Python: Adopt tests to new DataflowQueryTest

Since we want to know the _sinks_ and not just the flow, we need to expose the config as well :|
2026-04-25 16:55:19 +02:00 · 2023-08-28 11:30:58 +02:00
parent 6961ca5234
commit 5ba8e102eb
9 changed files with 8 additions and 21 deletions
--- a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll
@@ -30,7 +30,7 @@ deprecated class Configuration extends TaintTracking::Configuration {
  }
 }

-private module CommandInjectionConfig implements DataFlow::ConfigSig {
+module CommandInjectionConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof Source }

  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
--- a/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll
@@ -88,7 +88,7 @@ class NormalizedUnchecked extends DataFlow::FlowState {
 *
 * Such checks are ineffective in the `NotNormalized` state.
 */
-private module PathInjectionConfig implements DataFlow::StateConfigSig {
+module PathInjectionConfig implements DataFlow::StateConfigSig {
  class FlowState = DataFlow::FlowState;

  predicate isSource(DataFlow::Node source, FlowState state) {
--- a/python/ql/lib/semmle/python/security/dataflow/UnsafeShellCommandConstructionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/UnsafeShellCommandConstructionQuery.qll
@@ -35,7 +35,7 @@ deprecated class Configuration extends TaintTracking::Configuration {
  }
 }

-private module UnsafeShellCommandConstructionConfig implements DataFlow::ConfigSig {
+module UnsafeShellCommandConstructionConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof Source }

  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
--- a/python/ql/src/experimental/Security/UnsafeUnpackQuery.qll
+++ b/python/ql/src/experimental/Security/UnsafeUnpackQuery.qll
@@ -39,7 +39,7 @@ class AllTarfileOpens extends API::CallNode {
  }
 }

-private module UnsafeUnpackConfig implements DataFlow::ConfigSig {
+module UnsafeUnpackConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
    // A source coming from a remote location
    source instanceof RemoteFlowSource
--- a/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/DataflowQueryTest.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/DataflowQueryTest.expected
@@ -1,16 +1,3 @@
 missingAnnotationOnSink
 testFailures
-| UnsafeUnpack.py:19:59:19:71 | Comment # $result=BAD | Missing result:result=BAD |
-| UnsafeUnpack.py:34:52:34:64 | Comment # $result=BAD | Missing result:result=BAD |
-| UnsafeUnpack.py:48:50:48:62 | Comment # $result=BAD | Missing result:result=BAD |
-| UnsafeUnpack.py:52:50:52:62 | Comment # $result=BAD | Missing result:result=BAD |
-| UnsafeUnpack.py:66:50:66:62 | Comment # $result=BAD | Missing result:result=BAD |
-| UnsafeUnpack.py:87:42:87:54 | Comment # $result=BAD | Missing result:result=BAD |
-| UnsafeUnpack.py:105:55:105:67 | Comment # $result=BAD | Missing result:result=BAD |
-| UnsafeUnpack.py:112:56:112:68 | Comment # $result=BAD | Missing result:result=BAD |
-| UnsafeUnpack.py:120:71:120:83 | Comment # $result=BAD | Missing result:result=BAD |
-| UnsafeUnpack.py:142:54:142:66 | Comment # $result=BAD | Missing result:result=BAD |
-| UnsafeUnpack.py:167:75:167:90 | Comment # $result=BAD    | Missing result:result=BAD |
-| UnsafeUnpack.py:176:64:176:76 | Comment # $result=BAD | Missing result:result=BAD |
-| UnsafeUnpack.py:201:47:201:59 | Comment # $result=BAD | Missing result:result=BAD |
 failures
--- a/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/DataflowQueryTest.ql
+++ b/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/DataflowQueryTest.ql
@@ -1,4 +1,4 @@
 import python
 import experimental.dataflow.TestUtil.DataflowQueryTest
 import experimental.Security.UnsafeUnpackQuery
-import FromLegacyConfiguration<UnsafeUnpackingConfig>
+import FromTaintTrackingConfig<UnsafeUnpackConfig>
--- a/python/ql/test/query-tests/Security/CWE-022-PathInjection/DataflowQueryTest.ql
+++ b/python/ql/test/query-tests/Security/CWE-022-PathInjection/DataflowQueryTest.ql
@@ -1,4 +1,4 @@
 import python
 import experimental.dataflow.TestUtil.DataflowQueryTest
 import semmle.python.security.dataflow.PathInjectionQuery
-import FromLegacyConfiguration<Configuration>
+import FromTaintTrackingStateConfig<PathInjectionConfig>
--- a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/DataflowQueryTest.ql
+++ b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/DataflowQueryTest.ql
@@ -1,4 +1,4 @@
 import python
 import experimental.dataflow.TestUtil.DataflowQueryTest
 import semmle.python.security.dataflow.CommandInjectionQuery
-import FromLegacyConfiguration<Configuration>
+import FromTaintTrackingConfig<CommandInjectionConfig>
--- a/python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/DataflowQueryTest.ql
+++ b/python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/DataflowQueryTest.ql
@@ -1,4 +1,4 @@
 import python
 import experimental.dataflow.TestUtil.DataflowQueryTest
 import semmle.python.security.dataflow.UnsafeShellCommandConstructionQuery
-import FromLegacyConfiguration<Configuration>
+import FromTaintTrackingConfig<UnsafeShellCommandConstructionConfig>