Python: Restructure defaultAdditionalTaintStep tests

This makes it easier to add a new test-case, and makes it easier to work with
the existing files. It does have a downside on making it a bit more annoying
looking at TestTaint.expected, and possible longer runtime, but I think it's
still worth it.

python/ql/test/experimental/dataflow/tainttracking/TestTaintLib.qll

@@ -45,7 +45,8 @@ private string repr(Expr e) {
 
 query predicate test_taint(string arg_location, string test_res, string function_name, string repr) {
   exists(Call call, Expr arg, boolean expected_taint, boolean has_taint |
-    call.getLocation().getFile().getShortName() = "test.py" and
+    // only consider files that are extracted as part of the test
+    exists(call.getLocation().getFile().getRelativePath()) and
     (
       call.getFunc().(Name).getId() = "ensure_tainted" and
       expected_taint = true

python/ql/test/experimental/dataflow/tainttracking/collections-py3/TestTaint.expected

@@ -1 +0,0 @@
-| test.py:16 | fail | test_access | tainted_list.copy() |

python/ql/test/experimental/dataflow/tainttracking/collections/TestTaint.expected

@@ -1,37 +0,0 @@
-| test.py:24 | ok   | test_construction | tainted_string |
-| test.py:25 | fail | test_construction | tainted_list |
-| test.py:26 | fail | test_construction | tainted_tuple |
-| test.py:27 | fail | test_construction | tainted_set |
-| test.py:28 | fail | test_construction | tainted_dict |
-| test.py:32 | fail | test_construction | list(..) |
-| test.py:33 | fail | test_construction | list(..) |
-| test.py:34 | fail | test_construction | list(..) |
-| test.py:35 | fail | test_construction | list(..) |
-| test.py:36 | fail | test_construction | list(..) |
-| test.py:38 | fail | test_construction | tuple(..) |
-| test.py:39 | fail | test_construction | set(..) |
-| test.py:40 | fail | test_construction | frozenset(..) |
-| test.py:48 | ok   | test_access | tainted_list[0] |
-| test.py:49 | ok   | test_access | tainted_list[x] |
-| test.py:50 | ok   | test_access | tainted_list[Slice] |
-| test.py:54 | fail | test_access | a |
-| test.py:54 | fail | test_access | b |
-| test.py:54 | fail | test_access | c |
-| test.py:57 | fail | test_access | h |
-| test.py:59 | fail | test_access | i |
-| test.py:66 | ok   | test_dict_access | tainted_dict["name"] |
-| test.py:67 | ok   | test_dict_access | tainted_dict[x] |
-| test.py:68 | fail | test_dict_access | tainted_dict.copy() |
-| test.py:72 | fail | test_dict_access | v |
-| test.py:74 | fail | test_dict_access | v |
-| test.py:82 | fail | test_named_tuple | point[0] |
-| test.py:83 | fail | test_named_tuple | point.x |
-| test.py:87 | ok   | test_named_tuple | point[1] |
-| test.py:88 | ok   | test_named_tuple | point.y |
-| test.py:92 | fail | test_named_tuple | a |
-| test.py:93 | ok   | test_named_tuple | b |
-| test.py:101 | fail | test_defaultdict | tainted_default_dict["name"] |
-| test.py:102 | fail | test_defaultdict | tainted_default_dict[x] |
-| test.py:103 | fail | test_defaultdict | tainted_default_dict.copy() |
-| test.py:106 | fail | test_defaultdict | v |
-| test.py:108 | fail | test_defaultdict | v |

