mirror of
https://github.com/github/codeql.git
synced 2026-05-02 20:25:13 +02:00
Python: Add twisted tests from internal repo
This commit is contained in:
Rasmus Wriedt Larsen
committed by
Rasmus Wriedt Larsen
Rasmus Wriedt Larsen
parent
367827a2ef
commit
6011cb74f8
@@ -0,0 +1,8 @@
|
||||
| class ErrorPage | resources/lib/python/lib/twisted/web/resource.py:280 |
|
||||
| class ForbiddenResource | resources/lib/python/lib/twisted/web/resource.py:348 |
|
||||
| class MyRequestHandler1 | test.py:3 |
|
||||
| class MyRequestHandler2 | test.py:23 |
|
||||
| class MyRequestHandler3 | test.py:27 |
|
||||
| class MyRequestHandler4 | test.py:38 |
|
||||
| class MyRequestHandler5 | test.py:42 |
|
||||
| class NoResource | resources/lib/python/lib/twisted/web/resource.py:338 |
|
||||
7
python/ql/test/library-tests/web/twisted/Classes.ql
Normal file
7
python/ql/test/library-tests/web/twisted/Classes.ql
Normal file
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.TestUtils
|
||||
import semmle.python.web.twisted.Twisted
|
||||
|
||||
from ClassObject cls
|
||||
where cls = aTwistedRequestHandlerClass()
|
||||
select cls.toString(), remove_library_prefix(cls.getPyClass().getLocation())
|
||||
13
python/ql/test/library-tests/web/twisted/Methods.expected
Normal file
13
python/ql/test/library-tests/web/twisted/Methods.expected
Normal file
@@ -0,0 +1,13 @@
|
||||
| __init__ | Function __init__ | resources/lib/python/lib/twisted/web/resource.py:316 |
|
||||
| __init__ | Function __init__ | resources/lib/python/lib/twisted/web/resource.py:343 |
|
||||
| __init__ | Function __init__ | resources/lib/python/lib/twisted/web/resource.py:353 |
|
||||
| getChild | Function getChild | resources/lib/python/lib/twisted/web/resource.py:333 |
|
||||
| myrender | Function myrender | test.py:24 |
|
||||
| render | Function render | resources/lib/python/lib/twisted/web/resource.py:323 |
|
||||
| render | Function render | test.py:4 |
|
||||
| render | Function render | test.py:28 |
|
||||
| render | Function render | test.py:39 |
|
||||
| render | Function render | test.py:43 |
|
||||
| render_GET | Function render_GET | test.py:9 |
|
||||
| render_POST | Function render_POST | test.py:16 |
|
||||
| render_POST | Function render_POST | test.py:31 |
|
||||
7
python/ql/test/library-tests/web/twisted/Methods.ql
Normal file
7
python/ql/test/library-tests/web/twisted/Methods.ql
Normal file
@@ -0,0 +1,7 @@
|
||||
import python
|
||||
import semmle.python.TestUtils
|
||||
import semmle.python.web.twisted.Twisted
|
||||
|
||||
from FunctionObject func, string name
|
||||
where func = getTwistedRequestHandlerMethod(name)
|
||||
select name, func.toString(), remove_library_prefix(func.getFunction().getLocation())
|
||||
11
python/ql/test/library-tests/web/twisted/Sinks.expected
Normal file
11
python/ql/test/library-tests/web/twisted/Sinks.expected
Normal file
@@ -0,0 +1,11 @@
|
||||
| resources/lib/python/lib/twisted/web/resource.py:325 | Str | externally controlled string |
|
||||
| resources/lib/python/lib/twisted/web/resource.py:329 | Attribute() | externally controlled string |
|
||||
| resources/lib/python/lib/twisted/web/resource.py:330 | interpolated | externally controlled string |
|
||||
| test.py:7 | response | externally controlled string |
|
||||
| test.py:14 | response | externally controlled string |
|
||||
| test.py:21 | response | externally controlled string |
|
||||
| test.py:36 | do_stuff_with() | externally controlled string |
|
||||
| test.py:40 | Str | externally controlled string |
|
||||
| test.py:44 | Str | externally controlled string |
|
||||
| test.py:45 | Str | externally controlled string |
|
||||
| test.py:46 | Str | externally controlled string |
|
||||
10
python/ql/test/library-tests/web/twisted/Sinks.ql
