Python: Adopt tests to new DataflowQueryTest

Since we want to know the _sinks_ and not just the flow, we need to
expose the config as well :|
This commit is contained in:
Rasmus Wriedt Larsen
2023-08-28 11:30:58 +02:00
parent 6961ca5234
commit 5ba8e102eb
9 changed files with 8 additions and 21 deletions

View File

@@ -30,7 +30,7 @@ deprecated class Configuration extends TaintTracking::Configuration {
}
}
private module CommandInjectionConfig implements DataFlow::ConfigSig {
module CommandInjectionConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

View File

@@ -88,7 +88,7 @@ class NormalizedUnchecked extends DataFlow::FlowState {
*
* Such checks are ineffective in the `NotNormalized` state.
*/
private module PathInjectionConfig implements DataFlow::StateConfigSig {
module PathInjectionConfig implements DataFlow::StateConfigSig {
class FlowState = DataFlow::FlowState;
predicate isSource(DataFlow::Node source, FlowState state) {

View File

@@ -35,7 +35,7 @@ deprecated class Configuration extends TaintTracking::Configuration {
}
}
private module UnsafeShellCommandConstructionConfig implements DataFlow::ConfigSig {
module UnsafeShellCommandConstructionConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

View File

@@ -39,7 +39,7 @@ class AllTarfileOpens extends API::CallNode {
}
}
private module UnsafeUnpackConfig implements DataFlow::ConfigSig {
module UnsafeUnpackConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
// A source coming from a remote location
source instanceof RemoteFlowSource

View File

@@ -1,16 +1,3 @@
missingAnnotationOnSink
testFailures
| UnsafeUnpack.py:19:59:19:71 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:34:52:34:64 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:48:50:48:62 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:52:50:52:62 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:66:50:66:62 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:87:42:87:54 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:105:55:105:67 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:112:56:112:68 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:120:71:120:83 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:142:54:142:66 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:167:75:167:90 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:176:64:176:76 | Comment # $result=BAD | Missing result:result=BAD |
| UnsafeUnpack.py:201:47:201:59 | Comment # $result=BAD | Missing result:result=BAD |
failures

View File

@@ -1,4 +1,4 @@
import python
import experimental.dataflow.TestUtil.DataflowQueryTest
import experimental.Security.UnsafeUnpackQuery
import FromLegacyConfiguration<UnsafeUnpackingConfig>
import FromTaintTrackingConfig<UnsafeUnpackConfig>

View File

@@ -1,4 +1,4 @@
import python
import experimental.dataflow.TestUtil.DataflowQueryTest
import semmle.python.security.dataflow.PathInjectionQuery
import FromLegacyConfiguration<Configuration>
import FromTaintTrackingStateConfig<PathInjectionConfig>

View File

@@ -1,4 +1,4 @@
import python
import experimental.dataflow.TestUtil.DataflowQueryTest
import semmle.python.security.dataflow.CommandInjectionQuery
import FromLegacyConfiguration<Configuration>
import FromTaintTrackingConfig<CommandInjectionConfig>

View File

@@ -1,4 +1,4 @@
import python
import experimental.dataflow.TestUtil.DataflowQueryTest
import semmle.python.security.dataflow.UnsafeShellCommandConstructionQuery
import FromLegacyConfiguration<Configuration>
import FromTaintTrackingConfig<UnsafeShellCommandConstructionConfig>