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/TestTaint.expected

@@ -0,0 +1,20 @@
+| collections.py:16 | fail | test_access | tainted_list.copy() |
+| string.py:17 | ok   | str_methods | ts.casefold() |
+| string.py:19 | ok   | str_methods | ts.format_map(..) |
+| string.py:20 | fail | str_methods | "{unsafe}".format_map(..) |
+| string.py:31 | fail | binary_decode_encode | base64.a85encode(..) |
+| string.py:32 | fail | binary_decode_encode | base64.a85decode(..) |
+| string.py:35 | fail | binary_decode_encode | base64.b85encode(..) |
+| string.py:36 | fail | binary_decode_encode | base64.b85decode(..) |
+| string.py:39 | fail | binary_decode_encode | base64.encodebytes(..) |
+| string.py:40 | fail | binary_decode_encode | base64.decodebytes(..) |
+| string.py:48 | ok   | f_strings | Fstring |
+| unpacking.py:18 | fail | extended_unpacking | first |
+| unpacking.py:18 | fail | extended_unpacking | last |
+| unpacking.py:18 | fail | extended_unpacking | rest |
+| unpacking.py:23 | fail | also_allowed | a |
+| unpacking.py:31 | fail | also_allowed | b |
+| unpacking.py:31 | fail | also_allowed | c |
+| unpacking.py:39 | fail | nested | x |
+| unpacking.py:39 | fail | nested | xs |
+| unpacking.py:39 | fail | nested | ys |