Normal file
10
python/ql/test/library-tests/web/twisted/Sinks.ql
Normal file
@@ -0,0 +1,10 @@
|
||||
import python
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
import semmle.python.TestUtils
|
||||
|
||||
from TaintSink sink, TaintKind kind
|
||||
where sink.sinks(kind)
|
||||
select remove_library_prefix(sink.getLocation()), sink.(ControlFlowNode).getNode().toString(), kind
|
||||
10
python/ql/test/library-tests/web/twisted/Sources.expected
Normal file
10
python/ql/test/library-tests/web/twisted/Sources.expected
Normal file
@@ -0,0 +1,10 @@
|
||||
| resources/lib/python/lib/twisted/web/resource.py:323 | request | twisted.request.http.Request |
|
||||
| resources/lib/python/lib/twisted/web/resource.py:333 | request | twisted.request.http.Request |
|
||||
| test.py:4 | request | twisted.request.http.Request |
|
||||
| test.py:9 | request | twisted.request.http.Request |
|
||||
| test.py:16 | request | twisted.request.http.Request |
|
||||
| test.py:24 | request | twisted.request.http.Request |
|
||||
| test.py:28 | myrequest | twisted.request.http.Request |
|
||||
| test.py:31 | postrequest | twisted.request.http.Request |
|
||||
| test.py:39 | request | twisted.request.http.Request |
|
||||
| test.py:43 | request | twisted.request.http.Request |
|
||||
11
python/ql/test/library-tests/web/twisted/Sources.ql
Normal file
11
python/ql/test/library-tests/web/twisted/Sources.ql
Normal file
@@ -0,0 +1,11 @@
|
||||
import python
|
||||
import semmle.python.TestUtils
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
|
||||
from TaintSource src, TaintKind kind
|
||||
where src.isSourceOf(kind)
|
||||
select remove_library_prefix(src.getLocation()), src.(ControlFlowNode).getNode().toString(), kind
|
||||
45
python/ql/test/library-tests/web/twisted/Taint.expected
Normal file
45
python/ql/test/library-tests/web/twisted/Taint.expected
Normal file
@@ -0,0 +1,45 @@
|
||||
| resources/lib/python/lib/twisted/web/resource.py:323 | request | twisted.request.http.Request |
|
||||
| resources/lib/python/lib/twisted/web/resource.py:324 | request | twisted.request.http.Request |
|
||||
| resources/lib/python/lib/twisted/web/resource.py:325 | request | twisted.request.http.Request |
|
||||
| resources/lib/python/lib/twisted/web/resource.py:333 | request | twisted.request.http.Request |
|
||||
| test.py:4 | request | twisted.request.http.Request |
|
||||
| test.py:5 | Attribute | externally controlled string |
|
||||
| test.py:5 | request | twisted.request.http.Request |
|
||||
| test.py:6 | request | twisted.request.http.Request |
|
||||
| test.py:9 | request | twisted.request.http.Request |
|
||||
| test.py:10 | request | twisted.request.http.Request |
|
||||
| test.py:11 | Attribute | externally controlled string |
|
||||
| test.py:11 | x | twisted.request.http.Request |
|
||||
| test.py:12 | request | twisted.request.http.Request |
|
||||
| test.py:13 | request | twisted.request.http.Request |
|
||||
| test.py:16 | request | twisted.request.http.Request |
|
||||
| test.py:17 | Attribute | {[externally controlled string]} |
|
||||
| test.py:17 | request | twisted.request.http.Request |
|
||||
| test.py:18 | Attribute | {[externally controlled string]} |
|
||||
| test.py:18 | Attribute() | [externally controlled string] |
|
||||
| test.py:18 | request | twisted.request.http.Request |
|
||||
| test.py:19 | Subscript | externally controlled string |
|
||||
| test.py:19 | foo | [externally controlled string] |
|
||||
| test.py:20 | quux | externally controlled string |
|
||||
| test.py:24 | request | twisted.request.http.Request |
|
||||
| test.py:25 | request | twisted.request.http.Request |
|
||||
| test.py:28 | myrequest | twisted.request.http.Request |
|
||||
