hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add test for impossible isinstance flow

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2024-07-08 12:06:53 +02:00
parent 31a5a7aebc
commit 173cd13ded
3 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/test/library-tests/dataflow/tainttracking/isinstance/InlineTaintTest.expected Normal file
View File

@@ -0,0 +1,4 @@
argumentToEnsureNotTaintedNotMarkedAsSpurious
untaintedArgumentToEnsureTaintedNotMarkedAsMissing
testFailures
failures

2
python/ql/test/library-tests/dataflow/tainttracking/isinstance/InlineTaintTest.ql Normal file
View File

@@ -0,0 +1,2 @@
import experimental.meta.InlineTaintTest
import MakeInlineTaintTest<TestTaintTrackingConfig>

11
python/ql/test/library-tests/dataflow/tainttracking/isinstance/test.py Normal file
View File

@@ -0,0 +1,11 @@
def impossible_flow(cond: bool):
TAINTED_STRING = "ts"
x = (TAINTED_STRING, 42) if cond else "SAFE"
if isinstance(x, str):
# tainted-flow to here is impossible, replicated from path-flow seen in a real
# repo.
ensure_not_tainted(x) # $ SPURIOUS: tainted
else:
ensure_tainted(x) # $ tainted
ensure_tainted(x[0]) # $ tainted