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/TestTaint.expected

@@ -0,0 +1,136 @@
+| collections.py:24 | ok   | test_construction | tainted_string |
+| collections.py:25 | fail | test_construction | tainted_list |
+| collections.py:26 | fail | test_construction | tainted_tuple |
+| collections.py:27 | fail | test_construction | tainted_set |
+| collections.py:28 | fail | test_construction | tainted_dict |
+| collections.py:32 | fail | test_construction | list(..) |
+| collections.py:33 | fail | test_construction | list(..) |
+| collections.py:34 | fail | test_construction | list(..) |
+| collections.py:35 | fail | test_construction | list(..) |
+| collections.py:36 | fail | test_construction | list(..) |
+| collections.py:38 | fail | test_construction | tuple(..) |
+| collections.py:39 | fail | test_construction | set(..) |
+| collections.py:40 | fail | test_construction | frozenset(..) |
+| collections.py:48 | ok   | test_access | tainted_list[0] |
+| collections.py:49 | ok   | test_access | tainted_list[x] |
+| collections.py:50 | ok   | test_access | tainted_list[Slice] |
+| collections.py:54 | fail | test_access | a |
+| collections.py:54 | fail | test_access | b |
+| collections.py:54 | fail | test_access | c |
+| collections.py:57 | fail | test_access | h |
+| collections.py:59 | fail | test_access | i |
+| collections.py:66 | ok   | test_dict_access | tainted_dict["name"] |
+| collections.py:67 | ok   | test_dict_access | tainted_dict[x] |
+| collections.py:68 | fail | test_dict_access | tainted_dict.copy() |
+| collections.py:72 | fail | test_dict_access | v |
+| collections.py:74 | fail | test_dict_access | v |
+| collections.py:82 | fail | test_named_tuple | point[0] |
+| collections.py:83 | fail | test_named_tuple | point.x |
+| collections.py:87 | ok   | test_named_tuple | point[1] |
+| collections.py:88 | ok   | test_named_tuple | point.y |
+| collections.py:92 | fail | test_named_tuple | a |
+| collections.py:93 | ok   | test_named_tuple | b |
+| collections.py:101 | fail | test_defaultdict | tainted_default_dict["name"] |
+| collections.py:102 | fail | test_defaultdict | tainted_default_dict[x] |
+| collections.py:103 | fail | test_defaultdict | tainted_default_dict.copy() |
+| collections.py:106 | fail | test_defaultdict | v |
+| collections.py:108 | fail | test_defaultdict | v |
+| json.py:26 | fail | test | json.dumps(..) |
+| json.py:27 | fail | test | json.loads(..) |
+| json.py:34 | fail | test | tainted_filelike |
+| json.py:35 | fail | test | json.load(..) |
+| string.py:25 | ok   | str_operations | ts |
+| string.py:26 | ok   | str_operations | BinaryExpr |
+| string.py:27 | ok   | str_operations | BinaryExpr |
+| string.py:28 | ok   | str_operations | BinaryExpr |
+| string.py:29 | ok   | str_operations | ts[Slice] |
+| string.py:30 | ok   | str_operations | ts[Slice] |
+| string.py:31 | ok   | str_operations | ts[Slice] |
+| string.py:32 | ok   | str_operations | ts[0] |
+| string.py:33 | ok   | str_operations | str(..) |
+| string.py:34 | ok   | str_operations | bytes(..) |
+| string.py:35 | ok   | str_operations | unicode(..) |
+| string.py:44 | ok   | str_methods | ts.capitalize() |
+| string.py:45 | ok   | str_methods | ts.center(..) |
+| string.py:46 | ok   | str_methods | ts.expandtabs() |
+| string.py:48 | ok   | str_methods | ts.format() |
+| string.py:49 | ok   | str_methods | "{}".format(..) |
+| string.py:50 | ok   | str_methods | "{unsafe}".format(..) |
+| string.py:52 | ok   | str_methods | ts.join(..) |
+| string.py:53 | fail | str_methods | "".join(..) |
+| string.py:55 | ok   | str_methods | ts.ljust(..) |
+| string.py:56 | ok   | str_methods | ts.lstrip() |
+| string.py:57 | ok   | str_methods | ts.lower() |
+| string.py:59 | ok   | str_methods | ts.replace(..) |
+| string.py:60 | ok   | str_methods | "safe".replace(..) |
+| string.py:62 | ok   | str_methods | ts.rjust(..) |
+| string.py:63 | ok   | str_methods | ts.rstrip() |
+| string.py:64 | ok   | str_methods | ts.strip() |
+| string.py:65 | ok   | str_methods | ts.swapcase() |
+| string.py:66 | ok   | str_methods | ts.title() |
+| string.py:67 | ok   | str_methods | ts.upper() |
+| string.py:68 | ok   | str_methods | ts.zfill(..) |
+| string.py:70 | ok   | str_methods | ts.encode(..) |
+| string.py:71 | ok   | str_methods | ts.encode(..).decode(..) |
+| string.py:73 | ok   | str_methods | tb.decode(..) |
+| string.py:74 | ok   | str_methods | tb.decode(..).encode(..) |
+| string.py:77 | ok   | str_methods | ts.partition(..) |
+| string.py:78 | ok   | str_methods | ts.rpartition(..) |
+| string.py:79 | ok   | str_methods | ts.rsplit(..) |
+| string.py:80 | ok   | str_methods | ts.split(..) |
+| string.py:81 | ok   | str_methods | ts.splitlines() |
+| string.py:86 | ok   | str_methods | "safe".replace(..) |
+| string.py:88 | fail | str_methods | ts.join(..) |
+| string.py:89 | fail | str_methods | ts.join(..) |
+| string.py:99 | fail | non_syntactic | meth() |
+| string.py:100 | fail | non_syntactic | _str(..) |
+| string.py:109 | ok   | percent_fmt | BinaryExpr |
+| string.py:110 | ok   | percent_fmt | BinaryExpr |
+| string.py:111 | fail | percent_fmt | BinaryExpr |
+| string.py:121 | fail | binary_decode_encode | base64.b64encode(..) |
+| string.py:122 | fail | binary_decode_encode | base64.b64decode(..) |
+| string.py:124 | fail | binary_decode_encode | base64.standard_b64encode(..) |
+| string.py:125 | fail | binary_decode_encode | base64.standard_b64decode(..) |
+| string.py:127 | fail | binary_decode_encode | base64.urlsafe_b64encode(..) |
+| string.py:128 | fail | binary_decode_encode | base64.urlsafe_b64decode(..) |
+| string.py:130 | fail | binary_decode_encode | base64.b32encode(..) |
+| string.py:131 | fail | binary_decode_encode | base64.b32decode(..) |
+| string.py:133 | fail | binary_decode_encode | base64.b16encode(..) |
+| string.py:134 | fail | binary_decode_encode | base64.b16decode(..) |
+| string.py:149 | fail | binary_decode_encode | base64.encodestring(..) |
+| string.py:150 | fail | binary_decode_encode | base64.decodestring(..) |
+| string.py:155 | fail | binary_decode_encode | quopri.encodestring(..) |
+| string.py:156 | fail | binary_decode_encode | quopri.decodestring(..) |
+| unpacking.py:16 | fail | unpacking | a |
+| unpacking.py:16 | fail | unpacking | b |
+| unpacking.py:16 | fail | unpacking | c |
+| unpacking.py:22 | fail | unpacking_to_list | a |
+| unpacking.py:22 | fail | unpacking_to_list | b |
+| unpacking.py:22 | fail | unpacking_to_list | c |
+| unpacking.py:31 | fail | nested | a1 |
+| unpacking.py:31 | fail | nested | a2 |
+| unpacking.py:31 | fail | nested | a3 |
+| unpacking.py:31 | fail | nested | b |
+| unpacking.py:31 | fail | nested | c |
+| unpacking.py:35 | fail | nested | a1 |
+| unpacking.py:35 | fail | nested | a2 |
+| unpacking.py:35 | fail | nested | a3 |
+| unpacking.py:35 | fail | nested | b |
+| unpacking.py:35 | fail | nested | c |
+| unpacking.py:39 | fail | nested | a1 |
+| unpacking.py:39 | fail | nested | a2 |
+| unpacking.py:39 | fail | nested | a3 |
+| unpacking.py:39 | fail | nested | b |
+| unpacking.py:39 | fail | nested | c |
+| unpacking.py:46 | fail | unpack_from_set | a |
+| unpacking.py:46 | fail | unpack_from_set | b |
+| unpacking.py:46 | fail | unpack_from_set | c |
+| unpacking.py:56 | fail | contrived_1 | a |
+| unpacking.py:56 | fail | contrived_1 | b |
+| unpacking.py:56 | fail | contrived_1 | c |
+| unpacking.py:57 | ok   | contrived_1 | d |
+| unpacking.py:57 | ok   | contrived_1 | e |
+| unpacking.py:57 | ok   | contrived_1 | f |
+| unpacking.py:65 | fail | contrived_2 | a |
+| unpacking.py:65 | fail | contrived_2 | b |
+| unpacking.py:65 | fail | contrived_2 | c |