| test.py:29 | myrequest | twisted.request.http.Request |
|
||||
| test.py:31 | postrequest | twisted.request.http.Request |
|
||||
| test.py:32 | Attribute() | externally controlled string |
|
||||
| test.py:32 | postrequest | twisted.request.http.Request |
|
||||
| test.py:33 | Attribute() | externally controlled string |
|
||||
| test.py:33 | postrequest | twisted.request.http.Request |
|
||||
| test.py:34 | Attribute() | externally controlled string |
|
||||
| test.py:34 | postrequest | twisted.request.http.Request |
|
||||
| test.py:35 | Attribute() | externally controlled string |
|
||||
| test.py:35 | postrequest | twisted.request.http.Request |
|
||||
| test.py:36 | w | externally controlled string |
|
||||
| test.py:36 | x | externally controlled string |
|
||||
| test.py:36 | y | externally controlled string |
|
||||
| test.py:36 | z | externally controlled string |
|
||||
| test.py:39 | request | twisted.request.http.Request |
|
||||
| test.py:40 | request | twisted.request.http.Request |
|
||||
| test.py:43 | request | twisted.request.http.Request |
|
||||
| test.py:44 | request | twisted.request.http.Request |
|
||||
| test.py:45 | request | twisted.request.http.Request |
|
||||
11
python/ql/test/library-tests/web/twisted/Taint.ql
Normal file
11
python/ql/test/library-tests/web/twisted/Taint.ql
Normal file
@@ -0,0 +1,11 @@
|
||||
import python
|
||||
import semmle.python.TestUtils
|
||||
|
||||
import semmle.python.web.HttpRequest
|
||||
import semmle.python.web.HttpResponse
|
||||
import semmle.python.security.strings.Untrusted
|
||||
|
||||
from TaintedNode node
|
||||
|
||||
select remove_library_prefix(node.getLocation()), node.getAstNode().toString(), node.getTaintKind()
|
||||
|
||||
2
python/ql/test/library-tests/web/twisted/options
Normal file
2
python/ql/test/library-tests/web/twisted/options
Normal file
@@ -0,0 +1,2 @@
|
||||
semmle-extractor-options: --max-import-depth=3 -p ../../../../resources/lib/python/lib/ --respect-init=False
|
||||
optimize: true
|
||||
51
python/ql/test/library-tests/web/twisted/test.py
Normal file
51
python/ql/test/library-tests/web/twisted/test.py
Normal file
@@ -0,0 +1,51 @@
|
||||
from twisted.web import resource
|
||||
|
||||
class MyRequestHandler1(resource.Resource):
|
||||
def render(self, request):
|
||||
foo(request.uri)
|
||||
response = do_stuff_with(request)
|
||||
return response
|
||||
|
||||
def render_GET(self, request):
|
||||
x = request
|
||||
bar(x.uri)
|
||||
do_stuff_with(request)
|
||||
response = do_stuff_with(request)
|
||||
return response
|
||||
|
||||
def render_POST(self, request):
|
||||
baz(request.args)
|
||||
foo = request.args.get("baz")
|
||||
quux = foo[5]
|
||||
response = do_stuff_with(quux)
|
||||
return response
|
||||
|
||||
class MyRequestHandler2(resource.Resource):
|
||||
def myrender(self, request):
|
||||
do_stuff_with(request)
|
||||
|
||||
class MyRequestHandler3(resource.Resource):
|
||||
def render(self, myrequest):
|
||||
do_stuff_with(myrequest)
|
||||
|
||||
def render_POST(self, postrequest):
|
||||
x = postrequest.getHeader("someheader")
|
||||
y = postrequest.getCookie("somecookie")
|
||||
z = postrequest.getUser()
|
||||
w = postrequest.getPassword()
|
||||
return do_stuff_with(x,y,z,w)
|
||||
|
||||
class MyRequestHandler4(resource.Resource):
|
||||
def render(self, request):
|
||||
request.write("Foobar")
|
||||
|
||||
class MyRequestHandler5(resource.Resource):
|
||||
def render(self, request):
|
||||
request.setHeader("foo", "bar")
|
||||
request.addCookie("key", "value")
|
||||
return "This is my response."
|
||||
|
||||
class NotATwistedRequestHandler(object):
|
||||
def render(self, request):
|
||||
return do_stuff_with(request)
|
||||
|
||||
Reference in New Issue
Block a user