python: add missing summaries

For append/add: The new results in the experimental tar slip query show that we do not recognize the sanitisers.
2026-04-27 17:55:19 +02:00 · 2023-06-09 16:08:02 +02:00
parent b72c93ff4f
commit 4b4b9bf9da
11 changed files with 388 additions and 47 deletions
--- a/python/ql/test/experimental/dataflow/coverage/test.py
+++ b/python/ql/test/experimental/dataflow/coverage/test.py
@@ -192,7 +192,7 @@ def test_nested_comprehension_deep_with_local_flow():
 def test_nested_comprehension_dict():
    d = {"s": [SOURCE]}
    x = [y for k, v in d.items() for y in v]
-    SINK(x[0]) #$ MISSING:flow="SOURCE, l:-2 -> x[0]"
+    SINK(x[0]) #$ flow="SOURCE, l:-2 -> x[0]"


 def test_nested_comprehension_paren():
--- a/python/ql/test/experimental/dataflow/coverage/test_builtins.py
+++ b/python/ql/test/experimental/dataflow/coverage/test_builtins.py
@@ -171,7 +171,7 @@ def test_list_copy():
 def test_list_append():
    l = [NONSOURCE]
    l.append(SOURCE)
-    SINK(l[1]) #$ MISSING: flow="SOURCE, l:-1 -> l[1]"
+    SINK(l[1]) #$ flow="SOURCE, l:-1 -> l[1]"

 ### Set

@@ -188,7 +188,7 @@ def test_set_copy():
 def test_set_add():
    s = set([])
    s.add(SOURCE)
-    SINK(s.pop()) #$ MISSING: flow="SOURCE, l:-2 -> s.pop()"
+    SINK(s.pop()) #$ flow="SOURCE, l:-1 -> s.pop()"

 ### Dict

@@ -202,7 +202,7 @@ def test_dict_values():
    d = {'k': SOURCE}
    vals = d.values()
    val_list = list(vals)
-    SINK(val_list[0]) #$ MISSING: flow="SOURCE, l:-3 -> val_list[0]"
+    SINK(val_list[0]) #$ flow="SOURCE, l:-3 -> val_list[0]"

@expects(4)
 def test_dict_items():
@@ -210,9 +210,9 @@ def test_dict_items():
    items = d.items()
    item_list = list(items)
    SINK_F(item_list[0][0]) # expecting FP due to imprecise flow
-    SINK(item_list[0][1]) #$ MISSING: flow="SOURCE, l:-4 -> item_list[0][1]"
+    SINK(item_list[0][1]) #$ flow="SOURCE, l:-4 -> item_list[0][1]"
    SINK(item_list[1][0]) #$ MISSING: flow="SOURCE, l:-5 -> item_list[1][0]"
-    SINK_F(item_list[1][1]) # expecting FP due to imprecise flow
+    SINK_F(item_list[1][1]) #$ SPURIOUS: flow="SOURCE, l:-6 -> item_list[1][1]"

@expects(3)
 def test_dict_pop():
@@ -257,17 +257,17 @@ def test_dict_copy():
 def test_sorted_list():
    l0 = [SOURCE]
    l = sorted(l0)
-    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]"
+    SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]"

 def test_sorted_tuple():
    t = (SOURCE,)
    l = sorted(t)
-    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]"
+    SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]"

 def test_sorted_set():
    s = {SOURCE}
    l = sorted(s)
-    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]"
+    SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]"

 def test_sorted_dict():
    d = {SOURCE: "val"}
@@ -289,8 +289,8 @@ def test_reversed_tuple():
    t = (SOURCE, NONSOURCE)
    r = reversed(t)
    l = list(r)
-    SINK_F(l[0])
-    SINK(l[1]) #$ MISSING: flow="SOURCE, l:-4 -> l[1]"
+    SINK_F(l[0]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l[0]"
+    SINK(l[1]) #$ flow="SOURCE, l:-4 -> l[1]"

@expects(2)
 def test_reversed_dict():
@@ -306,19 +306,19 @@ def test_iter_list():
    l0 = [SOURCE]
    i = iter(l0)
    l = list(i)
-    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]"
+    SINK(l[0]) #$ flow="SOURCE, l:-3 -> l[0]"

 def test_iter_tuple():
    t = (SOURCE,)
    i = iter(t)
    l = list(i)
-    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]"
+    SINK(l[0]) #$ flow="SOURCE, l:-3 -> l[0]"

 def test_iter_set():
    t = {SOURCE}
    i = iter(t)
    l = list(i)
-    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]"
+    SINK(l[0]) #$ flow="SOURCE, l:-3 -> l[0]"

 def test_iter_dict():
    d = {SOURCE: "val"}
@@ -331,7 +331,7 @@ def test_iter_iter():
    l0 = [SOURCE]
    i = iter(iter(l0))
    l = list(i)
-    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]"
+    SINK(l[0]) #$ flow="SOURCE, l:-3 -> l[0]"