python/ql/test/experimental/dataflow/tainttracking/json/TestTaint.expected

@@ -1,4 +0,0 @@
-| test.py:26 | fail | test | json.dumps(..) |
-| test.py:27 | fail | test | json.loads(..) |
-| test.py:34 | fail | test | tainted_filelike |
-| test.py:35 | fail | test | json.load(..) |

python/ql/test/experimental/dataflow/tainttracking/json/TestTaint.ql

@@ -1 +0,0 @@
-import experimental.dataflow.tainttracking.TestTaintLib

python/ql/test/experimental/dataflow/tainttracking/string-py3/TestTaint.expected

@@ -1,10 +0,0 @@
-| test.py:17 | ok   | str_methods | ts.casefold() |
-| test.py:19 | ok   | str_methods | ts.format_map(..) |
-| test.py:20 | fail | str_methods | "{unsafe}".format_map(..) |
-| test.py:31 | fail | binary_decode_encode | base64.a85encode(..) |
-| test.py:32 | fail | binary_decode_encode | base64.a85decode(..) |
-| test.py:35 | fail | binary_decode_encode | base64.b85encode(..) |
-| test.py:36 | fail | binary_decode_encode | base64.b85decode(..) |
-| test.py:39 | fail | binary_decode_encode | base64.encodebytes(..) |
-| test.py:40 | fail | binary_decode_encode | base64.decodebytes(..) |
-| test.py:48 | ok   | f_strings | Fstring |

