Python: Move pyramid tests from internal repo

Use minimal mock instead of full library

python/ql/test/library-tests/web/pyramid/Routing.expected

@@ -0,0 +1,3 @@
+| test.py:7 | Function home |
+| test.py:15 | Function greet |
+| test.py:24 | Function stuff |

python/ql/test/library-tests/web/pyramid/Routing.ql

@@ -0,0 +1,9 @@
+import python
+
+import semmle.python.web.pyramid.View
+
+from Function func
+
+where is_pyramid_view_function(func)
+
+select func.getLocation().toString(), func.toString()

python/ql/test/library-tests/web/pyramid/Sinks.expected

@@ -0,0 +1,3 @@
+| test.py:8 | Response() | externally controlled string |
+| test.py:17 | Response() | externally controlled string |
+| test.py:25 | Dict | externally controlled string |

python/ql/test/library-tests/web/pyramid/Sinks.ql

@@ -0,0 +1,11 @@
+
+import python
+
+import semmle.python.web.HttpRequest
+import semmle.python.web.HttpResponse
+import semmle.python.security.strings.Untrusted
+
+
+from TaintSink sink, TaintKind kind
+where sink.sinks(kind) and sink.getLocation().getFile().getName().matches("%test.py")
+select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind

python/ql/test/library-tests/web/pyramid/Sources.expected

@@ -0,0 +1,3 @@
+| test.py:7 | request | pyramid.request |
+| test.py:15 | request | pyramid.request |
+| test.py:24 | request | pyramid.request |

python/ql/test/library-tests/web/pyramid/Sources.ql

@@ -0,0 +1,11 @@
+
+import python
+
+import semmle.python.web.HttpRequest
+import semmle.python.web.HttpResponse
+import semmle.python.security.strings.Untrusted
+
+
+from TaintSource src, TaintKind kind
+where src.isSourceOf(kind)
+select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind

python/ql/test/library-tests/web/pyramid/Taint.expected

@@ -0,0 +1,11 @@
+| test.py:7 | request | pyramid.request |
+| test.py:15 | request | pyramid.request |
+| test.py:16 | Attribute | {externally controlled string} |
+| test.py:16 | Subscript | externally controlled string |
+| test.py:16 | request | pyramid.request |
+| test.py:17 | BinaryExpr | externally controlled string |
+| test.py:17 | name | externally controlled string |
+| test.py:24 | request | pyramid.request |
+| test.py:25 | Attribute | externally controlled string |
+| test.py:25 | Dict | {externally controlled string} |
+| test.py:25 | request | pyramid.request |

python/ql/test/library-tests/web/pyramid/Taint.ql

@@ -0,0 +1,12 @@
+
+import python
+
+import semmle.python.web.HttpRequest
+import semmle.python.web.HttpResponse
+import semmle.python.security.strings.Untrusted
+
+from TaintedNode node
+where node.getLocation().getFile().getName().matches("%test.py")
+
+select node.getLocation().toString(), node.getAstNode().toString(), node.getTaintKind()
+

python/ql/test/library-tests/web/pyramid/options

@@ -0,0 +1,2 @@
+semmle-extractor-options: --max-import-depth=2 -p ../../../query-tests/Security/lib/
+optimize: true

python/ql/test/library-tests/web/pyramid/test.py

@@ -0,0 +1,25 @@
+from pyramid.view import view_config
+from pyramid.response import Response
+
+@view_config(
+    route_name='home'
+)
+def home(request):
+    return Response('Welcome!')
+
+
+@view_config(
+    route_name='greet',
+    request_method='POST'
+)
+def greet(request):
+    name = request.POST['arg']
+    return Response('Welcome %s!' % name)
+
+
+@view_config(
+    route_name='stuff',
+    renderer='json'
+)
+def stuff(request):
+    return {"err": 0, "body": request.body}

python/ql/test/query-tests/Security/lib/pyramid/response.py

@@ -0,0 +1,2 @@
+class Response(object):
+    pass

python/ql/test/query-tests/Security/lib/pyramid/view.py

@@ -0,0 +1,7 @@
+# https://docs.pylonsproject.org/projects/pyramid/en/1.10-branch/_modules/pyramid/view.html#view_config
+class view_config(object):
+    def __init__(self, **settings):
+        pass
+
+    def __call__(self, wrapped):
+        pass