Python: Port taint tests to use inline expectations

The meat of this PR is described in the new python/ql/test/experimental/meta/InlineTaintTest.qll file: > Defines a InlineExpectationsTest for checking whether any arguments in > `ensure_tainted` and `ensure_not_tainted` calls are tainted. > > Also defines query predicates to ensure that: > - if any arguments to `ensure_not_tainted` are tainted, their annotation is marked with `SPURIOUS`. > - if any arguments to `ensure_tainted` are not tainted, their annotation is marked with `MISSING`. > > The functionality of this module is tested in `ql/test/experimental/meta/inline-taint-test-demo`.
2026-05-05 13:45:19 +02:00 · 2021-04-15 18:00:33 +02:00
parent 972cc47f67
commit 3e7dc12246
63 changed files with 689 additions and 1101 deletions
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/test_pathlib.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/test_pathlib.py
@@ -23,20 +23,20 @@ def test_basic():
    tainted_pure_windows_path = pathlib.PureWindowsPath(ts)

    ensure_tainted(
-        tainted_path,
+        tainted_path, # $ MISSING: tainted

-        tainted_pure_path,
-        tainted_pure_posix_path,
-        tainted_pure_windows_path,
+        tainted_pure_path, # $ MISSING: tainted
+        tainted_pure_posix_path, # $ MISSING: tainted
+        tainted_pure_windows_path, # $ MISSING: tainted

-        pathlib.Path("foo") / ts,
-        ts / pathlib.Path("foo"),
+        pathlib.Path("foo") / ts, # $ MISSING: tainted
+        ts / pathlib.Path("foo"), # $ MISSING: tainted

-        tainted_path.joinpath("foo", "bar"),
-        pathlib.Path("foo").joinpath(tainted_path, "bar"),
-        pathlib.Path("foo").joinpath("bar", tainted_path),
+        tainted_path.joinpath("foo", "bar"), # $ MISSING: tainted
+        pathlib.Path("foo").joinpath(tainted_path, "bar"), # $ MISSING: tainted
+        pathlib.Path("foo").joinpath("bar", tainted_path), # $ MISSING: tainted

-        str(tainted_path),
+        str(tainted_path), # $ MISSING: tainted

        # TODO: Tainted methods and attributes
        # https://docs.python.org/3.8/library/pathlib.html#methods-and-properties
@@ -46,13 +46,13 @@ def test_basic():
        tainted_posix_path = pathlib.PosixPath(ts)

        ensure_tainted(
-            tainted_posix_path,
+            tainted_posix_path, # $ MISSING: tainted
        )

    if os.name == "nt":
        tainted_windows_path = pathlib.WindowsPath(ts)
        ensure_tainted(
-            tainted_windows_path,
+            tainted_windows_path, # $ MISSING: tainted
        )

 # Make tests runable