python/ql/test/experimental/dataflow/tainttracking/string-py3/TestTaint.ql

@@ -1 +0,0 @@
-import experimental.dataflow.tainttracking.TestTaintLib

python/ql/test/experimental/dataflow/tainttracking/string-py3/options

@@ -1 +0,0 @@
-semmle-extractor-options: --max-import-depth=1 --lang=3

python/ql/test/experimental/dataflow/tainttracking/string/TestTaint.expected

@@ -1,62 +0,0 @@
-| test.py:25 | ok   | str_operations | ts |
-| test.py:26 | ok   | str_operations | BinaryExpr |
-| test.py:27 | ok   | str_operations | BinaryExpr |
-| test.py:28 | ok   | str_operations | BinaryExpr |
-| test.py:29 | ok   | str_operations | ts[Slice] |
-| test.py:30 | ok   | str_operations | ts[Slice] |
-| test.py:31 | ok   | str_operations | ts[Slice] |
-| test.py:32 | ok   | str_operations | ts[0] |
-| test.py:33 | ok   | str_operations | str(..) |
-| test.py:34 | ok   | str_operations | bytes(..) |
-| test.py:35 | ok   | str_operations | unicode(..) |
-| test.py:44 | ok   | str_methods | ts.capitalize() |
-| test.py:45 | ok   | str_methods | ts.center(..) |
-| test.py:46 | ok   | str_methods | ts.expandtabs() |
-| test.py:48 | ok   | str_methods | ts.format() |
-| test.py:49 | ok   | str_methods | "{}".format(..) |
-| test.py:50 | ok   | str_methods | "{unsafe}".format(..) |
-| test.py:52 | ok   | str_methods | ts.join(..) |
-| test.py:53 | fail | str_methods | "".join(..) |
-| test.py:55 | ok   | str_methods | ts.ljust(..) |
-| test.py:56 | ok   | str_methods | ts.lstrip() |
-| test.py:57 | ok   | str_methods | ts.lower() |
-| test.py:59 | ok   | str_methods | ts.replace(..) |
-| test.py:60 | ok   | str_methods | "safe".replace(..) |
-| test.py:62 | ok   | str_methods | ts.rjust(..) |
-| test.py:63 | ok   | str_methods | ts.rstrip() |
-| test.py:64 | ok   | str_methods | ts.strip() |
-| test.py:65 | ok   | str_methods | ts.swapcase() |
-| test.py:66 | ok   | str_methods | ts.title() |
-| test.py:67 | ok   | str_methods | ts.upper() |
-| test.py:68 | ok   | str_methods | ts.zfill(..) |
-| test.py:70 | ok   | str_methods | ts.encode(..) |
-| test.py:71 | ok   | str_methods | ts.encode(..).decode(..) |
-| test.py:73 | ok   | str_methods | tb.decode(..) |
-| test.py:74 | ok   | str_methods | tb.decode(..).encode(..) |
-| test.py:77 | ok   | str_methods | ts.partition(..) |
-| test.py:78 | ok   | str_methods | ts.rpartition(..) |
-| test.py:79 | ok   | str_methods | ts.rsplit(..) |
-| test.py:80 | ok   | str_methods | ts.split(..) |
-| test.py:81 | ok   | str_methods | ts.splitlines() |
-| test.py:86 | ok   | str_methods | "safe".replace(..) |
-| test.py:88 | fail | str_methods | ts.join(..) |
-| test.py:89 | fail | str_methods | ts.join(..) |
-| test.py:99 | fail | non_syntactic | meth() |
-| test.py:100 | fail | non_syntactic | _str(..) |
-| test.py:109 | ok   | percent_fmt | BinaryExpr |
-| test.py:110 | ok   | percent_fmt | BinaryExpr |
-| test.py:111 | fail | percent_fmt | BinaryExpr |
-| test.py:121 | fail | binary_decode_encode | base64.b64encode(..) |
-| test.py:122 | fail | binary_decode_encode | base64.b64decode(..) |
-| test.py:124 | fail | binary_decode_encode | base64.standard_b64encode(..) |
-| test.py:125 | fail | binary_decode_encode | base64.standard_b64decode(..) |
-| test.py:127 | fail | binary_decode_encode | base64.urlsafe_b64encode(..) |
-| test.py:128 | fail | binary_decode_encode | base64.urlsafe_b64decode(..) |
-| test.py:130 | fail | binary_decode_encode | base64.b32encode(..) |
-| test.py:131 | fail | binary_decode_encode | base64.b32decode(..) |
-| test.py:133 | fail | binary_decode_encode | base64.b16encode(..) |
-| test.py:134 | fail | binary_decode_encode | base64.b16decode(..) |
-| test.py:149 | fail | binary_decode_encode | base64.encodestring(..) |
-| test.py:150 | fail | binary_decode_encode | base64.decodestring(..) |
-| test.py:155 | fail | binary_decode_encode | quopri.encodestring(..) |
-| test.py:156 | fail | binary_decode_encode | quopri.decodestring(..) |

