173,49 +141,31 @@ class TaintCarrierConfig extends TestConfig {
node.asCfgNode().(CallNode).getFunction().(NameNode).getId() = "SANITIZE" and
kind instanceof SimpleTest
}
}
/* Some more realistic examples */
abstract class UserInput extends TaintKind {
bindingset[this]
UserInput() { any() }
}
class UserInputSource extends TaintSource {
UserInputSource() { this.(CallNode).getFunction().(NameNode).getId() = "user_input" }
UserInputSource() {
this.(CallNode).getFunction().(NameNode).getId() = "user_input"
}
override predicate isSourceOf(TaintKind kind) {
kind instanceof UserInput
}
override string toString() {
result = "user.input.source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof UserInput }
override string toString() { result = "user.input.source" }
}
class SqlInjectionTaint extends UserInput {
SqlInjectionTaint() { this = "SQL injection" }
}
class CommandInjectionTaint extends UserInput {
CommandInjectionTaint() { this = "Command injection" }
}
class SqlSanitizer extends Sanitizer {
SqlSanitizer() { this = "SQL sanitizer" }
/** Holds if `test` shows value to be untainted with `taint` */
@@ -229,11 +179,9 @@ class SqlSanitizer extends Sanitizer {
) and
taint instanceof SqlInjectionTaint
}
}
class CommandSanitizer extends Sanitizer {
CommandSanitizer() { this = "Command sanitizer" }
/** Holds if `test` shows value to be untainted with `taint` */
@@ -245,11 +193,9 @@ class CommandSanitizer extends Sanitizer {
) and
taint instanceof CommandInjectionTaint
}
}
class SqlQuery extends TaintSink {
SqlQuery() {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "sql_query" and
@@ -259,15 +205,10 @@ class SqlQuery extends TaintSink {
override string toString() { result = "SQL query" }
override predicate sinks(TaintKind taint) {
taint instanceof SqlInjectionTaint
}
override predicate sinks(TaintKind taint) { taint instanceof SqlInjectionTaint }
}
class OsCommand extends TaintSink {
OsCommand() {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "os_command" and
@@ -277,60 +218,31 @@ class OsCommand extends TaintSink {
override string toString() { result = "OS command" }
override predicate sinks(TaintKind taint) {
taint instanceof CommandInjectionTaint
}
override predicate sinks(TaintKind taint) { taint instanceof CommandInjectionTaint }
}
class Falsey extends TaintKind {
Falsey() { this = "falsey" }
override boolean booleanValue() {
result = false
}
override boolean booleanValue() { result = false }
}
class FalseySource extends TaintSource {
class FalseySource extends TaintSource {
FalseySource() { this.(NameNode).getId() = "FALSEY" }
FalseySource() {
this.(NameNode).getId() = "FALSEY"
}
override predicate isSourceOf(TaintKind kind) {
kind instanceof Falsey
}
override string toString() {
result = "falsey.source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof Falsey }
override string toString() { result = "falsey.source" }
}
class TaintIterable extends TaintKind {
TaintIterable() { this = "iterable.simple" }
TaintIterable() {
this = "iterable.simple"
}
override TaintKind getTaintForIteration() {
result instanceof SimpleTest
}
override TaintKind getTaintForIteration() { result instanceof SimpleTest }
}
class TaintIterableSource extends TaintSource {
TaintIterableSource() { this.(NameNode).getId() = "ITERABLE_SOURCE" }
TaintIterableSource() {
this.(NameNode).getId() = "ITERABLE_SOURCE"
}
override predicate isSourceOf(TaintKind kind) {
kind instanceof TaintIterable
}
override predicate isSourceOf(TaintKind kind) { kind instanceof TaintIterable }
}

2
python/ql/test/library-tests/taint/dataflow/Config.qll
View File

@@ -2,7 +2,6 @@ import python
import semmle.python.dataflow.DataFlow
class TestConfiguration extends DataFlow::Configuration {
TestConfiguration() { this = "Test configuration" }
override predicate isSource(ControlFlowNode source) { source.(NameNode).getId() = "SOURCE" }
@@ -13,5 +12,4 @@ class TestConfiguration extends DataFlow::Configuration {
sink = call.getAnArg()
)
}
}

