Merge branch 'main' into python-command-execution-modeling

2026-04-30 19:26:02 +02:00 · 2020-09-30 17:38:59 +02:00
parent c4a2e1d6d1 d694777894
commit 428c2a3fda
18 changed files with 735 additions and 82 deletions
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/TestTaint.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/TestTaint.expected
@@ -1,6 +1,18 @@
 | test_collections.py:16 | ok   | test_access | tainted_list.copy() |
 | test_collections.py:24 | ok   | list_clear | tainted_list |
 | test_collections.py:27 | fail | list_clear | tainted_list |
+| test_pathlib.py:26 | fail | test_basic | tainted_path |
+| test_pathlib.py:28 | fail | test_basic | tainted_pure_path |
+| test_pathlib.py:29 | fail | test_basic | tainted_pure_posix_path |
+| test_pathlib.py:30 | fail | test_basic | tainted_pure_windows_path |
+| test_pathlib.py:32 | fail | test_basic | BinaryExpr |
+| test_pathlib.py:33 | fail | test_basic | BinaryExpr |
+| test_pathlib.py:35 | fail | test_basic | tainted_path.joinpath(..) |
+| test_pathlib.py:36 | fail | test_basic | pathlib.Path(..).joinpath(..) |
+| test_pathlib.py:37 | fail | test_basic | pathlib.Path(..).joinpath(..) |
+| test_pathlib.py:39 | fail | test_basic | str(..) |
+| test_pathlib.py:49 | fail | test_basic | tainted_posix_path |
+| test_pathlib.py:55 | fail | test_basic | tainted_windows_path |
 | test_string.py:17 | ok   | str_methods | ts.casefold() |
 | test_string.py:19 | ok   | str_methods | ts.format_map(..) |
 | test_string.py:20 | ok   | str_methods | "{unsafe}".format_map(..) |
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/test_pathlib.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/test_pathlib.py
@@ -0,0 +1,60 @@
+# Add taintlib to PATH so it can be imported during runtime without any hassle
+import sys; import os; sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from taintlib import *
+
+# This has no runtime impact, but allows autocomplete to work
+from typing import Iterable, TYPE_CHECKING
+if TYPE_CHECKING:
+    from ..taintlib import *
+
+# Actual tests
+
+import pathlib
+# pathlib was added in 3.4
+
+def test_basic():
+    print("\n# test_basic")
+    ts = TAINTED_STRING
+
+    tainted_path = pathlib.Path(ts)
+
+    tainted_pure_path = pathlib.PurePath(ts)
+    tainted_pure_posix_path = pathlib.PurePosixPath(ts)
+    tainted_pure_windows_path = pathlib.PureWindowsPath(ts)
+
+    ensure_tainted(
+        tainted_path,
+
+        tainted_pure_path,
+        tainted_pure_posix_path,
+        tainted_pure_windows_path,
+
+        pathlib.Path("foo") / ts,
+        ts / pathlib.Path("foo"),
+
+        tainted_path.joinpath("foo", "bar"),
+        pathlib.Path("foo").joinpath(tainted_path, "bar"),
+        pathlib.Path("foo").joinpath("bar", tainted_path),
+
+        str(tainted_path),
+
+        # TODO: Tainted methods and attributes
+        # https://docs.python.org/3.8/library/pathlib.html#methods-and-properties
+    )
+
+    if os.name == "posix":
+        tainted_posix_path = pathlib.PosixPath(ts)
+
+        ensure_tainted(
+            tainted_posix_path,
+        )
+
+    if os.name == "nt":
+        tainted_windows_path = pathlib.WindowsPath(ts)
+        ensure_tainted(
+            tainted_windows_path,
+        )
+
+# Make tests runable
+
+test_basic()
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/test_string.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/test_string.py
@@ -22,7 +22,7 @@ def str_methods():


 def binary_decode_encode():
-    print("\n#percent_fmt")
+    print("\n# binary_decode_encode")
    tb = TAINTED_BYTES
    import base64

@@ -42,7 +42,7 @@ def binary_decode_encode():


 def f_strings():
-    print("\n#f_strings")
+    print("\n# f_strings")
    ts = TAINTED_STRING

    ensure_tainted(f"foo {ts} bar")
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/TestTaint.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/TestTaint.expected
@@ -137,6 +137,9 @@
 | test_string.py:143 | fail | binary_decode_encode | base64.decodestring(..) |
 | test_string.py:148 | fail | binary_decode_encode | quopri.encodestring(..) |
 | test_string.py:149 | fail | binary_decode_encode | quopri.decodestring(..) |
+| test_string.py:158 | ok   | test_os_path_join | os.path.join(..) |
+| test_string.py:159 | ok   | test_os_path_join | os.path.join(..) |
+| test_string.py:160 | ok   | test_os_path_join | os.path.join(..) |
 | test_unpacking.py:16 | ok   | unpacking | a |
 | test_unpacking.py:16 | ok   | unpacking | b |
 | test_unpacking.py:16 | ok   | unpacking | c |
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_string.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_string.py
@@ -107,7 +107,7 @@ def non_syntactic():


 def percent_fmt():
-    print("\n#percent_fmt")
+    print("\n# percent_fmt")
    ts = TAINTED_STRING
    tainted_fmt = ts + " %s %s"
    ensure_tainted(
@@ -118,7 +118,7 @@ def percent_fmt():


 def binary_decode_encode():
-    print("\n#percent_fmt")
+    print("\n# binary_decode_encode")
    tb = TAINTED_BYTES
    import base64

@@ -150,6 +150,17 @@ def binary_decode_encode():
    )


+def test_os_path_join():
+    import os
+    print("\n# test_os_path_join")
+    ts = TAINTED_STRING
+    ensure_tainted(
+        os.path.join(ts, "foo", "bar"),
+        os.path.join(ts),
+        os.path.join("foo", "bar", ts),
+    )
+
+
 # Make tests runable

 str_operations()
@@ -157,3 +168,4 @@ str_methods()
 non_syntactic()
 percent_fmt()
 binary_decode_encode()
+test_os_path_join()