python: use new syntax for flow summaries

also convert to inline tests
2025-12-21 03:06:31 +01:00 · 2022-04-05 08:58:28 +02:00
parent 4024ce4777
commit 177dea5307
9 changed files with 216 additions and 112 deletions
--- a/python/ql/test/experimental/dataflow/summaries/summaries.py
+++ b/python/ql/test/experimental/dataflow/summaries/summaries.py
@@ -1,34 +1,65 @@
+
+import sys
+import os
+
+sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from testlib import expects
+
+# These are defined so that we can evaluate the test code.
+NONSOURCE = "not a source"
+SOURCE = "source"
+
+
+def is_source(x):
+    return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
+
+
+def SINK(x):
+    if is_source(x):
+        print("OK")
+    else:
+        print("Unexpected flow", x)
+
+
+def SINK_F(x):
+    if is_source(x):
+        print("Unexpected flow", x)
+    else:
+        print("OK")
+
+
 # Simple summary
- tainted = identity("taint")
- sink(tainted)
+tainted = identity(SOURCE)
+SINK(tainted)  # $ flow="SOURCE, l:-1 -> tainted"

- # Lambda summary
- tainted_lambda = apply_lambda(lambda x: x + 1, tainted)
- sink(tainted_lambda)
+# Lambda summary
+tainted_lambda = apply_lambda(lambda x: x + 1, SOURCE)
+SINK(tainted_lambda)  # $ flow="SOURCE, l:-1 -> tainted_lambda"

- untainted_lambda = apply_lambda(lambda x: 1, tainted)
- sink(tainted_lambda) # should not see flow
+# A lambda that breaks the flow
+untainted_lambda = apply_lambda(lambda x: 1, SOURCE)
+SINK_F(untainted_lambda) # $ SPURIOUS: flow="SOURCE, l:-1 -> untainted_lambda"

- # Collection summaries
- tainted_list = reversed([tainted])
- sink(tainted_list[0])
+# Collection summaries
+tainted_list = reversed([SOURCE])
+SINK(tainted_list[0])  # $ flow="SOURCE, l:-1 -> tainted_list[0]"

- # Complex summaries
- def add_colon(x):
-     return x + ":"
+# Complex summaries
+def add_colon(x):
+    return x + ":"

- tainted_mapped = map(add_colon, [tainted])
- sink(tainted_mapped[0])
+tainted_mapped = map(add_colon, [SOURCE])
+SINK(tainted_mapped[0])  # $ flow="SOURCE, l:-1 -> tainted_mapped[0]"

- def explicit_identity(x):
-     return x
+def explicit_identity(x):
+    return x

- tainted_mapped_explicit = map(explicit_identity, [tainted])
- sink(tainted_mapped_explicit[0])
+tainted_mapped_explicit = map(explicit_identity, [SOURCE])
+SINK(tainted_mapped_explicit[0])  # $ flow="SOURCE, l:-1 -> tainted_mapped_explicit[0]"

- tainted_mapped_summary = map(identity, [tainted])
- sink(tainted_mapped_summary[0])
+tainted_mapped_summary = map(identity, [SOURCE])
+SINK(tainted_mapped_summary[0])  # $ flow="SOURCE, l:-1 -> tainted_mapped_summary[0]"

- from json import loads as json_loads
- tainted_resultlist = json_loads(tainted)
- sink(tainted_resultlist[0])
+from json import loads as json_loads
+tainted_resultlist = json_loads(SOURCE)
+SINK(tainted_resultlist[0])  # $ MISSING: flow