12
python/ql/test/library-tests/taint/example/DilbertConfig.qll
View File

@@ -1,6 +1,6 @@
/**
* @kind path-problem
*
*
* An example configuration.
* See ExampleConfiguration.expected for the results of running this query.
*/
@@ -9,23 +9,16 @@ import python
import semmle.python.dataflow.Configuration
/* First of all we set up some TaintKinds */
class Engineer extends TaintKind {
Engineer() { this = "Wally" or this = "Dilbert" }
}
class Wally extends Engineer {
Wally() { this = "Wally" }
}
/** Then the configuration */
class DilbertConfig extends TaintTracking::Configuration {
DilbertConfig() { this = "Dilbert config" }
override predicate isSource(DataFlow::Node node, TaintKind kind) {
@@ -46,11 +39,8 @@ class DilbertConfig extends TaintTracking::Configuration {
/* Even the conscientious stop work if the building is on fire */
function_param("fire", node)
}
}
/** Helper predicate looking for `funcname(..., arg, ...)` */
private predicate function_param(string funcname, DataFlow::Node arg) {
exists(Call call |

31
python/ql/test/library-tests/taint/extensions/ExtensionsLib.qll
View File

@@ -1,17 +1,11 @@
import python
import semmle.python.security.TaintTracking
class SimpleTest extends TaintKind {
SimpleTest() {
this = "simple.test"
}
SimpleTest() { this = "simple.test" }
}
class SimpleSink extends TaintSink {
override string toString() { result = "Simple sink" }
SimpleSink() {
@@ -21,27 +15,17 @@ class SimpleSink extends TaintSink {
)
}
override predicate sinks(TaintKind taint) {
taint instanceof SimpleTest
}
override predicate sinks(TaintKind taint) { taint instanceof SimpleTest }
}
class SimpleSource extends TaintSource {
SimpleSource() { this.(NameNode).getId() = "SOURCE" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof SimpleTest
}
override string toString() {
result = "simple.source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof SimpleTest }
override string toString() { result = "simple.source" }
}
predicate visit_call(CallNode call, FunctionObject func) {
exists(AttrNode attr, ClassObject cls, string name |
name.prefix(6) = "visit_" and
@@ -52,9 +36,7 @@ predicate visit_call(CallNode call, FunctionObject func) {
}
/* Test call extensions by tracking taint through visitor methods */
class TestCallReturnExtension extends DataFlowExtension::DataFlowNode {
TestCallReturnExtension() {
exists(PyFunctionObject func |
visit_call(_, func) and
@@ -69,11 +51,9 @@ class TestCallReturnExtension extends DataFlowExtension::DataFlowNode {
result = call
)
}
}
class TestCallParameterExtension extends DataFlowExtension::DataFlowNode {
TestCallParameterExtension() {
exists(PyFunctionObject func, CallNode call |
visit_call(call, func) and
@@ -86,9 +66,8 @@ class TestCallParameterExtension extends DataFlowExtension::DataFlowNode {
visit_call(call, func) and
exists(int n |
this = call.getArg(n) and
result.getNode() = func.getFunction().getArg(n+1)
result.getNode() = func.getFunction().getArg(n + 1)
)
)
}
}

