Python: Fix getAGuardedNode

python/ql/test/experimental/dataflow/tainttracking/customSanitizer/TestTaint.expected

@@ -2,16 +2,24 @@ test_taint
 | test.py:22 | ok   | test_custom_sanitizer | s |
 | test.py:36 | ok   | test_custom_sanitizer_guard | s |
 | test.py:38 | ok   | test_custom_sanitizer_guard | s |
-| test.py:49 | ok   | test_escape | s2 |
+| test.py:40 | ok   | test_custom_sanitizer_guard | s |
+| test.py:51 | ok   | test_escape | s2 |
 isSanitizer
 | TestTaintTrackingConfiguration | test.py:21:39:21:39 | ControlFlowNode for s |
-| TestTaintTrackingConfiguration | test.py:48:10:48:29 | ControlFlowNode for emulated_escaping() |
+| TestTaintTrackingConfiguration | test.py:50:10:50:29 | ControlFlowNode for emulated_escaping() |
 isSanitizerGuard
 | TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() |
 sanitizerGuardControls
 | TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:36:9:36:26 | ControlFlowNode for ensure_not_tainted | true |
 | TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:36:9:36:29 | ControlFlowNode for ensure_not_tainted() | true |
 | TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:36:28:36:28 | ControlFlowNode for s | true |
-| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:38:9:38:22 | ControlFlowNode for ensure_tainted | false |
-| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:38:9:38:25 | ControlFlowNode for ensure_tainted() | false |
-| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:38:24:38:24 | ControlFlowNode for s | false |
+| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:37:9:37:9 | ControlFlowNode for s | true |
+| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:37:13:37:26 | ControlFlowNode for TAINTED_STRING | true |
+| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:38:9:38:22 | ControlFlowNode for ensure_tainted | true |
+| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:38:9:38:25 | ControlFlowNode for ensure_tainted() | true |
+| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:38:24:38:24 | ControlFlowNode for s | true |
+| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:40:9:40:22 | ControlFlowNode for ensure_tainted | false |
+| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:40:9:40:25 | ControlFlowNode for ensure_tainted() | false |
+| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:40:24:40:24 | ControlFlowNode for s | false |
+sanitizerGuardedNode
+| TestTaintTrackingConfiguration | test.py:35:8:35:26 | ControlFlowNode for emulated_is_safe() | test.py:36:28:36:28 | ControlFlowNode for s |

python/ql/test/experimental/dataflow/tainttracking/customSanitizer/TestTaint.ql

@@ -40,3 +40,11 @@ query predicate sanitizerGuardControls(
   conf.isSanitizerGuard(guard) and
   guard.controlsNode(node, testIsTrue)
 }
+
+query predicate sanitizerGuardedNode(
+  TestTaintTrackingConfiguration conf, DataFlow::BarrierGuard guard, DataFlow::ExprNode node
+) {
+  exists(guard.getLocation().getFile().getRelativePath()) and
+  conf.isSanitizerGuard(guard) and
+  node = guard.getAGuardedNode()
+}

python/ql/test/experimental/dataflow/tainttracking/customSanitizer/test.py

@@ -34,6 +34,8 @@ def test_custom_sanitizer_guard():
 
     if emulated_is_safe(s):
         ensure_not_tainted(s)
+        s = TAINTED_STRING
+        ensure_tainted(s)
     else:
         ensure_tainted(s)