python/ql/test/experimental/dataflow/tainttracking/string/TestTaint.ql

@@ -1 +0,0 @@
-import experimental.dataflow.tainttracking.TestTaintLib

python/ql/test/experimental/dataflow/tainttracking/unpacking-py3/TestTaint.expected

@@ -1,9 +0,0 @@
-| test.py:18 | fail | extended_unpacking | first |
-| test.py:18 | fail | extended_unpacking | last |
-| test.py:18 | fail | extended_unpacking | rest |
-| test.py:23 | fail | also_allowed | a |
-| test.py:31 | fail | also_allowed | b |
-| test.py:31 | fail | also_allowed | c |
-| test.py:39 | fail | nested | x |
-| test.py:39 | fail | nested | xs |
-| test.py:39 | fail | nested | ys |

python/ql/test/experimental/dataflow/tainttracking/unpacking-py3/TestTaint.ql

@@ -1 +0,0 @@
-import experimental.dataflow.tainttracking.TestTaintLib

python/ql/test/experimental/dataflow/tainttracking/unpacking-py3/options

@@ -1 +0,0 @@
-semmle-extractor-options: --max-import-depth=1 --lang=3

python/ql/test/experimental/dataflow/tainttracking/unpacking/TestTaint.expected

@@ -1,33 +0,0 @@
-| test.py:16 | fail | unpacking | a |
-| test.py:16 | fail | unpacking | b |
-| test.py:16 | fail | unpacking | c |
-| test.py:22 | fail | unpacking_to_list | a |
-| test.py:22 | fail | unpacking_to_list | b |
-| test.py:22 | fail | unpacking_to_list | c |
-| test.py:31 | fail | nested | a1 |
-| test.py:31 | fail | nested | a2 |
-| test.py:31 | fail | nested | a3 |
-| test.py:31 | fail | nested | b |
-| test.py:31 | fail | nested | c |
-| test.py:35 | fail | nested | a1 |
-| test.py:35 | fail | nested | a2 |
-| test.py:35 | fail | nested | a3 |
-| test.py:35 | fail | nested | b |
-| test.py:35 | fail | nested | c |
-| test.py:39 | fail | nested | a1 |
-| test.py:39 | fail | nested | a2 |
-| test.py:39 | fail | nested | a3 |
-| test.py:39 | fail | nested | b |
-| test.py:39 | fail | nested | c |
-| test.py:46 | fail | unpack_from_set | a |
-| test.py:46 | fail | unpack_from_set | b |
-| test.py:46 | fail | unpack_from_set | c |
-| test.py:56 | fail | contrived_1 | a |
-| test.py:56 | fail | contrived_1 | b |
-| test.py:56 | fail | contrived_1 | c |
-| test.py:57 | ok   | contrived_1 | d |
-| test.py:57 | ok   | contrived_1 | e |
-| test.py:57 | ok   | contrived_1 | f |
-| test.py:65 | fail | contrived_2 | a |
-| test.py:65 | fail | contrived_2 | b |
-| test.py:65 | fail | contrived_2 | c |

python/ql/test/experimental/dataflow/tainttracking/unpacking/TestTaint.ql

@@ -1 +0,0 @@
-import experimental.dataflow.tainttracking.TestTaintLib