 ### next

@@ -339,19 +339,19 @@ def test_next_list():
    l = [SOURCE]
    i = iter(l)
    n = next(i)
-    SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n"
+    SINK(n) #$ flow="SOURCE, l:-3 -> n"

 def test_next_tuple():
    t = (SOURCE,)
    i = iter(t)
    n = next(i)
-    SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n"
+    SINK(n) #$ flow="SOURCE, l:-3 -> n"

 def test_next_set():
    s = {SOURCE}
    i = iter(s)
    n = next(i)
-    SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n"
+    SINK(n) #$ flow="SOURCE, l:-3 -> n"

 def test_next_dict():
    d = {SOURCE: "val"}
--- a/python/ql/test/experimental/dataflow/summaries/summaries.expected
+++ b/python/ql/test/experimental/dataflow/summaries/summaries.expected
@@ -3,8 +3,11 @@ edges
 | summaries.py:32:20:32:25 | ControlFlowNode for SOURCE | summaries.py:32:11:32:26 | ControlFlowNode for identity() |
 | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda |
 | summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() |
+| summaries.py:44:16:44:33 | ControlFlowNode for reversed() | summaries.py:45:6:45:20 | ControlFlowNode for Subscript |
 | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] |
+| summaries.py:44:25:44:32 | ControlFlowNode for List | summaries.py:44:16:44:33 | ControlFlowNode for reversed() |
 | summaries.py:44:25:44:32 | ControlFlowNode for List [List element] | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] |
+| summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List |
 | summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | summaries.py:44:25:44:32 | ControlFlowNode for List [List element] |
 | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | summaries.py:45:6:45:20 | ControlFlowNode for Subscript |
 | summaries.py:51:18:51:46 | ControlFlowNode for list_map() [List element] | summaries.py:52:6:52:19 | ControlFlowNode for tainted_mapped [List element] |
@@ -33,7 +36,9 @@ nodes
 | summaries.py:36:18:36:54 | ControlFlowNode for apply_lambda() | semmle.label | ControlFlowNode for apply_lambda() |
 | summaries.py:36:48:36:53 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
 | summaries.py:37:6:37:19 | ControlFlowNode for tainted_lambda | semmle.label | ControlFlowNode for tainted_lambda |
+| summaries.py:44:16:44:33 | ControlFlowNode for reversed() | semmle.label | ControlFlowNode for reversed() |
 | summaries.py:44:16:44:33 | ControlFlowNode for reversed() [List element] | semmle.label | ControlFlowNode for reversed() [List element] |
+| summaries.py:44:25:44:32 | ControlFlowNode for List | semmle.label | ControlFlowNode for List |
 | summaries.py:44:25:44:32 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
 | summaries.py:44:26:44:31 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |
 | summaries.py:45:6:45:17 | ControlFlowNode for tainted_list [List element] | semmle.label | ControlFlowNode for tainted_list [List element] |
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
@@ -31,8 +31,8 @@ def test_construction():
        list(tainted_list), # $ tainted
        list(tainted_tuple), # $ tainted
        list(tainted_set), # $ tainted
-        list(tainted_dict.values()), # $ MISSING: tainted
-        list(tainted_dict.items()), # $ MISSING: tainted
+        list(tainted_dict.values()), # $ tainted
+        list(tainted_dict.items()), # $ tainted

        tuple(tainted_list), # $ tainted
        set(tainted_list), # $ tainted
@@ -56,9 +56,9 @@ def test_access(x, y, z):
        tainted_list[x], # $ tainted
        tainted_list[y:z], # $ tainted

-        sorted(tainted_list), # $ MISSING: tainted
-        reversed(tainted_list), # $ MISSING: tainted
-        iter(tainted_list), # $ MISSING: tainted
+        sorted(tainted_list), # $ tainted
+        reversed(tainted_list), # $ tainted
+        iter(tainted_list), # $ tainted
        next(iter(tainted_list)), # $ MISSING: tainted
        [i for i in tainted_list], # $ tainted
        [tainted_list for _i in [1,2,3]], # $ MISSING: tainted
@@ -70,7 +70,7 @@ def test_access(x, y, z):
    for h in tainted_list:
        ensure_tainted(h) # $ tainted
    for i in reversed(tainted_list):
-        ensure_tainted(i) # $ MISSING: tainted
+        ensure_tainted(i) # $ tainted

 def test_access_explicit(x, y, z):
    tainted_list = [TAINTED_STRING]
@@ -80,10 +80,10 @@ def test_access_explicit(x, y, z):
        tainted_list[x], # $ tainted
        tainted_list[y:z], # $ tainted

-        sorted(tainted_list)[0], # $ MISSING: tainted
+        sorted(tainted_list)[0], # $ tainted
        reversed(tainted_list)[0], # $ tainted
-        iter(tainted_list), # $ MISSING: tainted
-        next(iter(tainted_list)), # $ MISSING: tainted
+        iter(tainted_list), # $ tainted
+        next(iter(tainted_list)), # $ tainted
        [i for i in tainted_list], # $ tainted
        [tainted_list for i in [1,2,3]], # $ MISSING: tainted
        [TAINTED_STRING for i in [1,2,3]], # $ tainted
@@ -109,9 +109,9 @@ def test_dict_access(x):
    )

    for v in tainted_dict.values():
-        ensure_tainted(v) # $ MISSING: tainted
+        ensure_tainted(v) # $ tainted
    for k, v in tainted_dict.items():
-        ensure_tainted(v) # $ MISSING: tainted
+        ensure_tainted(v) # $ tainted


 def test_named_tuple(): # TODO: namedtuple currently not handled
@@ -194,7 +194,7 @@ def list_append():
    ensure_not_tainted(my_list)

    my_list.append(tainted_string)
-    ensure_tainted(my_list) # $ MISSING: tainted
+    ensure_tainted(my_list) # $ tainted


 def list_extend():
@@ -262,7 +262,7 @@ def set_add():
    ensure_not_tainted(my_set)

    my_set.add(tainted_string)
-    ensure_tainted(my_set) # $ MISSING: tainted
+    ensure_tainted(my_set) # $ tainted


 # Make tests runable