hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: TaintTracking: Move tests of py3 string methods

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-08-25 13:06:27 +02:00
parent cf121cc4d0
commit 2dbf83b579
4 changed files with 73 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
python/ql/test/experimental/dataflow/tainttracking/string-py3/TestTaint.expected
View File

@@ -1,7 +1,10 @@
| test.py:28 | fail | binary_decode_encode | base64.a85encode(..) |
| test.py:29 | fail | binary_decode_encode | base64.a85decode(..) |
| test.py:32 | fail | binary_decode_encode | base64.b85encode(..) |
| test.py:33 | fail | binary_decode_encode | base64.b85decode(..) |
| test.py:36 | fail | binary_decode_encode | base64.encodebytes(..) |
| test.py:37 | fail | binary_decode_encode | base64.decodebytes(..) |
| test.py:45 | ok | f_strings | Fstring |
| test.py:26 | ok | str_methods | ts.casefold() |
| test.py:28 | ok | str_methods | ts.format_map(..) |
| test.py:29 | fail | str_methods | "{unsafe}".format_map(..) |
| test.py:40 | fail | binary_decode_encode | base64.a85encode(..) |
| test.py:41 | fail | binary_decode_encode | base64.a85decode(..) |
| test.py:44 | fail | binary_decode_encode | base64.b85encode(..) |
| test.py:45 | fail | binary_decode_encode | base64.b85decode(..) |
| test.py:48 | fail | binary_decode_encode | base64.encodebytes(..) |
| test.py:49 | fail | binary_decode_encode | base64.decodebytes(..) |
| test.py:57 | ok | f_strings | Fstring |

13
python/ql/test/experimental/dataflow/tainttracking/string-py3/test.py
View File

@@ -18,6 +18,18 @@ def ensure_not_tainted(*args):
# Actual tests
def str_methods():
print("\n# str_methods")
ts = TAINTED_STRING
tb = TAINTED_BYTES
ensure_tainted(
ts.casefold(),
ts.format_map({}),
"{unsafe}".format_map({"unsafe": ts}),
)
def binary_decode_encode():
print("\n#percent_fmt")
tb = TAINTED_BYTES
@@ -47,5 +59,6 @@ def f_strings():
# Make tests runable
str_methods()
binary_decode_encode()
f_strings()

103
python/ql/test/experimental/dataflow/tainttracking/string/TestTaint.expected
View File

