hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python tests: Fix up tests for CWE-312 to not use external locations.

Browse Source
This commit is contained in:
Mark Shannon
2019-08-22 11:45:49 +01:00
parent 9df205b288
commit 4759044ee4
4 changed files with 30 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -1,6 +1,8 @@
edges
| password_in_cookie.py:7:16:7:27 | dict of externally controlled string | password_in_cookie.py:7:16:7:43 | externally controlled string |
| password_in_cookie.py:7:16:7:43 | a password | password_in_cookie.py:9:33:9:40 | a password |
| password_in_cookie.py:7:16:7:43 | externally controlled string | password_in_cookie.py:9:33:9:40 | externally controlled string |
| test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password |
parents
#select
| test.py:8:35:8:42 | Taint sink | test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password | Sensitive data returned by $@ is stored here. | test.py:7:16:7:29 | Taint source | Call returning a password |
| test.py:14:30:14:39 | Taint sink | test.py:14:30:14:39 | a certificate or key | test.py:14:30:14:39 | a certificate or key | Sensitive data returned by $@ is stored here. | test.py:14:30:14:39 | Taint source | Call returning a certificate or key |
| test.py:8:35:8:42 | Taint sink | test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password | Sensitive data returned by $@ is stored here. | test.py:7:16:7:29 | Taint source | a call returning a password |
| test.py:14:30:14:39 | Taint sink | test.py:14:30:14:39 | a certificate or key | test.py:14:30:14:39 | a certificate or key | Sensitive data returned by $@ is stored here. | test.py:14:30:14:39 | Taint source | a call returning a certificate or key |

4
python/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected
View File

@@ -1,11 +1,7 @@
edges
| file:///usr/lib/python3.6/keyword.py:65:10:65:34 | an open file | file:///usr/lib/python3.6/keyword.py:66:18:66:19 | an open file |
| file:///usr/lib/python3.6/keyword.py:70:10:70:22 | an open file | file:///usr/lib/python3.6/keyword.py:73:21:73:22 | an open file |
| file:///usr/lib/python3.6/keyword.py:90:10:90:39 | an open file | file:///usr/lib/python3.6/keyword.py:91:9:91:10 | an open file |
| password_in_cookie.py:7:16:7:27 | dict of externally controlled string | password_in_cookie.py:7:16:7:43 | externally controlled string |
| password_in_cookie.py:7:16:7:43 | a password | password_in_cookie.py:9:33:9:40 | a password |
| password_in_cookie.py:7:16:7:43 | externally controlled string | password_in_cookie.py:9:33:9:40 | externally controlled string |
| test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password |
parents
#select
| password_in_cookie.py:9:33:9:40 | Taint sink | password_in_cookie.py:7:16:7:43 | a password | password_in_cookie.py:9:33:9:40 | a password | Sensitive data from $@ is stored here. | password_in_cookie.py:7:16:7:43 | Taint source | a request parameter containing a password |

2
python/ql/test/query-tests/Security/CWE-312/test.py
View File

@@ -1,4 +1,4 @@
import logging
#Don't import logging; it transitively imports a lot of stuff
def get_password():
pass