188
python/ql/test/library-tests/taint/general/TaintLib.qll
View File

@@ -1,17 +1,11 @@
import python
import semmle.python.security.TaintTracking
class SimpleTest extends TaintKind {
SimpleTest() {
this = "simple.test"
}
SimpleTest() { this = "simple.test" }
}
class SimpleSink extends TaintSink {
override string toString() { result = "Simple sink" }
SimpleSink() {
@@ -21,31 +15,21 @@ class SimpleSink extends TaintSink {
)
}
override predicate sinks(TaintKind taint) {
taint instanceof SimpleTest
}
override predicate sinks(TaintKind taint) { taint instanceof SimpleTest }
}
class SimpleSource extends TaintSource {
SimpleSource() { this.(NameNode).getId() = "SOURCE" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof SimpleTest
}
override string toString() {
result = "simple.source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof SimpleTest }
override string toString() { result = "simple.source" }
}
class SimpleSanitizer extends Sanitizer {
SimpleSanitizer() { this = "Simple sanitizer" }
override predicate sanitizingNode(TaintKind taint, ControlFlowNode node) {
override predicate sanitizingNode(TaintKind taint, ControlFlowNode node) {
node.(CallNode).getFunction().(NameNode).getId() = "SANITIZE" and
taint instanceof SimpleTest
}
@@ -60,21 +44,16 @@ class SimpleSanitizer extends Sanitizer {
}
class BasicCustomTaint extends TaintKind {
BasicCustomTaint() {
this = "basic.custom"
}
BasicCustomTaint() { this = "basic.custom" }
override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) {
tonode.(CallNode).getAnArg() = fromnode and
tonode.(CallNode).getFunction().(NameNode).getId() = "TAINT_FROM_ARG" and
result = this
}
}
class BasicCustomSink extends TaintSink {
override string toString() { result = "Basic custom sink" }
BasicCustomSink() {
@@ -84,32 +63,21 @@ class BasicCustomSink extends TaintSink {
)
}
override predicate sinks(TaintKind taint) {
taint instanceof BasicCustomTaint
}
override predicate sinks(TaintKind taint) { taint instanceof BasicCustomTaint }
}
class BasicCustomSource extends TaintSource {
BasicCustomSource() { this.(NameNode).getId() = "CUSTOM_SOURCE" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof BasicCustomTaint
}
override string toString() {
result = "basic.custom.source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof BasicCustomTaint }
override string toString() { result = "basic.custom.source" }
}
class Rock extends TaintKind {
Rock() { this = "rock" }
override TaintKind getTaintOfMethodResult(string name) {
override TaintKind getTaintOfMethodResult(string name) {
name = "prev" and result instanceof Scissors
}
@@ -119,31 +87,27 @@ class Rock extends TaintKind {
call.getFunction().(NameNode).getId() = "paper"
)
}
}
class Paper extends TaintKind {
Paper() { this = "paper" }
override TaintKind getTaintOfMethodResult(string name) {
override TaintKind getTaintOfMethodResult(string name) {
name = "prev" and result instanceof Rock
}
predicate isSink(ControlFlowNode sink) {
predicate isSink(ControlFlowNode sink) {
exists(CallNode call |
call.getArg(0) = sink and
call.getFunction().(NameNode).getId() = "scissors"
)
}
}
class Scissors extends TaintKind {
Scissors() { this = "scissors" }
override TaintKind getTaintOfMethodResult(string name) {
override TaintKind getTaintOfMethodResult(string name) {
name = "prev" and result instanceof Paper
}
@@ -153,26 +117,18 @@ class Scissors extends TaintKind {
call.getFunction().(NameNode).getId() = "rock"
)
}
}
class RockPaperScissorSource extends TaintSource {
RockPaperScissorSource() {
exists(string name |
this.(NameNode).getId() = name |
RockPaperScissorSource() {
exists(string name | this.(NameNode).getId() = name |
name = "ROCK" or name = "PAPER" or name = "SCISSORS"
)
}
override predicate isSourceOf(TaintKind kind) {
kind = this.(NameNode).getId().toLowerCase()
}
override string toString() {
result = "rock.paper.scissors.source"
}
override predicate isSourceOf(TaintKind kind) { kind = this.(NameNode).getId().toLowerCase() }
override string toString() { result = "rock.paper.scissors.source" }
}
private predicate function_param(string funcname, ControlFlowNode arg) {
@@ -183,17 +139,14 @@ private predicate function_param(string funcname, ControlFlowNode arg) {
}
class RockPaperScissorSink extends TaintSink {
RockPaperScissorSink() {
exists(string name |
function_param(name, this) |
exists(string name | function_param(name, this) |
name = "rock" or name = "paper" or name = "scissors"
)
}
override predicate sinks(TaintKind taint) {
exists(string name |
function_param(name, this) |
exists(string name | function_param(name, this) |
name = "paper" and taint = "rock"
or
name = "rock" and taint = "scissors"
@@ -202,79 +155,49 @@ class RockPaperScissorSink extends TaintSink {
)
}
override string toString() {
result = "rock.paper.scissors.sink"
}
override string toString() { result = "rock.paper.scissors.sink" }
}
class TaintCarrier extends TaintKind {
TaintCarrier() { this = "explicit.carrier" }
override TaintKind getTaintOfMethodResult(string name) {
name = "get_taint" and result instanceof SimpleTest
}
}
/* There is no sink for `TaintCarrier`. It is not "dangerous" in itself; it merely holds a `SimpleTest`. */
class TaintCarrierSource extends TaintSource {
TaintCarrierSource() { this.(NameNode).getId() = "TAINT_CARRIER_SOURCE" }
TaintCarrierSource() {
this.(NameNode).getId() = "TAINT_CARRIER_SOURCE"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof TaintCarrier }
override predicate isSourceOf(TaintKind kind) {
kind instanceof TaintCarrier
}
override string toString() {
result = "taint.carrier.source"
}
override string toString() { result = "taint.carrier.source" }
}
/* Some more realistic examples */
abstract class UserInput extends TaintKind {
bindingset[this]
UserInput() { any() }
}
class UserInputSource extends TaintSource {
UserInputSource() { this.(CallNode).getFunction().(NameNode).getId() = "user_input" }
UserInputSource() {
this.(CallNode).getFunction().(NameNode).getId() = "user_input"
}
override predicate isSourceOf(TaintKind kind) {
kind instanceof UserInput
}
override string toString() {
result = "user.input.source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof UserInput }
override string toString() { result = "user.input.source" }
}
class SqlInjectionTaint extends UserInput {
SqlInjectionTaint() { this = "SQL injection" }
}
class CommandInjectionTaint extends UserInput {
CommandInjectionTaint() { this = "Command injection" }
}
class SqlSanitizer extends Sanitizer {
SqlSanitizer() { this = "SQL sanitizer" }
/** Holds if `test` shows value to be untainted with `taint` */
@@ -288,11 +211,9 @@ class SqlSanitizer extends Sanitizer {
) and
taint instanceof SqlInjectionTaint
}
}
class CommandSanitizer extends Sanitizer {
CommandSanitizer() { this = "Command sanitizer" }
/** Holds if `test` shows value to be untainted with `taint` */
@@ -304,11 +225,9 @@ class CommandSanitizer extends Sanitizer {
) and
taint instanceof CommandInjectionTaint
}
}
class SqlQuery extends TaintSink {
SqlQuery() {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "sql_query" and
@@ -318,15 +237,10 @@ class SqlQuery extends TaintSink {
override string toString() { result = "SQL query" }
override predicate sinks(TaintKind taint) {
taint instanceof SqlInjectionTaint
}
override predicate sinks(TaintKind taint) { taint instanceof SqlInjectionTaint }
}
class OsCommand extends TaintSink {
OsCommand() {
exists(CallNode call |
call.getFunction().(NameNode).getId() = "os_command" and
@@ -336,59 +250,31 @@ class OsCommand extends TaintSink {
override string toString() { result = "OS command" }
override predicate sinks(TaintKind taint) {
taint instanceof CommandInjectionTaint
}
override predicate sinks(TaintKind taint) { taint instanceof CommandInjectionTaint }
}
class Falsey extends TaintKind {
Falsey() { this = "falsey" }
override boolean booleanValue() {
result = false
}
override boolean booleanValue() { result = false }
}
class FalseySource extends TaintSource {
class FalseySource extends TaintSource {
FalseySource() { this.(NameNode).getId() = "FALSEY" }
FalseySource() {
this.(NameNode).getId() = "FALSEY"
}
override predicate isSourceOf(TaintKind kind) {
kind instanceof Falsey
}
override string toString() {
result = "falsey.source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof Falsey }
override string toString() { result = "falsey.source" }
}
class TaintIterable extends TaintKind {
TaintIterable() { this = "iterable.simple" }
TaintIterable() {
this = "iterable.simple"
}
override TaintKind getTaintForIteration() {
result instanceof SimpleTest
}
override TaintKind getTaintForIteration() { result instanceof SimpleTest }
}
class TaintIterableSource extends TaintSource {
TaintIterableSource() { this.(NameNode).getId() = "ITERABLE_SOURCE" }
TaintIterableSource() {
this.(NameNode).getId() = "ITERABLE_SOURCE"
}
override predicate isSourceOf(TaintKind kind) {
kind instanceof TaintIterable
}
override predicate isSourceOf(TaintKind kind) { kind instanceof TaintIterable }
}