@@ -10,56 +10,53 @@
| test.py:41 | ok | str_operations | bytes(..) |
| test.py:42 | ok | str_operations | unicode(..) |
| test.py:51 | ok | str_methods | ts.capitalize() |
| test.py:52 | ok | str_methods | ts.casefold() |
| test.py:53 | ok | str_methods | ts.center(..) |
| test.py:54 | ok | str_methods | ts.expandtabs() |
| test.py:56 | ok | str_methods | ts.format() |
| test.py:57 | ok | str_methods | "{}".format(..) |
| test.py:58 | ok | str_methods | "{unsafe}".format(..) |
| test.py:60 | ok | str_methods | ts.format_map(..) |
| test.py:61 | fail | str_methods | "{unsafe}".format_map(..) |
| test.py:63 | ok | str_methods | ts.join(..) |
| test.py:64 | fail | str_methods | "".join(..) |
| test.py:66 | ok | str_methods | ts.ljust(..) |
| test.py:67 | ok | str_methods | ts.lstrip() |
| test.py:68 | ok | str_methods | ts.lower() |
| test.py:70 | ok | str_methods | ts.replace(..) |
| test.py:71 | ok | str_methods | "safe".replace(..) |
| test.py:73 | ok | str_methods | ts.rjust(..) |
| test.py:74 | ok | str_methods | ts.rstrip() |
| test.py:75 | ok | str_methods | ts.strip() |
| test.py:76 | ok | str_methods | ts.swapcase() |
| test.py:77 | ok | str_methods | ts.title() |
| test.py:78 | ok | str_methods | ts.upper() |
| test.py:79 | ok | str_methods | ts.zfill(..) |
| test.py:81 | ok | str_methods | ts.encode(..) |
| test.py:82 | ok | str_methods | ts.encode(..).decode(..) |
| test.py:84 | ok | str_methods | tb.decode(..) |
| test.py:85 | ok | str_methods | tb.decode(..).encode(..) |
| test.py:88 | ok | str_methods | ts.partition(..) |
| test.py:89 | ok | str_methods | ts.rpartition(..) |
| test.py:90 | ok | str_methods | ts.rsplit(..) |
| test.py:91 | ok | str_methods | ts.split(..) |
| test.py:92 | ok | str_methods | ts.splitlines() |
| test.py:97 | ok | str_methods | "safe".replace(..) |
| test.py:99 | fail | str_methods | ts.join(..) |
| test.py:100 | fail | str_methods | ts.join(..) |
| test.py:110 | fail | non_syntactic | meth() |
| test.py:111 | fail | non_syntactic | _str(..) |
| test.py:120 | ok | percent_fmt | BinaryExpr |
| test.py:121 | ok | percent_fmt | BinaryExpr |
| test.py:122 | fail | percent_fmt | BinaryExpr |
| test.py:132 | fail | binary_decode_encode | base64.b64encode(..) |
| test.py:133 | fail | binary_decode_encode | base64.b64decode(..) |
| test.py:135 | fail | binary_decode_encode | base64.standard_b64encode(..) |
| test.py:136 | fail | binary_decode_encode | base64.standard_b64decode(..) |
| test.py:138 | fail | binary_decode_encode | base64.urlsafe_b64encode(..) |
| test.py:139 | fail | binary_decode_encode | base64.urlsafe_b64decode(..) |
| test.py:141 | fail | binary_decode_encode | base64.b32encode(..) |
| test.py:142 | fail | binary_decode_encode | base64.b32decode(..) |
| test.py:144 | fail | binary_decode_encode | base64.b16encode(..) |
| test.py:145 | fail | binary_decode_encode | base64.b16decode(..) |
| test.py:160 | fail | binary_decode_encode | base64.encodestring(..) |
| test.py:161 | fail | binary_decode_encode | base64.decodestring(..) |
| test.py:166 | fail | binary_decode_encode | quopri.encodestring(..) |
| test.py:167 | fail | binary_decode_encode | quopri.decodestring(..) |
| test.py:52 | ok | str_methods | ts.center(..) |
| test.py:53 | ok | str_methods | ts.expandtabs() |
| test.py:55 | ok | str_methods | ts.format() |
| test.py:56 | ok | str_methods | "{}".format(..) |
| test.py:57 | ok | str_methods | "{unsafe}".format(..) |
| test.py:59 | ok | str_methods | ts.join(..) |
| test.py:60 | fail | str_methods | "".join(..) |
| test.py:62 | ok | str_methods | ts.ljust(..) |
| test.py:63 | ok | str_methods | ts.lstrip() |
| test.py:64 | ok | str_methods | ts.lower() |
| test.py:66 | ok | str_methods | ts.replace(..) |
| test.py:67 | ok | str_methods | "safe".replace(..) |
| test.py:69 | ok | str_methods | ts.rjust(..) |
| test.py:70 | ok | str_methods | ts.rstrip() |
| test.py:71 | ok | str_methods | ts.strip() |
| test.py:72 | ok | str_methods | ts.swapcase() |
| test.py:73 | ok | str_methods | ts.title() |
| test.py:74 | ok | str_methods | ts.upper() |
| test.py:75 | ok | str_methods | ts.zfill(..) |
| test.py:77 | ok | str_methods | ts.encode(..) |
| test.py:78 | ok | str_methods | ts.encode(..).decode(..) |
| test.py:80 | ok | str_methods | tb.decode(..) |
| test.py:81 | ok | str_methods | tb.decode(..).encode(..) |
| test.py:84 | ok | str_methods | ts.partition(..) |
| test.py:85 | ok | str_methods | ts.rpartition(..) |
| test.py:86 | ok | str_methods | ts.rsplit(..) |
| test.py:87 | ok | str_methods | ts.split(..) |
| test.py:88 | ok | str_methods | ts.splitlines() |
| test.py:93 | ok | str_methods | "safe".replace(..) |
| test.py:95 | fail | str_methods | ts.join(..) |
| test.py:96 | fail | str_methods | ts.join(..) |
| test.py:106 | fail | non_syntactic | meth() |
| test.py:107 | fail | non_syntactic | _str(..) |
| test.py:116 | ok | percent_fmt | BinaryExpr |
| test.py:117 | ok | percent_fmt | BinaryExpr |
| test.py:118 | fail | percent_fmt | BinaryExpr |
| test.py:128 | fail | binary_decode_encode | base64.b64encode(..) |
| test.py:129 | fail | binary_decode_encode | base64.b64decode(..) |
| test.py:131 | fail | binary_decode_encode | base64.standard_b64encode(..) |
| test.py:132 | fail | binary_decode_encode | base64.standard_b64decode(..) |
| test.py:134 | fail | binary_decode_encode | base64.urlsafe_b64encode(..) |
| test.py:135 | fail | binary_decode_encode | base64.urlsafe_b64decode(..) |
| test.py:137 | fail | binary_decode_encode | base64.b32encode(..) |
| test.py:138 | fail | binary_decode_encode | base64.b32decode(..) |
| test.py:140 | fail | binary_decode_encode | base64.b16encode(..) |
| test.py:141 | fail | binary_decode_encode | base64.b16decode(..) |
| test.py:156 | fail | binary_decode_encode | base64.encodestring(..) |
| test.py:157 | fail | binary_decode_encode | base64.decodestring(..) |
| test.py:162 | fail | binary_decode_encode | quopri.encodestring(..) |
| test.py:163 | fail | binary_decode_encode | quopri.decodestring(..) |

4
python/ql/test/experimental/dataflow/tainttracking/string/test.py
View File

@@ -49,7 +49,6 @@ def str_methods():
tb = TAINTED_BYTES
ensure_tainted(
ts.capitalize(),
ts.casefold(),
ts.center(100),
ts.expandtabs(),
@@ -57,9 +56,6 @@ def str_methods():
"{}".format(ts),
"{unsafe}".format(unsafe=ts),
ts.format_map({}),
"{unsafe}".format_map({"unsafe": ts}),
ts.join(["", ""]),
"".join([ts]),