Merge pull request #15855 from yoff/python/add-MaD-test-tuple-output

Python: Add test for `ReturnValue.TupleElement[n]`
2026-04-25 16:55:19 +02:00 · 2024-03-11 12:05:31 +01:00
parent 73c4fe08fa 6d8d106d91
commit 4ac8dd72a7
3 changed files with 12 additions and 1 deletions
--- a/python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ext.yml
+++ b/python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ext.yml
@@ -15,4 +15,6 @@ extensions:
      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue.ListElement", "value"]
      - ["foo", "Member[MS_append_to_list]", "Argument[0]", "ReturnValue", "taint"]
      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue", "taint"]
+      - ["foo", "Member[MS_spread]", "Argument[0]", "ReturnValue.TupleElement[0]", "value"]
+      - ["foo", "Member[MS_spread]", "Argument[1]", "ReturnValue.TupleElement[1]", "value"]
      - ["json", "Member[MS_loads]", "Argument[0]", "ReturnValue", "taint"]
--- a/python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ext.yml
+++ b/python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ext.yml
@@ -15,4 +15,6 @@ extensions:
      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue.ListElement", "value"]
      - ["foo", "Member[MS_append_to_list]", "Argument[0]", "ReturnValue", "taint"]
      - ["foo", "Member[MS_append_to_list]", "Argument[1]", "ReturnValue", "taint"]
+      - ["foo", "Member[MS_spread]", "Argument[0]", "ReturnValue.TupleElement[0]", "value"]
+      - ["foo", "Member[MS_spread]", "Argument[1]", "ReturnValue.TupleElement[1]", "value"]
      - ["json", "Member[MS_loads]", "Argument[0]", "ReturnValue", "taint"]
--- a/python/ql/test/experimental/dataflow/model-summaries/model_summaries.py
+++ b/python/ql/test/experimental/dataflow/model-summaries/model_summaries.py
@@ -30,7 +30,7 @@ def SINK_F(x):
 ensure_tainted = ensure_not_tainted = print
 TAINTED_STRING = "TAINTED_STRING"

-from foo import MS_identity, MS_apply_lambda, MS_reversed, MS_list_map, MS_append_to_list
+from foo import MS_identity, MS_apply_lambda, MS_reversed, MS_list_map, MS_append_to_list, MS_spread

 # Simple summary
 via_identity = MS_identity(SOURCE)
@@ -107,6 +107,13 @@ ensure_tainted(
    tainted_list[0],  # $ tainted
 )

+a, b = MS_spread(SOURCE, NONSOURCE)
+SINK(a)  # $ flow="SOURCE, l:-1 -> a"
+SINK_F(b)
+x, y = MS_spread(NONSOURCE, SOURCE)
+SINK_F(x)
+SINK(y)  # $ flow="SOURCE, l:-2 -> y"
+
 # Modeled flow-summary is not value preserving
 from json import MS_loads as json_loads