4
python/ql/test/library-tests/taint/namedtuple/Taint.qll
View File

@@ -41,7 +41,5 @@ class TestConfig extends TaintTracking::Configuration {
source instanceof DictSource
}
override predicate isSink(TaintTracking::Sink sink) {
none()
}
override predicate isSink(TaintTracking::Sink sink) { none() }
}

42
python/ql/test/library-tests/taint/strings/Taint.qll
View File

@@ -3,60 +3,34 @@ import semmle.python.security.TaintTracking
import semmle.python.security.strings.Untrusted
import semmle.python.security.Exceptions
class SimpleSource extends TaintSource {
SimpleSource() { this.(NameNode).getId() = "TAINTED_STRING" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof ExternalStringKind
}
override string toString() {
result = "taint source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind }
override string toString() { result = "taint source" }
}
class ListSource extends TaintSource {
ListSource() { this.(NameNode).getId() = "TAINTED_LIST" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof ExternalStringSequenceKind
}
override string toString() {
result = "list taint source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringSequenceKind }
override string toString() { result = "list taint source" }
}
class DictSource extends TaintSource {
DictSource() { this.(NameNode).getId() = "TAINTED_DICT" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof ExternalStringDictKind
}
override string toString() {
result = "dict taint source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringDictKind }
override string toString() { result = "dict taint source" }
}
class ExceptionInfoSource extends TaintSource {
ExceptionInfoSource() { this.(NameNode).getId() = "TAINTED_EXCEPTION_INFO" }
override predicate isSourceOf(TaintKind kind) {
kind instanceof ExceptionInfo
}
override string toString() {
result = "Exception info source"
}
override predicate isSourceOf(TaintKind kind) { kind instanceof ExceptionInfo }
override string toString() { result = "Exception info source" }
}